[House Hearing, 110 Congress]
[From the U.S. Government Publishing Office]


 
                CHEMICAL SECURITY--A RISING CONCERN FOR
AMERICA: EXAMINATION OF THE DEPARTMENT'S CHEMICAL SECURITY REGULATIONS 
            AND ITS EFFECT ON THE PUBLIC AND PRIVATE SECTOR

=======================================================================

                                HEARING

                               before the

                     SUBCOMMITTEE ON TRANSPORTATION
                      SECURITY AND INFRASTRUCTURE
                               PROTECTION

                                 of the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                       ONE HUNDRED TENTH CONGRESS

                             FIRST SESSION

                               __________

                             JULY 24, 2007

                               __________

                           Serial No. 110-60

                               __________

       Printed for the use of the Committee on Homeland Security
                                     
[GRAPHIC] [TIFF OMITTED] TONGRESS.#13

                                     

  Available via the World Wide Web: http://www.gpoaccess.gov/congress/
                               index.html

                               __________

                  U.S. GOVERNMENT PRINTING OFFICE
48-934                    WASHINGTON : 2009
-----------------------------------------------------------------------
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092104 Mail: Stop IDCC, Washington, DC 20402ï¿½0900012009


                     COMMITTEE ON HOMELAND SECURITY

               BENNIE G. THOMPSON, Mississippi, Chairman

LORETTA SANCHEZ, California,         PETER T. KING, New York
EDWARD J. MARKEY, Massachusetts      LAMAR SMITH, Texas
NORMAN D. DICKS, Washington          CHRISTOPHER SHAYS, Connecticut
JANE HARMAN, California              MARK E. SOUDER, Indiana
PETER A. DeFAZIO, Oregon             TOM DAVIS, Virginia
NITA M. LOWEY, New York              DANIEL E. LUNGREN, California
ELEANOR HOLMES NORTON, District of   MIKE ROGERS, Alabama
Columbia                             BOBBY JINDAL, Louisiana
ZOE LOFGREN, California              DAVID G. REICHERT, Washington
SHEILA JACKSON LEE, Texas            MICHAEL T. McCAUL, Texas
DONNA M. CHRISTENSEN, U.S. Virgin    CHARLES W. DENT, Pennsylvania
Islands                              GINNY BROWN-WAITE, Florida
BOB ETHERIDGE, North Carolina        MARSHA BLACKBURN, Tennessee
JAMES R. LANGEVIN, Rhode Island      GUS M. BILIRAKIS, Florida
HENRY CUELLAR, Texas                 DAVID DAVIS, Tennessee
CHRISTOPHER P. CARNEY, Pennsylvania
YVETTE D. CLARKE, New York
AL GREEN, Texas
ED PERLMUTTER, Colorado
VACANCY

       Jessica Herrera-Flanigan, Staff Director & General Counsel

                     Rosaline Cohen, Chief Counsel

                     Michael Twinchek, Chief Clerk

                Robert O'Connor, Minority Staff Director

                                 ______

 SUBCOMMITTEE ON TRANSPORTATION SECURITY AND INFRASTRUCTURE PROTECTION

                 SHEILA JACKSON LEE, Texas, Chairwoman

EDWARD J. MARKEY, Massachusetts      DANIEL E. LUNGREN, California
PETER A. DeFAZIO, Oregon             GINNY BROWN-WAITE, Florida
ELEANOR HOLMES NORTON, District of   MARSHA BLACKBURN, Tennessee
Columbia                             GUS M. BILIRAKIS, Florida
YVETTE D. CLARKE, New York           PETER T. KING, New York (Ex 
ED PERLMUTTER, Colorado              Officio)
BENNIE G. THOMPSON, Mississippi (Ex 
Officio)

                      Mathew Washington, Director

                          Erin Daste, Counsel

                   Natalie Nixon, Deputy Chief Clerk

                 Coley O'Brien, Minority Senior Counsel

                                  (II)
                            C O N T E N T S

                              ----------                              
                                                                   Page

                              Statementso

The Honorable Sheila Jackson-Lee, a Representative in Congress 
  From the State of Texas, and Chairwoman, Subcommittee on 
  Transportation Security and Infrastructure Protection:
  Oral Statement.................................................     1
  Prepared Statement.............................................     4
The Honorable Daniel E. Lungren, a Representative in Congress 
  From the State of California, Ranking Member, Subcommittee on 
  Transportation Security and Infrastructure Protection..........     5
The Honorable Edward J. Markey, a Representative in Congress From 
  the State of Massachusetts.....................................    22

                               Witnesses
                                Panel I

Colonel Bob Stephan, Assistant Secretary, Infrastructure 
  Protection, U.S. Department of Homeland Security:
  Oral Statement.................................................     7
  Prepared Statement.............................................    10

                                Panel II

Mr. John Alexander, Health and Safety Specialist, Health, Safety 
  and Environment Department, United Steelworkers:
  Oral Statement.................................................    38
  Prepared Statement.............................................    40
Mr. Philip J. Crowley, Senior Fellow and Director of Homeland 
  Security, Center for American Progress:
  Oral Statement.................................................    25
  Prepared Statement.............................................    27
Mr. Timothy J. Scott, chief Security Officer and Global Director, 
  Emergency Services and Security, The Dow Chemical Company:
  Oral Statement.................................................    30
  Prepared Statement.............................................    31
Dr. Ara Tahmassian, Associate Vice President, Research 
  Compliance, Boston University:
  Oral Statement.................................................    46
  Prepared Statement.............................................    48


  CHEMICAL SECURITY--A RISING CONCERN FOR AMERICA: EXAMINATION OF THE 
DEPARTMENT'S CHEMICAL SECURITY REGULATIONS AND ITS EFFECT ON THE PUBLIC 
                           AND PRIVATE SECTOR

                              ----------                              


                         Tuesday, July 24, 2007

             U.S. House of Representatives,
                    Committee on Homeland Security,
Subcommittee on Transportation Security and Infrastructure 
                                                Protection,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 1:55 p.m., in 
Room 311, Cannon House Office Building, Hon. Sheila Jackson Lee 
[chairwoman of the subcommittee] presiding.
    Present: Representatives Jackson Lee, Markey and Lungren.
    Ms. Jackson Lee. The subcommittee will come to order.
    The subcommittee will begin its meeting today and receive 
testimony on the Department's chemical security regulations and 
its effect on the public and private sectors.
    Let me thank this well-attended audience for their enormous 
courtesies. Part of the obligation of Members cannot be done by 
proxy. Though I was in the Senate last week, and I think both 
the ranking member and myself were overwhelmed with the 
creativity of proxies that the Senate has the ability to 
utilize. But we do not use them here; and, therefore, we had a 
series of votes. We thank you for your indulgence and for your 
courtesies.
    Mr. Secretary, we thank you very much. You have been busy 
here with us over a number of weeks, and we thank you for your 
attentiveness.
    Let me, before I start, make a non-hearing and a non-
committee statement, but it is one that is the jurisdiction of 
this committee, and, frankly, I am going to put it on the 
record.
    I was appalled at the incident in Phoenix, Arizona. It is a 
Homeland Security matter, and it is a matter for this 
committee. There are several representations of cure that have 
been represented to this committee, but it will be my intent--
and I know a number of members on the full committee are 
enormously involved in this issue and, frankly, have been 
proven right--to secure a report on the Nation's airports as 
relates to a 24-hour/7-day-a-week response as relates to 
employees across America. I think the incident bears on 
intolerable, and if there are any other incidences like this, 
it is this committee and the Department that need to be fully 
aware and to intervene immediately. This is no time for 
security gaps like that to be occurring in this country.
    With that being said, this is an important meeting, Mr. 
Secretary, an important hearing. In the course of just a couple 
of weeks, I have heard from a number of constituents, many who 
are interested in how we can work together and realize, in the 
new climate to which we now are exposed now some 6 years after 
9/11 with an increased interest by those who would do us harm, 
that preparation and preparedness is key. They also recognize 
that with the critical infrastructure aspect of this committee 
that involves chemical security facilities, most of it lodged 
in the private sector, there must be a partnership and there 
must be responsibility.
    So let me again say there has been, however, a great deal 
of curiosity, even skepticism, about how effectively the 
Department of Homeland Security could implement these 
regulations as it has not had to do so in the past with regard 
to other sectors. I believe that, because this is the 
Department's first attempt in a regulatory role, oversight is 
vital.
    As I have said, a large part of this sector is in the 
private sector, and I would hope that as they would question 
you that they will be questioning themselves so that they 
realize that none of these items are subject to games that we 
might tend to play. Whose side are you on? It is all about 
securing America.
    I believe that because this is the Department's first 
attempt in a regulatory role we must be a partner in this, and 
that means this committee and the full committee. The committee 
must explore the chemical security regulations implemented by 
the Department. We have that responsibility under the Homeland 
Security appropriations bill of fiscal year 2007.
    Specifically, the committee is interested in the Top-Screen 
process, which, as you all know, is the initial phase of the 
regulatory requirements. We are concerned about the breadth of 
entities that will be required to fill out a Top-Screen 
application, and we would like some clarifying answers on the 
Department's preparation for this process. There are many 
elements of this issue, and we welcome the panels' insights.
    First, we must know how the Department decided upon which 
chemicals to include and their amounts. Second, was the 
Department prepared for entities such as universities and small 
businesses to be subject to the Top-Screen process? The 
committee needs to confirm that the Department has the 
necessary resources to perform these tasks and to thoughtfully 
and thoroughly review the questionnaires and assessments.
    We also need to know whether we have gone far enough, and 
there is a great deal of interest in writing a comprehensive 
chemical security bill. Why? I will repeat it over and over 
again: Eighty-five percent of the critical infrastructure, 
which includes chemical security or chemical plants, is in the 
private sector.
    If the Department is lacking resources or having problems, 
the committee must know, because chemical security is vital to 
our national security. In fact, in any discussions that have 
now been publicized, we know it is enormously vital. They are 
crucial in their security--the entity's security--and of the 
people who work there. It is crucial to the security of this 
Nation. Even large companies via the Chemical Sector 
Coordinating Council have expressed concerns about the 
regulatory regime's approach. That is why this committee is 
holding hearings, and we are open to their concerns, but I, 
personally, am not open to countering or to denying or to 
undermining the security of this Nation.
    The committee should discern how the Department is defining 
risks, the methodologies it is using, why it is requiring 
facilities in the top three tiers to only use the Department's 
vulnerability act assessment and not the assessment that many 
companies already use. This duplication of resources seems 
especially perplexing. However, I am open-minded. I am willing 
to listen to the reasoning behind it so that we can find common 
ground.
    There is no doubt that the private sector wants to be 
secure. They are Americans, and so there must be a common 
ground to be able to solve some of these questions that are 
being raised.
    Many advocacy groups, chemical companies and State and 
local governments have expressed frustration about whether 
these regulations preempt State and local chemical security 
regulations, some of which happen to be better than the Federal 
criteria standards right now. The appropriations bill was 
silent on preemption, but, nevertheless, the regulations seem 
to imply that the regulations will preempt State and local 
laws. Dow Chemical expressed to the committee that it is 
supportive of State and local laws that may be more forceful 
than the Federal regulations. There are several circulating 
proposals to ensure that these regulations do not preempt State 
and local laws.
    In the Homeland Security Appropriations Act for fiscal year 
2008, the House made clear that the Department should not 
preempt State chemical security laws unless they are in direct 
conflict with the Federal regulations.
    There are also concerns about the introduction of a new 
category of pseudo-classified information called Chemical 
Terrorism Vulnerability Information, or CVI. The Department has 
created multiple forms of classified information that may or 
may not be necessary and merely seem to confuse interested 
parties.
    Again, this is the time to make the case or to clarify so 
that the ultimate goal is the security of all of us here in 
America and particularly those physical plants dealing with 
chemicals that can be the genesis of a horrific terrorist act.
    In the Homeland Security Appropriations Act for fiscal year 
2008, language was included to instruct the Department not to 
create a new class of protected information but to use the 
Sensitive Security Information category, or SSI, already used 
for sites located at maritime ports, regulated under the 
Maritime Transportation Security Act.
    In the area of worker protection and participation, we 
would like to see protections provided for whistle-blowers as 
well as the inclusion of chemical security workers in creating 
the vulnerability assessments and the site security plans. It 
appears that workers are not included in this process, and 
their knowledge and positions on the front lines would be very 
useful to create more effective regulations. I am also 
interested, additionally, in the training of these workers and 
the criteria for training the workers and whether or not that 
is part of an extended and coordinated practice.
    We also want to know how useful the Chemical Sector 
Coordinating Council and Chemical Sector Specific Plan under 
the NIPP were in creating and in implementing regulations. 
These regulations seem to provide a perfect opportunity to see 
a real-world example of how effective these plans and the 
councils are.
    As you can see, we have a lot to discuss. I, along with 
other members of the subcommittee, am seriously committed to 
protecting critical infrastructure and to understanding how the 
private sector is protecting our vital assets. However, I am 
not willing to leave it totally to the private sector or to the 
Federal Government alone. This committee--this full committee 
and this subcommittee must be intimately involved. As I have 
often said, the bottom line is that, if an horrific act were to 
occur, the name that most would look to is the Homeland 
Security Department and the Homeland Security Committee.
    Again, today, we want to explore what steps the private 
sector has taken to protect its infrastructure and the 
Department's role in this process. We look forward to the 
witnesses' testimony and learning how these different entities 
protect themselves from threats and what role the Congress can 
play and how we can fortify the relationship to protect the 
United States from a chemical attack.

  Prepared Statement of the Honorable Sheila Jackson Lee, Chairwoman, 
 Subcommittee on Transportation Security and Infrastructure Protection

                             JULY 24, 2007

    There has been, however, a great deal of curiosity--even 
skepticism--about how effectively DHS could implement these 
regulations, as it has not had to do so in the past with regard to 
other sectors. I believe that because this is the Department's first 
attempt in a regulatory role, oversight is vital. The Committee must 
explore the chemical security regulations implemented by the Department 
under the Homeland Security Appropriations bill of FY07.
    Specifically, the Committee is interested in the Top Screen 
process, which, as you all know, is the initial phase of the regulatory 
requirements. We are concerned about the breadth of entities that will 
be required to fill out a Top Screen application and would like some 
clarifying answers on the Department's preparation for this process.
    There are many elements of this issue and we welcome the panel's 
insight.
         First, we must know how the department decided upon 
        which chemicals to include and their amounts.
         Second, was the Department prepared for entities, such 
        as universities and small businesses, to be subject to the Top 
        Screen process?
         The Committee needs to confirm that the Department has 
        the necessary resources to perform these tasks and to 
        thoughtfully and thoroughly review the questionnaires and 
        assessments.
    If the Department is lacking resources or having problems, the 
Committee must know because chemical security is vital to our national 
security.
    Even large companies, via the Chemical Sector Coordinating Council, 
have expressed concerns about the regulatory regime's approach. The 
Committee should discern how the Department is defining risk, the 
methodologies it is using, and why it is requiring facilities in the 
top three tiers to only use the Department's vulnerability assessment, 
and not the assessments that many companies already use. This 
duplication of resources seems especially perplexing.
    Many advocacy groups, chemical companies, and State and local 
governments have expressed frustration about whether these regulations 
preempt State and local chemical security regulations. The 
Appropriations bill was silent on preemption but, nevertheless, the 
regulations seem to imply that the regulations will preempt State and 
local laws. Dow Chemical expressed to the Committee that it is 
supportive of State and local laws that may be more forceful than the 
Federal regulations. There are several circulating proposals to ensure 
that these regulations do not preempt State and local laws. In the 
Homeland Security Appropriations Act for Fiscal Year 2008, the House 
made clear that the Department should not preempt State chemical 
security laws unless they are in direct conflict with the Federal 
regulations.
    There are also concerns about the introduction of a new category of 
pseudo-classified information called ``Chemical-terrorism Vulnerability 
Information,'' or CVI. The Department has created multiple forms of 
classified information that do not seem necessary, and merely seem to 
confuse interested parties. In the Homeland Security Appropriations Act 
for FY 2008, language was included to instruct the Department not to 
create a new class of protected information but to use the ``Sensitive 
Security Information'' category, or SSI, already used for sites located 
at maritime ports regulated under the Maritime Transportation Security 
Act (MTSA).
    In the area of worker protection and participation, we would like 
to see protections provided for whistleblowers as well as the inclusion 
of chemical security workers in creating the vulnerability assessments 
and the Site Security Plans. It appears that workers are not included 
in this process, and their knowledge and position on the front-lines 
could be very useful to create more effective regulations.
    We also want to know how useful the Chemical Sector Coordinating 
Council and Chemical Sector Specific Plan (under the NIPP) were in 
creating and implementing the regulations. These regulations seem to 
provide a perfect opportunity to see a real-world example of how 
effective these plans and councils are. As you can see we have a lot to 
discuss.
    I, along with other members of this subcommittee, am seriously 
committed to protecting critical infrastructure and understanding how 
the private sector is protecting our vital assets.
    Again, today we want to explore what steps the private sector has 
taken to protect its infrastructure and the Department's role in this 
process. I look forward to the witnesses' testimony and learning about 
how these different entities protect themselves from threats and what 
role Congress can play to fortify and protect the United States' from a 
chemical attack.

    Ms. Jackson Lee. The Chair is pleased now to recognize the 
ranking member, the gentleman from California, for his opening 
statement.
    Mr. Lungren. Thank you very much, Chairwoman Jackson Lee.
    Because of the crazy schedule going on today around here, I 
will have to, unfortunately, leave at 2:45, so I hope to hear 
as much as I possibly can from both panels.
    I must say it is fitting that our subcommittee be the first 
to review the Department of Homeland Security's efforts in 
implementing our committee's bipartisan chemical security 
legislation which was enacted just last year. The authority to 
regulate the chemical industry is, indeed, historic. For the 
first time, all chemical facilities will be assessed, Top-
Screened for potential consequences and assigned to risk based 
tiers because of specific security concerns.
    The Department, as I understand, estimates that there are 
40,000 facilities which will complete this assessment process. 
Those facilities which qualify as tiers 1, 2 or 3 will be 
required to conduct a facility vulnerability assessment and to 
submit a site security plan to address those vulnerabilities. 
This is in keeping with the legislation which we enacted last 
year where we were trying to ensure that we targeted our 
greatest resources at the greatest risks.
    I am pleased that the regulations recently issued under our 
legislation were both risk based and performance based. I 
believe this will prevent us from overreaching and from 
enacting inflexible and unreasonable requirements on our 
Nation's chemical facilities. The last thing we want to do is 
to somehow suppress the ingenuity and creativity of the private 
sector in coming up with the necessary security measures, and I 
think we have avoided this so long as we have both risk-based 
and performance-based assessments guiding our conduct. Our goal 
and that of these regulations should be to strike the right 
balance between securing our high-risk chemical facilities 
while ensuring that they continue their vital service to the 
American economy.
    Reference was made by the chairwoman to the legislation or 
to the language contained in legislation this year which 
changes the carefully constructed language that we had last 
year to try and establish a balance between the Federal, State 
and local governments. Last year, we came upon language which 
has been utilized by the courts before. I cannot give you it 
exactly, but I believe it is something to the effect that State 
and local laws, so long as they did not frustrate the Federal 
intent or purpose, would be allowed. That language is language 
which has been utilized by the courts in the past to determine 
the relationship among the different levels of government, and 
I am concerned that the new language, if it is completed in 
legislation with the Senate, would cause us to have disputes in 
the courts as to what that language actually means.
    Unfortunately, it seems, to me, it is too early in this 
regulatory effort to make a full determination as to the 
success or failure of the Department in implementing the 
regulatory scheme. To be fair, we should allow these 
regulations to be fully implemented before we second-guess 
their effectiveness. Nonetheless, I am interested to hear from 
you, Colonel Stephan, on exactly what you have done and how you 
are going forward with it.
    Also, as to the second panel, I have not had the 
opportunity to meet the members of the panel, but I have 
familiarity with the Dow Chemical Company at one of their major 
plants in a previous district that I represented. At that time, 
I recall that they were ahead of the curve on the question of 
safety and security, and I would look forward to hearing what 
they are doing in the present environment as well.
    Thank you very much.
    Ms. Jackson Lee. Thank you, Mr. Lungren, for your remarks.
    The chairwoman acknowledges that other members of the 
subcommittee are reminded that, under the committee rules, 
opening statements may be submitted for the record, and I would 
ask, at this time, unanimous consent that we would continue as 
if we had a quorum in the absence of Mr. Lungren.
    Any objection?
    Mr. Lungren. No objection.
    Ms. Jackson Lee. None being heard, we thank you very much 
so that we can complete this particular hearing.
    It is, again, a pleasure to welcome Colonel Robert Stephan. 
Colonel Stephan is the Assistant Secretary for the Office of 
Infrastructure Protection with the Department of Homeland 
Security. Prior to joining the Department in 2005, Colonel 
Stephan was the Senior Director for Critical Infrastructure 
Protection in the Executive Office of the President. Colonel 
Stephan had a distinguished 24-year career with the Air Force.
    We welcome you. We have seen you quite frequently. We thank 
you for the important work that you have done on critical 
infrastructure, and we are very glad that you are here today, 
and we thank you for your military service.
    So, without objection, the witness's full statement will be 
inserted into the record.
    We welcome you again. Thank you for your testimony.

      STATEMENT OF COL. BOB STEPHAN, ASSISTANT SECRETARY, 
INFRASTRUCTURE PROTECTION, U.S. DEPARTMENT OF HOMELAND SECURITY

    Colonel Stephan. Madam Chairwoman and Ranking Member 
Lungren, thank you very much for the opportunity to come and 
talk with you today about an important topic, in fact, a topic 
that is very much at the center of our radar screen at the 
Department of Homeland Security and within my office in 
particular.
    I also wanted to thank you both personally for your 
leadership in bringing this legislative authority to light--
this regulatory authority to light--and for your continued 
support in ensuring the success of its implementation.
    As you know, securing the chemical sector represents an 
immense undertaking, involving a national effort including all 
levels of government, industry, multiple other organization 
entities and the American public at large. Integrated and 
effective partnerships among all stakeholders are essential to 
securing our national critical infrastructures, particularly 
including high-risk chemical facilities across the Nation.
    The chemical sector has nearly one million employees and 
represents about $500 billion a year in revenue. It converts 
raw materials into more than 70,000 diverse products, many of 
which are critical to the health and well-being of our Nation's 
citizens, to the security, to the economy, to the lives of 
everyday Americans.
    The contributions the chemical sector makes to the Nation 
are great, but they are certainly not without risk, as both of 
you have highlighted. Many chemicals, either in their base form 
or combined with others, could cause significant harm to people 
and to the environment if released or removed from a facility 
and weaponized in some fashion. Additionally, a terrorist 
attack or a natural disaster could significantly disrupt 
production at key facilities, causing very important supply 
chain issues that could be harmful to the economy on a regional 
or on a national scale.
    The Department's vision for the chemical sector is as an 
economically competitive industry with a sustainable security 
posture achieved using risk-based assessments, industry best 
practices, and a comprehensive information-sharing environment 
between industry and government. This vision also includes, 
recently, the implementation of a tailored new regulatory 
authority, the Chemical Facility Anti-Terrorism Standards, more 
affectionately known as the CFATS, aimed at securing the most 
high-risk sites around the country; and a combination of 
voluntary industry efforts and risk-based public-private 
collaboration inside of regulatory space is what we are going 
to use to enable the implementation of this overarching vision.
    As you all are well aware, our Appropriations Act language 
from last year directed us to develop and to implement a 
regulatory framework for high-risk facilities in the chemical 
sector. The Act gives DHS authority to require high-risk 
chemical plants to complete vulnerability assessments, to 
develop site security plans and to implement protective 
measures necessary to meet performance-based standards. The Act 
gave DHS 6 months from the day the President signed the bill in 
early April, 2007, to promulgate interim final regulations. DHS 
released these final regulations, the CFATS, on April 9th of 
this year.
    The following core principles guided the development of 
this regulatory framework:
    Consultation with industry experts, academic specialists, 
engineering associations, and nongovernmental organizations in 
a close public/private sector partnership. We have also 
leveraged State and local organizations, such as the New Jersey 
State Government at various levels and the New Jersey State 
Chemical Council, to make sure we have effectively leveraged 
that vital partnership.
    Tiering. Not all facilities represent the same level of 
risk, and the most scrutiny should be focused on those that, if 
attacked, of course, represent the most risk; and we should 
focus on complicating the lives of our terrorists, adversaries 
in every single thing we do in this program.
    Performance standards should be reasonable, clear and 
equitable and achieve the balance that Congressman Lungren 
spoke to in terms of achieving security while preserving the 
economic vitality and competitiveness of the industry.
    Finally, in implementing this regulation, we should 
recognize the very significant progress that multiple entities 
across the sector have made since the September 11th attacks to 
provide for their own security as well as the many voluntary 
programs they have joined in partnership with DHS and other 
Federal and State and local agencies to get the job done.
    In September of 2006, we released an Advance Notice of 
Rulemaking that contained a draft regulation for public 
comment. Through this process, we received more than 1,300 
pages of comments from over 106 separate submitters. We have 
extensively reviewed these comments and have considered them in 
the final regulation.
    Inside the interim final rule, we included a second public 
comment period. It was on a very important piece that I would 
like to go into more detail on with you during the Q and A 
session. It was specific to Appendix A, which details specific 
chemicals of concern and screening threshold quantities that we 
intend to regulate through this program.
    The comment period closed out in early May, and it produced 
more than 4,000 individual comments for our review. As the 
Secretary has noted, we are reviewing these comments very 
carefully and are closely considering them as we work to 
finalize the Appendix. In fact, the internal DHS clearance 
process closed at noon today, Madam Chairwoman, I am happy to 
report, and the final Appendix A should then be skirting its 
way through the OMB process in the coming weeks.
    Issues that informed our initial look at the chemicals of 
concern and in developing CFATS included toxic release 
quantities, the potential for theft or diversion, the potential 
for sabotage or contamination, and the economic mission/
government mission impact across the country.
    To implement and execute these regulations, the DHS must, 
in a very complicated manner, define the regulated community or 
determine which facilities are high risk. To facilitate this 
process, we developed a screening tool called the Chemical 
Security Assessment Tool, or CSAT. CSAT employs an easy-to-use, 
kind of like a Turbo Tax, online, consequence-based Top-Screen 
tool. CSAT builds upon the functional assessment tool developed 
by DHS with industry earlier referred to as RAMCAP, or Risk 
Analysis and Management for Critical Asset Protection. Under 
the regulatory program, chemical facilities initially 
designated high risk must complete this online consequence 
assessment tool, and this information we will use to factor 
into the final tiering of the facilities.
    Using the results of the CSAT tools, all high-risk 
facilities will be placed into one of four tiers based upon 
risk. The higher a facility's tier, the more robust measures 
they will need to incorporate and the more frequent and 
rigorous their inspection cycles will be. Inspections will both 
validate the adequacy of a facility's site security plan as 
well as verify the implementation of the specific protective 
measures identified therein.
    DHS is using a phased approach, which is very important in 
implementing the regulations, with implementation at the 
highest-risk facilities beginning in an expedited manner and 
with implementation at lower-risk facilities occurring in a 
sequential fashion.
    On June 8th, the CSAT Top-Screen went live, and the 
Chemical Vulnerability Information program went into effect. On 
June 11th, we reached out to the State Homeland Security 
Advisor community and to the Chemical and Oil and Natural Gas 
Government Coordinating Councils and to their corresponding 
private sector counterparts to brief them fully on program 
implementation. We kicked off what we call ``Phase 1(a),'' 
during the week of June 11----
    Ms. Jackson Lee. Colonel, are you wrapping up soon?
    Colonel Stephan. Yes, ma'am, I was.
    Ms. Jackson Lee. Okay. Thank you.
    Colonel Stephan. --making calls to approximately 50 select 
facilities to inform them of the inclusion in an accelerated, 
fast-phased phase 1 implementation. This outreach was at the 
corporate level and expected to result in a collaborative 
effort to complete the CSAT Top-Screen in an expedited fashion.
    Now I have, also, other details regarding specific 
implementation steps and very important voluntary efforts such 
as the Chemical Comprehensive Review Plan program, the Buffer 
Zone Protection Plan program, various types of information-
sharing programs and mechanisms/coordinating structures we have 
established--for instance, management--that are all catalogued 
in very great detail inside my written testimony; and, of 
course, that is submitted for your review and comment.
    Ma''am, barring any further issues, I will then turn the 
floor back to you for questions and answers on this very 
important topic.
    Again, I thank the leadership of this subcommittee for 
helping drive this process forward. We will look forward to 
partnering with you as we begin to implement now this very, 
very complex regulation and make sure that we absolutely do the 
right thing. My people and I, we are a ``no fail'' in terms of 
this mission. You should have no concern about our ability to 
do this, because we are the right people to do this task, and 
you have our pledge that we are going to do it the right way. 
We also understand we are not going to get a second chance to 
do this the right way, and so we are fully committed to doing 
this.
    Thank you again for your continued support as we move 
through this together.
    Ms. Jackson Lee. Well, I am sure, Colonel, that the Nation 
is grateful for your enthusiasm. We know that the entirety of 
your statement, if there is more remaining, will be submitted 
into the record, and we thank you for the passion in which you 
have presented your testimony.
    [The statement of Colonel Stephan follows:]

            Prepared Statement of Colonel Robert B. Stephan

    Thank you, Chairwoman Jackson-Lee, Congressman Lungren, and 
distinguished members of the Subcommittee. It is a pleasure to appear 
before you today to discuss chemical security. Open dialogue between 
security partners is a key element in advancing the security of our 
nation, and I appreciate this opportunity to address you on such a 
timely and important topic. Securing the Chemical Sector represents an 
immense undertaking that involves a national effort including all 
levels of government, industry, and the public. Integrated and 
effective partnerships among all stakeholders--federal, state, local, 
and private sector--are essential to securing our national critical 
infrastructures, including high-risk chemical facilities.

The Chemical Sector and the Sector Specific Plan
    The Chemical Sector has nearly one million employees and represents 
$500 billion a year in revenue. It converts raw materials into more 
than 70,000 diverse products, many of which are critical to the health 
and well-being of our nation's citizens, to security, and to the 
economy. The contributions the Chemical Sector makes to the Nation are 
great, but they are not without risk. The economic and strategic value 
of the industry may make it an attractive target for terrorists. Many 
chemicals, either in their base form or when combined with other 
chemicals, could cause significant harm to people and the environment 
if released or removed from a facility and weaponized in some fashion. 
Additionally, a terrorist attack, natural disaster, or industrial 
accident could significantly disrupt production at key facilities, 
causing supply chain issues that could be harmful to the economy on a 
regional, national, or global scale.
    The Department of Homeland Security's (DHS') vision for the 
Chemical Sector is that of an economically competitive industry with a 
sustainable security posture. This can be achieved by using risk-based 
assessments, industry best practices, and a comprehensive information 
sharing environment between industry and government. This vision also 
includes the implementation of a tailored new regulatory authority--the 
Chemical Facility Anti-Terrorism Standards (CFATS)--aimed at securing 
the most high-risk sites around the country. It is the combination of 
voluntary industry efforts and risk-based public-private collaboration 
inside and outside of regulatory space that will enable implementation 
of this vision.

Industry Efforts
    In the nearly six years since the terrorist attacks on September 
11, 2001, the great majority of industry owners and operators have 
taken actions to assess facility vulnerabilities and put in place a 
wide variety of operational, physical, and cyber security measures. In 
fact, the Chemical Sector has invested more than $3 billion in 
voluntary security measures in the aggregate since 9/11. In our 
experience, Chemical-Sector owners and operators generally understand 
the importance of integrating security into their operations as a sound 
and responsible business practice.

    Examples of industry-led protective initiatives include:
    Responsible Care Security Code: There is a history of collaboration 
within the sector on chemical safety, most notably in the American 
Chemistry Council's Responsible Care program supported by key industry 
associations. After September 11, this program was modified to include 
a mandatory Responsible Care Security Code for chemical facility 
security which requires facilities to:
         Assess vulnerabilities using methodologies developed 
        by Sandia National Laboratories or the Center for Chemical 
        Process Safety.
         Implement security enhancements.
         Verify physical enhancements through local officials 
        or third parties.
    Specifically, facilities are required to control vehicular and 
pedestrian access to sites; protect the perimeter through physical 
barriers, access control systems, electronic surveillance, and patrols; 
create, train, and rehearse security plans; ensure backup for critical 
chemical process systems, including offsite control rooms; work with 
regional stakeholders (government and emergency services) to ensure 
timely response and communication; and vet and access clearance for 
employees and contractors. The Security Code has requirements for cyber 
security and transportation, as well.
    Chemical Sector Cyber Security Program: The Chemical Sector Cyber 
Security Program was established by the American Chemistry Council 
(ACC). In April 2002, ACC recognized the need for a unified plan of 
action to address cyber security across the sector, as well as with 
technology providers, supply chain partners, and other critical 
infrastructure industries. To accomplish this, a task force comprised 
of 16 high-level subject-matter experts was chartered to create the 
Chemical Sector Cyber Security Strategy. This strategy was published in 
September 2006 and outlines the sector's plans to continue facilitating 
improvements to IT and manufacturing system security.
    Sector Protective Programs: Several industry trade associations 
have developed risk assessments methodologies and technical tools to 
support their member companies. In fact, many associations require 
completion of risk assessments as an integral condition of membership 
and safety and security stewardship. Some of the more widely used 
methodologies include the following.
     The National Association of Chemical Distributors (NACD) 
revised its Responsible Distribution Process (RDP) in April 2002 to 
mandate chemical security measures that address potential 
vulnerabilities within chemical distribution, including site and 
transportation security and end-use customers. Implementation and 
third-party verification of RDP is a condition of membership for 
companies belonging to NACD. RDP's security measures also require 
Security Vulnerability Assessments (SVAs) to be conducted with onsite, 
third-party verification.
     The American Petroleum Institute (API)/National 
Petrochemical and Refiners Association (NPRA), as part of its Facility 
Security Program, developed the API/NPRA methodology. This 
comprehensive facility SVA methodology focuses primarily on refineries 
and petrochemical manufacturers.
     The Chlorine Institute has developed guidance documents 
regarding the development of security plans by those facilities that 
handle chlorine rail tank cars when not under the control of a 
railroad. The guidance calls for an SVA and contains 36 baseline 
security actions with implementation recommendations and additional 
security actions for higher alert levels.
     The American Chemistry Council's Responsible Care Security 
Code also requires facilities to conduct an SVA. A facility can use the 
Vulnerability Assessment Methodology for Chemical Facilities developed 
by Sandia National Labs, the Center for Chemical Process Safety (CCPS) 
SVA methodology, or any other methodology determined certified by the 
CCPS.
     The Synthetic Organic Chemical Manufacturers Association 
(SOCMA) developed a computer-based tool, recognized by CCPS as meeting 
the SVA criteria, that is available, for free, to a wide range of 
facilities in the Chemical Sector. The SOCMA SVA can be used to help 
facilities analyze potential vulnerabilities and consider where to most 
effectively implement enhanced security measures.
     The Agribusiness Security Working Group--comprising the 
Agricultural Retailers Association, CropLife America, and the 
Fertilizer Institute--has produced a web-based tool to assist 
agribusiness retailers in conducting an SVA on their retail facility 
and their transportation practices.
     The National Paint and Coatings Association recently 
amended its Coatings Care Program to include a Coatings Care Security 
Code to address critical areas of site security, transportation, 
distribution, and cyber security with appropriate management practices 
and guidelines.
    Security Guidance Documents: Several of the individual members of 
the Chemical Sector Coordinating Council, under the National 
Infrastructure Protection Plan framework, have developed security 
guidance documents specific to the sub-sector they represent. Examples 
include the following:
     The Institute of Makers of Explosives has published 
explosive industry's best practices standards. Their Safety Library 
Publication 27 (SLP27) covers security in the manufacture, 
transportation, storage, and use of commercial explosives. SLP-27 also 
addresses security plans with recommendations tiered to different 
threat levels.
     Crop Life America sponsors the American Agronomic 
Stewardship Alliance (AASA), a program designed to inspect and credit 
more than 6,200 agricultural chemical facilities. The AASA helps to 
ensure third-party verification at retail sites and to certify that 
site security plans are developed and implemented.
     ACC, the Chlorine Institute, and SOCMA collaborated on the 
``Site Security Guidelines for the U.S. Chemical Industry,'' available 
for all chemical facilities as a condition of membership and safety and 
security stewardship.

Public-Private Sector Security Partnerships
    Under the National Infrastructure Protection Plan (NIPP), each 
sector has developed a Sector-Specific Plan, or SSP, which details how 
the NIPP risk analysis and risk management framework and information 
sharing network will be tailored and implemented to meet the needs of 
the sector. The Chemical SSP, released in May of this year, is an 
excellent example of the public/private partnership DHS has fostered 
across various levels of government and industry to improve security at 
chemical facilities around the country. The SSP establishes goals, 
objectives, and metrics that address a full spectrum of sector 
collaboration, information sharing, risk analysis, protection, and 
incident management activities. The chemical sector continues to set a 
strong example in implementing cooperative strategies that cost-
effectively use government and industry resources to help ensure the 
security of high-risk facilities, systems, and networks.
    Through the NIPP process, DHS established solid working 
relationships with a wide variety of public--and private-sector 
partners that make up the chemical sector. This partnership provides an 
effective channel for increased information sharing, risk assessment, 
collaborative security planning, security-related research and 
development, best-practices exchanges, and preparations for incident 
management. The Chemical Sector Coordinating Council (SCC) was formed 
in 2004 and currently consists of 18 trade associations, with the Chair 
and Vice Chair positions held by industry operators/owners. The 
corresponding Government Coordinating Council is comprised of several 
Federal departments: DHS; as well as the Departments of Commerce, 
Defense, and Transportation; the Environmental Protection Agency; and 
the Office of the Director of National Intelligence.

Voluntary Security Collaboration with DHS
    The Chemical SSP describes many of the programs through which the 
Chemical Sector is voluntarily cooperating with DHS to protect and 
ensure the resiliency of its facilities and manufacturing capacity, as 
well as the safety of surrounding communities. These programs have also 
focused on collaborative planning between facility security personnel 
and federal, state, and local law-enforcement officials to help ensure 
an integrated ``inside-and-outside-the-fence'' approach to security.
    Specific examples of these voluntary efforts include the following:
    Comprehensive Review (CR) Program. This program brings together a 
federal interagency team, facility owner/operators, industry 
representatives, and community law-enforcement and emergency-service 
organizations in a collaborative planning environment. The CR is a 
structured, collaborative effort among federal government agencies, 
including DHS components such as the US Coast Guard and the Federal 
Emergency Management Agency, as well as the Federal Bureau of 
Investigation; state and local law-enforcement and emergency-management 
organizations; private-sector owner/operators of critical 
infrastructure/key resource facilities; and industry representatives. 
The purpose is to explore vulnerability to a potential terrorist 
attack, the consequences of such an attack, and the integrated 
capabilities needed to prevent, mitigate, and respond should such an 
event occur. The results of the CR are briefed to decision-makers of 
the site, state and local law-enforcement, and emergency-management 
organizations at the conclusion of the onsite review week. Gaps and 
potential enhancements in security and response capabilities are 
provided to applicable participating organizations for consideration.
    The first Chemical Sector CR was conducted in Detroit in February 
2006. By August 2007, CRs will have been completed in five additional 
regions: Chicago, Houston, Los Angeles, Northern New Jersey, and the 
Lower Delaware River. CRs have identified many improvements--many of 
them low--or no-cost--that can be implemented by Critical 
Infrastructure/Key Resources (CI/KR) owners/operators, as well as 
longer-term strategies and potential improvements that can be 
implemented with a mix of government and private sector resources.
    Buffer Zone Protection Program (BZPP). This program is a targeted 
grant program designed to assist local law enforcement in enhancing CI/
KR protection across the country. For FY 2004/2005, 248 BZPP reports 
for chemical facilities were submitted to DHS, which are eligible for a 
total of $12,600,000 in federal grant funding against identified state 
or local capabilities gaps. For FY 2006, 46 chemical facilities were 
part of the BZPP, eligible for a total of $10,316,000. For FY 2007, a 
total of 100 chemical sites are eligible for BZPP funding totaling 
$19,865,000. To date, 394 chemical facilities have been eligible for a 
total of $42,781,000 under BZPP. Additionally, in FY 2006, DHS launched 
a focused $25 million Chemical Sector BZPP to enhance state and local 
jurisdictions' ability to protect and secure identified chemical 
facilities in high-risk regions across the country. The Chemical BZPP 
program is a sector-specific effort designed to be a companion to the 
Chemical Sector CR initiative.
    Chemical Security Awareness Training Program. This program features 
an online chemical facility security tool for use by all chemical 
facility employees, not just security officers. This tool is scheduled 
to be released by the Chemical SSA to the chemical sector in the Fall 
of 2007.
    Vehicle-Borne Improvised Explosive Device Training Program. This 
program is under development by the Chemical SSA and the DHS Office of 
Bombing Prevention to provide a course for chemical facility security 
officers responsible for searching vehicles at chemical plants.
    Sector Exercises. Various state-level chemical coordinating 
councils, in concert with the local first responders and DHS, are 
conducting tabletop exercises to ensure a coordinated and well-
orchestrated response to an event at a chemical facility. Additionally, 
the Chemical Sector participates as a whole in several national-level 
exercise events each year. The Chemical Sector was a participant in the 
TOPOFF 3 national exercise, from the corporate level to the individual 
facility level. The sector also participated in the Department of 
Defense-sponsored exercise ``Ardent Sentry'' in May 2007, as well as 
the Continuity of Operations exercise called ``Pinnacle'' in May 2007. 
In each exercise, private sector entities and their government 
counterparts reviewed and tested communication paths and incident 
management plans and protocols. The Sector is currently planning its 
participation in the TOPOFF 4 exercise to be conducted in October of 
this year and is a featured thread in the upcoming Cyber Storm II 
exercise, which will take place in March 2008.
    Chemical Security Summit. In June, DHS and the SCC co-sponsored the 
2007 Chemical Sector Security Summit. The event was attended by 350 
members of the Chemical Sector. Topics discussed included the 
implementation of the new CFATS, secure distribution of chemicals, and 
security-awareness training. Planning is under way for a similar event 
in 2008.
    Homeland Security Threat and Risk Analysis Center (HITRAC). HITRAC 
has dramatically increased its outreach to the sector during the past 
two years, providing timely sector assessments, indications and 
warnings products, and security-related briefings. HITRAC has also 
worked collaboratively with the private sector to address the 
timeliness and content of the threat information at the classified and 
unclassified levels. The last classified brief was in March 2007, and 
the next one is scheduled for September 2007. In addition, HITRAC 
provides scheduled bi-weekly unclassified briefings by teleconference 
on threat information based on private-sector reporting, as well as law 
enforcement and other sources.
    Homeland Security Information Network (HSIN). HSIN is providing an 
increasing amount of timely information to users in a secure, online 
format. Recent information that we have posted on HSIN includes 
information on the July 2007 United Kingdom bombings, reports on recent 
incidents in Iraq involving chlorine, Quarterly Suspicious Activity 
Reports, and 2007 pre-season hurricane impacts analysis.

Chemical Security Regulations
    As you are all well aware, the FY 2007 Homeland Security 
Appropriations Act directed DHS to develop and implement a regulatory 
framework for high-risk chemical facilities. Section 550 of the Act 
authorizes DHS to require high-risk chemical facilities to complete 
vulnerability assessments, develop site security plans, and implement 
protective measures necessary to meet DHS-defined performance 
standards. The Act gave DHS six months from the date the President 
signed the Bill, or until early April 2007, to promulgate interim final 
regulations implementing this authority. DHS published the interim 
final regulations, the CFATS, on April 9, 2007.

    The following core principles guided the development of this 
regulatory structure:
        (1) Consultation with industry experts, academic specialists, 
        engineering associations, and non-government organizations to 
        ensure that our rule would be workable while accomplishing our 
        security goals. By working closely with public experts, such as 
        New Jersey State officials and the New Jersey Chemical Council, 
        we believe that we have effectively leveraged vital knowledge 
        and insight to make our regulation better.
        (2) Tiering. Not all facilities present the same level of risk 
        and that the most scrutiny should be focused on those that, if 
        attacked, could endanger the greatest number of lives, have the 
        greatest economic impact, or present other very significant 
        risks. Low-risk facilities are not a part of this framework.
        (3) Reasonable, clear, and equitable performance standards for 
        facility security. The rule includes enforceable performance 
        standards based on the types and severity of potential risks 
        posed by terrorists and natural disasters, and facilities 
        should have the flexibility to select among appropriate site-
        specific security measures that will effectively address those 
        risks, complicating terrorist attack planning and operational 
        surveillance in the process.
        (4) Recognition of the progress many responsible companies have 
        made to date in raising the security bar across the Chemical 
        Sector. Many companies have made significant capital 
        investments in security since 9/11, and we should build upon 
        that progress in implementing the CFATS program.
    Stakeholder input--both public and private--was critical to our 
success in developing the regulatory framework. In December 2006, DHS 
released an Advanced Notice of Rulemaking containing a draft regulation 
for public comment. We received more than 1,300 pages of comments from 
more than 106 separate submitters. We extensively reviewed these 
comments and considered them in finalizing the regulation.
    Within the Interim Final Rule, we included a second public comment 
period specific to ``Appendix A,'' which details the specific chemicals 
and their corresponding ``Screening Threshold Quantities'' that we 
intend to regulate through the CFATS program. This public comment 
period closed out on May 9, 2007, and produced more than 4,000 
individual comments for our review. We have studied these comments 
carefully and are closely considering them as we work to finalize the 
Appendix. We also conducted extensive outreach with some commenters to 
better understand their specific concerns and issues.
    Issues that informed our initial look at which chemicals could be 
of concern in developing CFATS included quantities released, potential 
for theft or diversion, potential for sabotage or contamination, and 
the effect that they would have on national security, government 
operations, or the economy.
    To implement and execute the CFATS regulations, DHS must define the 
regulated community or determine which facilities are ``high risk.'' To 
facilitate this, DHS has developed a screening tool called the Chemical 
Security Assessment Tool (CSAT). The CSAT employs an easy-to-use, 
online consequence-based Top Screen tool. CSAT builds upon the 
foundational assessment tool developed by DHS with industry input 
referred to as the Risk Analysis and Management for Critical Asset 
Protection, or RAMCAP. Under the regulatory program, those facilities 
initially designated high-risk must complete the online CSAT SVA, which 
will factor into a final determination of a facility's risk level for 
the purposes of the regulatory regime.
    Using the results of the CSAT tools, all high-risk facilities will 
be placed into one of four tiers based on risk. While all high-risk 
facilities will be required to develop site security plans addressing 
their vulnerabilities, the security measures needed to meet the 
performance standards, as well as its inspection cycle and other 
regulatory requirements, will be based upon a facility's tier level. 
The higher a facility's risk tier, the more robust the measures they 
will need to incorporate and the more frequent and rigorous their 
inspections will be. Inspections will both validate the adequacy of a 
facility's site security plan, as well as verify the implementation of 
the measures identified therein.
    DHS is using a phased approach in implementing the CFATS 
regulations, with implementation at the highest-risk facilities 
beginning in an expedited manner and implementation at lower-risk 
facilities occurring in a sequential fashion. The following is a 
summary of our current activities:
        On June 8, the CSAT Top Screen went live, and the Chemical-
        Technical Vulnerability Information program (CVI) went into 
        effect. On June 11, we reached out to the State Homeland 
        Security Advisors and the Chemical and Oil and Natural Gas 
        Government Coordinating Councils and SCCs to brief them on 
        program implementation. We kicked off Phase 1(a) the week of 
        June 11, making calls to approximately 50 select facilities to 
        inform them of inclusion in the Phase 1(a) program. This 
        outreach was at the corporate level and is expected to result 
        in a collaborative effort to complete the CSAT Top Screen in an 
        expedited fashion for known high-risk facilities.
    Follow-up letters are being sent to companies to serve as a 
``trigger'' for the sixty-day Top Screen clock regarding the initial 
pool of 50 facilities. The facilities will complete an expedited CSAT 
process with technical assistance from DHS inspectors. The inspectors 
are also initiating outreach to state and local jurisdictions to begin 
security discussions and explain the CFATS program in detail. We 
anticipate approved site security plans and formal site inspections of 
these facilities in most cases by the end of the calendar year.
    Phase 1(b) also began the week of June 11. This phase is being 
conducted in coordination with Chemical SCC and Oil and Natural Gas SCC 
to begin the Top Screen process for additional high-risk facilities at 
industry discretion prior to publication of Appendix A. This phase 
provides for Registration and completion of the Top Screen, with a Help 
Desk available and CVI in place. It gives flexibility in schedule and 
reflects a partnership model focused on major corporations. A quick 
glance shows that our outreach efforts are working; as of July 13, the 
following statistics were reported by our CSAT team:
        --6,096 facilities have registered in the CSAT process and are 
        in some phase of Top Screen completion
        --194 have submitted a completed Top Screen
    Phase 2 will commence upon publication of Appendix A and will 
officially start the program for all facilities that hold chemicals of 
interest and meet stated screening threshold quantities. Facilities 
will complete Top Screens, receive preliminary tiering decisions, 
complete SVAs, develop site security plans, and be inspected to the 
plan, as appropriate per tier.
    In terms of tools to assist compliance with the regulations, the 
Chemical Terrorism Vulnerability Information Procedures Manual and 
attendant training are available online at www.dhs.gov/
chemicalsecurity.
    We intend Phases 1(a) and (b) to be a learning time for us, 
particularly for our inspectors as well as for industry. What we learn 
will shape further implementation of the program and help us ensure 
consistency in our approach across the country.
    Additionally, and let me stress that this will be of benefit to all 
partners in the long run, DHS intends to focus a great deal of effort 
on fostering solid working relationships with state and local officials 
and first responders in jurisdictions with high-risk facilities. In 
fact, to effectively meet the risk-based performance elements under 
CFATS, facilities must demonstrate that they have active, effective 
working relationships with local officials in the areas of delaying and 
responding to a potential attack and knowing who does what during an 
elevated threat situation. The goal is the same as with our voluntary 
Comprehensive Reviews: that all stakeholders participate in the 
planning and implementation of protective security measures around 
high-risk chemical facilities.
    In authorizing the CFATS program, Congress provided the Department 
with the ability to protect sensitive, chemical-facility information in 
a way that balances the need to protect the information from 
inappropriate and potentially harmful disclosures with the need to 
share the information with key stakeholders, particularly state and 
local officials. To implement this authority, we conducted a review of 
existing information security vehicles, including the Sensitive 
Security Information (SSI) designation. Because neither SSI nor any 
other existing unclassified designation provides the level of 
protection called for in Section 550, we developed a designation 
entitled Chemical-terrorism Vulnerability Information (CVI). That said, 
the Department does not take the creation of a new information 
protection regime lightly, especially in light of the President's 
Memorandum for Heads of Executive Departments and Agencies of December 
16, 2005, entitled ``Guidelines and Requirements in Support of the 
Information Sharing Environment,'' and the current efforts to 
standardize Controlled Unclassified Information. In addition, DHS has 
partnered with a working group comprising state and local Homeland 
Security Officers to implement CVI in a way that supports state and 
local information needs while ensuring the proper level of information 
protection to keep sensitive information out of the hands of those who 
may use it against us.

Conclusion
    The Federal government is collaborating extensively with the 
public, including members of environmental groups and the chemical 
sector, to actively work toward achieving our collective goals under 
the NIPP and the CFATS regulatory framework. In almost all cases, 
industry has voluntarily done a tremendous amount to ensure the 
security and resiliency of its facilities and systems; however, 
addressing the concern that such efforts have not been universally 
adequate in all cases for all high-risk chemical facilities, Congress 
has directed that the new chemical security regulations be developed 
and that DHS enforce them. I am hopeful that as we take on this new 
task, we will continue to work as partners with industry and Congress 
to get the job done. Given the nature of the terrorist adversary that 
we face, we simply cannot afford an ``us-versus-them'' stance toward 
the Chemical Sector. In this light, ``we'' will work smartly to 
implement a risk and performance-based approach to regulation and, in 
parallel fashion, continue to pursue the voluntary programs that have 
borne considerable fruit thus far. We look forward to continued 
cooperation with all of our industry and state and local government 
partners as we move towards a more secure future.Thank you for holding 
this important and timely hearing. I would be happy to take any 
questions you might have.

    Ms. Jackson Lee. Frankly, I believe that is, certainly, the 
appropriate passion, if you will, because we are talking about 
some enormously dangerous possibilities even if we have the 
attention as we do of the industry.
    For any members coming, let me remind those members, for 
the record--who may be on their way because of this busy 
schedule--that each will have 5 minutes to question the panel. 
At this time, I will now recognize myself for 5 minutes.
    Allow me quickly, Colonel, if I can, and if your questions 
can be pointed, if you will, because I do want to get to the 
second panel, respecting the ranking member's schedule that may 
require him to leave. We will have a further opportunity to 
explore this because we are not finished with this one hearing.
    You noted, as I spoke earlier in my remarks, that the 
fundamental approach and structure of the chemical regulations 
is one that we have, in fact, worked with you on based upon 
legislation in this session and legislation in the past 
Congress, and so we think the approach, certainly, has the 
right tone to it, the right direction, but we also raise the 
question about the implementation, especially the Top-Screen 
process.
    So tell us quickly what process was used to determine 
chemicals of concern. That is a key element. What process was 
used to calculate the respective amounts that determine whether 
an entity is required to conduct a Top-Screen?
    Colonel Stephan. Yes, ma'am.
    We are looking at classifying chemicals as substances of 
concern for the purpose of this regulation based upon whether 
they are toxic by inhalation, release hazard, whether there are 
theft, diversion, sabotage-type issues. That is, can some 
material that we define as a ``substance of concern'' be 
removed from the site, weaponized into an IED configuration and 
used to kill people or can it be used to sabotage or to 
contaminate a public gathering place?
    Also, we are taking a look at a very interesting piece of 
new ground. That is the impact of individual facilities and 
chemicals on national and regional economic production as well 
as national security and national or mission governance. All of 
the chemicals on the list were derived principally from 
existing sources, things that have gone through the test of 
time. They have been put in place by other safety regulators, 
principally, such as the EPA, the Department of Transportation, 
the Transportation Security Administration, the Department of 
Commerce under the Chemical Weapons----
    Ms. Jackson Lee. But you took existing information and 
filtered it and came up with your list?
    Colonel Stephan. Principally, ma'am. Although there are 
some chemicals on the list that probably do not exist on any 
existing list that might be----
    Ms. Jackson Lee. Do you have scientists under your 
jurisdiction to be able to assist you in further 
determinations?
    Colonel Stephan. Yes, ma'am. Through the Directorate of 
Science and Technology, we have a Chemical Security Analysis 
Center that is located slightly north of----
    Ms. Jackson Lee. Have you utilized that research?
    Colonel Stephan. They have been fully engaged in the 
process with us, as has been the FBI's weapon of mass 
destruction lab and other scientific communities.
    Ms. Jackson Lee. Is the list a growing list, a list to be 
modified, a list to be enhanced, a list to be detracted from?
    Colonel Stephan. Ma'am, it has approximately 300-plus 
chemicals in nature right now; and we are at, I think with this 
phase of the program, submitting this to our Secretary for his 
look this week; and I think, from my perspective, it is done.
    Ms. Jackson Lee. Are the chemicals on there those that, by 
themselves, may be nonthreatening but in combination they are 
threatening?
    Colonel Stephan. That is correct, ma'am, in a mixture-type 
environment.
    Ms. Jackson Lee. Okay. You know, as you have heard from 
several entities, we have heard from several entities, 
including associations that represent universities. When we 
look at your materials in the Top-Screen survey, you query 
responses by the type of facility, and you give them the option 
to be called the ``chemical manufacture petroleum refinery'' or 
the ``liquid natural gas facility.'' It seems as if that is 
what you are connecting to, but we are told that out of the 
procedures that we have that we have a far more expansive 
scope, which would include universities.
    Are you surprised by the number and scope of the facilities 
that you are including? How are you addressing that question? 
Do you think, at this present time, you have enough staff to 
begin what will be an ongoing and extended process as these 
particular entities, facilities, have to come under these 
regulations?
    Colonel Stephan. Yes, ma'am.
    When you take the approach to regulate by chemical of 
concern, obviously, we have found out initially there will be a 
more expansive universe than the traditional big chemical 
plant, storage manufacturing facilities that would be included 
in this framework. Probably, to be honest with you, it is quite 
a bit more than we thought we would catch in the initial 
casting of the net.
    For those organizations that do not clearly fit into any 
one of the conventional chemical facility categories, such as 
the universities and colleges, we have established incredible 
outreach with these folks to figure out what their business 
landscape is, their operating environment and the risk 
environment; and we have reached conclusions, based upon our 
initial threshold quantities as well as some of those that will 
ultimately fall inside our program authority, of how we will 
work with them to develop some very specialized and tailored 
security plans.
    Ma''am, as you know, with the passage of this Act, I was 
not given initially any new resources to conduct this mission. 
As recently as, I think, about a week ago, I was able to tap 
into the $12 million supplemental appropriation to be able to 
bring this program up to speed for where we think it needs to 
go in 2007. In 2008, you will see an increase in the 
Department's requirements over the 2007 threshold.
    I have recently, with the finalization of the interim final 
rule, conducted a very comprehensive, 2-month-long, manpower-
and-resources-required study that I am now using inside my 
chain of command to take a look at budget formulation for the 
outyears.
    Ms. Jackson Lee. But you leave expanded groups, you feel, 
prepared to deal with the expanded groups beyond chemical 
manufacturing/liquid natural gas facilities?
    Colonel Stephan. Yes.
    Ms. Jackson Lee. With all of the large fishnet that you 
have, you are prepared to deal with those various 
organizations, universities and others?
    Colonel Stephan. Yes, ma'am. But, again, we are going to be 
skimming down the initial number of fish that we caught in the 
first net that we cast based upon dialogue/listening sessions 
that we had with various elements of these new folks that----
    Ms. Jackson Lee. Well, I would like you to keep the 
committee advised.
    Colonel Stephan. Yes, ma'am.
    Ms. Jackson Lee. I would like to be engaged in that process 
just to get an understanding of the direction that you are 
taking.
    Colonel Stephan. Yes, ma'am.
    Ms. Jackson Lee. Because my time is up, let me just ask you 
quickly, do you plan to use contractors to review the Top-
Screen questionnaires dealing with the vulnerability 
assessments, site security plans and to conduct site visits?
    Colonel Stephan. Ma'am, I plan to use a combination of 
Federal employees, Federal leadership and some elements of 
contract staff to conduct the various aspects of the 
implementation of this regulation. I would be happy to get back 
with you in more specific detail based upon the knowledge base 
I have now.
    Ms. Jackson Lee. And you have a sufficient number, since 
this number of staff that would partner with contract employees 
who are under your jurisdiction, that means they are sited at 
Homeland Security? They are on site?
    Colonel Stephan. Ma'am, I have people on site, and I also 
have 40 detailees from the Federal Protective Service on board 
that are stationed in places----
    Ms. Jackson Lee. Right, but those are Federal Government 
workers.
    Colonel Stephan. Yes, ma'am. They will be doing the on-site 
inspections.
    Ms. Jackson Lee. Not contractors whom you have hired 
randomly?
    Colonel Stephan. Well, ma'am, I do not hire contractors 
randomly, but during some phase of----
    Ms. Jackson Lee. Sometimes Homeland Security does hire 
people randomly. We see that all the time.
    Colonel Stephan. Okay, ma'am. I will not argue that point 
before you today.
    As we published in the IFR, the Department is also 
contemplating for the lower tiers of the 1--through 4-tiered 
structure, taking a look at a third-party auditor plan so that 
we can distribute some of the costs and the expertise to 
execute this mission across more population than my office 
represents at this point in time. That will be a separate 
rulemaking process open for public comment, of course.
    Ms. Jackson Lee. We will explore the staffing with you 
further.
    With that, let me yield back my time and yield to the 
distinguished gentleman from California for his questioning of 
the witness.
    Colonel Stephan. Thank you.
    Mr. Lungren. Thank you very much.
    Colonel, I remember when you first came into this position 
you were required to put your stamp of approval on the sector-
specific plans. At that time, you related to the committee that 
you were not satisfied with the quality of the product and you 
asked for additional time. You have now reported to us on those 
17 sector-specific plans, including that for the chemical 
industry.
    Can you give me an idea of the difference in approach that 
was used in this particular assignment with respect to carrying 
out the authorization that you received last year on the 
chemical plants versus the sector-specific plans? You put in a 
different approach to the sector-specific plans from what had 
been there before. How did you make sure that you did not run 
into the same problems here that the Department had run into 
before?
    Colonel Stephan. Sir, first and foremost, we established a 
coordinating structure through the sector coordinating councils 
and the government coordinating councils to make sure I had the 
right guys at the table. The Secretary gave us the 871 
authority to put in a protected legal umbrella or framework so 
that I could have protected security discussions with elements 
of the private sector.
    Then every single thing that we have developed from the 
voluntary side of the house has been in full collaboration with 
as many aspects of the chemical sector as has wanted to come to 
our table and to join us in helping us work our way through and 
sort out some very tough policy decisions, planning decisions 
and risk analysis-related decisions.
    We are using that voluntary, collaborative framework that 
has been in place now for 4-1/2 years as something that has 
achieved some, I think, pretty significant progress across the 
country in terms of the security of this sector, and we are now 
parachuting on top of that some very surgically applied 
regulatory authority to those places that need more attention, 
and I need to be able to look you in the eye and guarantee you 
more of a level of security than I can today.
    Mr. Lungren. Let me ask you about that.
    From your written testimony, it is your position that the 
Top-Screen process will provide you with essential information 
necessary to locate and to secure the high-risk chemical 
facilities. This is information that the Department has never 
had before nor has had the authority to request before, 
correct?
    Colonel Stephan. Yes, sir. We did not have the authority, 
and this will be an amazing set of very sensitive proprietary 
and security related information that gets not just 
vulnerabilities but consequences and vulnerabilities in the 
context of very specific threat vectors.
    Mr. Lungren. Because it includes proprietary information 
and information that one company may not want to share with 
another or would not want to get out into the public domain 
because of the security, how do you assure the participants of 
the security of the information?
    Colonel Stephan. Sir, because we have developed a new 
program. I know it is not popular to develop a new information-
sharing program, but because of the requirements and the 
mandates in section 550 of our Appropriations Act to basically 
treat this information as if it were classified information in 
the context of enforcement and the amount of collaboration that 
we agree with 100 percent that is required between us and our 
State and local government partners in the emergency responder 
community and the law enforcement community across these 
jurisdictions that house these chemical plants, there is going 
to be a lot of people who, by mandate now, have potential 
access to this information.
    I have got to be able to look these private-sector folks in 
the eye and guarantee from a proprietary perspective and from a 
security perspective that we have a very special regime in 
place that will not allow that information to be leaked in any 
way and that we are working out a process through Colonel Mike 
McDaniel--the State Homeland Security Advisor from Michigan--
and about 30 other folks who represent the first responder, law 
enforcement and emergency management communities around the 
country what is the exact protocol in writing an MOU that we 
will work out with each State that will house the CFATS' 
regulated facility to very clearly understand that that 
information is protected.
    Mr. Lungren. What is the level of confidence that you have 
achieved with the private sector in that?
    Colonel Stephan. Sir, I think that we are in the initial 
stages of working the State and local piece with the private 
sector. I think the private sector is very comfortable now with 
the CVI--Chemical Vulnerability Information--guidelines that we 
published about a month and a half ago. I can say that in a 
similar framework and on the voluntary side of the house to 
protect a critical infrastructure information program, in 4 
years now we have not had a single leak of one bit of data into 
the public at large from that program.
    Mr. Lungren. To what extent, if any, do the chemical 
regulations take into account the transportation of the 
chemicals? That is, it is extremely important that we worry 
about the security of the chemicals at a site, but what about 
going from site to site?
    Colonel Stephan. Sir, inside the CFATS' regulatory 
authority, which is basically my baby, we have specific 
performance standards that address the receipt of and the 
dispatch of a chemical substance of concern in and out of the 
facility and to make sure that that terminal process is secure.
    A companion or a sister regulation, as you know, is in the 
works. It was submitted very recently into the final clearance 
of the department level that is under the leadership of the 
Transportation Security Administration, and that will basically 
govern the entire supply chain piece outside of fixed 
facilities for transportation, sir.
    Mr. Lungren. Have your two groups been talking to one 
another within DHS?
    Colonel Stephan. Yes, sir. We have exchanged hostages on 
each other's working groups, and we have prisoners of war 
protocols and everything established, and I think that process 
is going very well.
    Our job here is to eliminate any potential seams, and I 
have seen those seams at the chemical plants that I have 
visited, and that is the number one focus on my part, to make 
sure that we have no seams that can be exploited between those 
two regimes.
    Mr. Lungren. Have the folks working on the transportation 
side had an opportunity, or some of them, to look at what you 
are doing and vice versa?
    Colonel Stephan. Yes, sir. That same comment applies with 
respect to the United States Coast Guard and to the NTSA 
program.
    Mr. Lungren. Thank you very much.
    Thank you, Madam Chair.
    Ms. Jackson Lee. Thank you.
    Let me, Mr. Secretary, thank you; and I will be posing this 
question very quickly so that we can move to the second panel. 
As we recognize Mr. Markey's presence here, we will yield to 
him in a moment. Let me ask this question that I will pose to 
the other witnesses.
    We know that we came together, Republicans and Democrats, 
because chemical plants are vulnerable to terrorism. As you sit 
here today, we are in a work in progress, but if you had to 
make an assessment of the progress that these regulations have 
made in thwarting, blocking potential terrorist acts against 
the Nation's chemical plants housed mostly in the hands of the 
private sector, where are we? What scale are we on with respect 
to securing America? That can, obviously, be talked about 
generically, as opposed to with any classified information.
    How comfortable do you feel as it relates to whether or not 
we are making progress in terms of thwarting potential 
terrorist acts against these facilities?
    Colonel Stephan. Ma'am, I think we are making considerable 
progress. But, again, this regulatory framework has been alive 
for basically a month and a half. So, in terms of progress that 
I can specifically tie to this specific framework, we are going 
to have to let a little bit more time run its course.
    If you couple what we are doing now and the collaboration 
we have achieved in implementing this thing at the beginning 
with all of the voluntary measures we have put in place--for 
example, right now, on some of the top 394 facilities on the 
EPA's RMP database list, I have buffer zone plans to the tune 
of the financing of $68 million, which is the largest single 
contribution to any one of the infrastructure sectors under my 
control. We have pushed out planning that has tied State and 
local law enforcement emergency responder capacity to the 
security capacity of the plants themselves, achieving inside--
and outside-the-fence synergy.
    Based upon 4 1/2 years of voluntary security work with the 
industry, I feel we know them, they know us, we have a solid, 
voluntary structure in place, information-sharing mechanisms in 
place, needs that have been targeted to the weakest links in 
the process based on consequences, and now we are ready to move 
again to the next level on the cake, which is the security 
regulatory authority.
    Ms. Jackson Lee. Let me thank you.
    Let me yield to the distinguished gentleman from New York--
excuse me--from Massachusetts for 5 minutes, Mr. Markey.
    Mr. Markey. Don't you ever----
    Ms. Jackson Lee. No, he does not. He said, ``Don't ever.''
    Mr. Markey. Don't ever call me a Yankee fan.
    Ms. Jackson Lee. Folks, let me clarify that. He is not 
talking about New York. He just said do not call him a Yankee 
fan, and I appreciate his dilemma.
    Mr. Markey for 5 minutes.
    Mr. Markey. Welcome, sir.
    As you know, al-Qa'ida and Iraq used chlorine to kill 27 
people back in April. So I also noted that, in the Chlorine 
Institute's basic report, several successful attempted thefts 
of 150-pound chlorine cylinders from several water treatment 
facilities in California have occurred; and, as you know, 
cylinders of this size could pose a significant risk to the 
lives of everyone exposed to their contents.
    Chairmen Thompson and Langevin and Solis and I sent a 
letter to Secretary Chertoff requesting more information on 
this. Although your Department has yet to respond to our 
letter, an article in today's Boston Globe indicates that the 
thefts remain unsolved and that there has been at least one 
additional theft of a chlorine cylinder in Texas since then.
    As you know, the law that Congress passed last year 
exempted water treatment facilities from regulation by the 
Department of Homeland Security. Don't you think it is time, 
Colonel, for us to withdraw that exemption so that the 
Department of Homeland Security can move into an area where we 
know al-Qa'ida is trying to obtain chlorine that could cause a 
catastrophic event here in the United States?
    Colonel Stephan. Sir, I will take back your request to the 
Secretary. I have seen the signed letter from the Secretary to 
you, sir; and I will go back and try to figure out where that 
might be in the process to make sure you get that 
expeditiously.
    Mr. Markey. You have seen the signed letter that----
    Colonel Stephan. Yes, sir. That is with Secretary 
Chertoff's signature that answers your letter to him, sir. I 
will go back and see where that is in the process between the 
other side of Washington and here and make sure you get prompt 
delivery.
    Also, I think I would like to recognize----
    Mr. Markey. Is there any reason for me to believe that the 
Secretary has changed his mind that the Department of Homeland 
Security should not have jurisdiction over this issue and that 
chlorine should sit out there as a threat to the American 
public but without Department of Homeland Security 
responsibility for that issue?
    Colonel Stephan. Sir, let me paraphrase the Secretary's 
response back to you in that the Secretary recognizes that this 
exemption has caused a gap in terms of regulatory authority for 
similar types of chemicals and similar types of facilities 
between the chemical sector, which we do regulate now under 
CFATS, and the water and, importantly, the wastewater sectors. 
There is an imbalance in regulatory authority and, hence, a 
security gap.
    There are a couple of different----
    Mr. Markey. Well, it is a regulatory black hole through 
which al-Qa'ida could drive a truck loaded with chlorine into a 
populated area of our country. Yes, I do agree with you on 
that, but I have yet to hear of a request from the Bush 
administration as to how we are going to close down this 
opening that al-Qa'ida could exploit using chlorine.
    Colonel Stephan. Sir, that security gap is acknowledged. 
There are many ways to kind of skin that gap in colloquialism 
or skin that cat.
    Mr. Markey. Does the Secretary support or oppose the 
closing of this chlorine loophole that was created in the law 
last year?
    Colonel Stephan. He supports the closing of the security 
related gap that that loophole has produced. There are several 
ways to do that. Those different ways are in discussion inside 
the administration at this point.
    Mr. Markey. Well, I really am looking forward to reading 
this letter, but I am willing to bet anything that your 
response is not going to be accurate, that is, that the 
Secretary is not going to call for a closing of this exemption. 
I do not have any evidence thus far, and I think this hearing 
might have prompted somebody to start writing a letter. You 
would have thought I would have gotten it before the hearing. I 
think your answer to me is one that allows for an ambiguity to 
be kept until after this hearing so that you do not have to be 
held accountable for it.
    How do you close a security gap without changing the law? 
How are you going to do that?
    Colonel Stephan. Sir, you have got to give somebody 
authority. There is a combination of voluntary measures that 
can be put in place. There are lots of----
    Mr. Markey. You are talking about giving the chlorine 
industry--you are saying, let us give voluntary supervisory 
powers to an industry that has seen massive theft of this very 
product, item, that can be used by al-Qa'ida for a terrorist 
attack; and I do not think that makes any sense to trust the 
industry that has not been securing these materials.
    Why can't we have the Department of Homeland Security step 
up and say it is time for the Bush administration to provide 
supervision and to stop trusting an industry that has 
demonstrated an incapacity to, in fact, deserve that trust?
    Colonel Stephan. Sir, in the letter from the Secretary to 
you, he is quite emphatic about his desire to close this 
security gap.
    Mr. Markey. Is one of the things that is under 
consideration in the administration requiring the industry to 
use safer materials, that is, to use substitutes for chlorine? 
Is that one of the things that is under consideration?
    Colonel Stephan. Sir, that particular issue is not a piece 
of the pie that is under consideration at that point.
    Mr. Markey. Again, I think that is what, ultimately, the 
solution is. It is to use safer chemicals that cannot be used 
for terrorist purposes where possible; and it is just another 
thing that the Bush administration, unfortunately, has 
continued to defer to the industry rather than to the safety of 
the American public.
    Mr. Lungren. Would the gentleman yield on that point?
    Mr. Markey. I would be glad to yield.
    Mr. Lungren. As I recall, when we were coming up----
    Ms. Jackson Lee. The gentleman from California is 
recognized for an additional 2 minutes.
    Mr. Markey. Oh, I am sorry. Through the indulgence of the 
Chair, I would be glad to.
    Mr. Lungren. When we were negotiating this last year, it 
was not the administration that asked for the removal of that 
portion of the sector, but it was the Senate that insisted upon 
it, I would just tell the gentleman. So when we were working on 
it on the House side we did not have that exception. For some 
reason, the Senate thought it was important. Just so the record 
would reflect, I do not recall the administration's pushing 
that on us when we negotiated it last year.
    I thank the gentleman for yielding.
    Mr. Markey. I thank the gentleman.
    I guess what I would wish here, now that we are in 
Democratic control in the House and in the Senate, is, if the 
Secretary does want this law changed and does want the power, 
that we are ready, willing and able to now do it for the 
Secretary. But we have to hear from the Secretary that he wants 
to be able now to have the responsibility for making sure that 
we do not have a chlorine cylinder explode in a way that causes 
a catastrophic event in this country.
    So if you could take that back to the Secretary.
    Colonel Stephan. Mr. Markey, I would be happy to deliver 
the message. Thank you.
    Mr. Markey. I thank you.
    Ms. Jackson Lee. If the gentleman would just yield on his 
point, we are here today listening to industry as well on the 
impact of these regulations. I have indicated that I remain 
open but concerned about any lists that are going to be altered 
with the removal of chemicals versus addition in as much as 
each chemical's, if you will, quantity has some possibility of 
creating a value for terrorists. I think what you are saying is 
of the question regarding chlorine, but there are many others 
that are seemingly being asked to be moved off the list. I hope 
the Secretary takes my concern back about moving lists and 
taking different chemicals off of lists, and I know I have 
raised the question about universities.
    We are going to move to the second panel, so we will have 
to continue this with you as this committee proceeds in the 
review of these chemical regulations. Let me thank you for your 
testimony.
    Mr. Markey. Madam Chair, I thank you for your indulgence.
    Ms. Jackson Lee. Thank you for your indulgence on having 
you yield on your time. Thank you very much.
    I thank the witness for his cooperation, for his wisdom in 
his statement, and we will look forward to working with you on 
the questions that have been raised by the members of this 
committee.
    Colonel Stephan. Thank you very much for your continued 
leadership and support of our programs.
    Ms. Jackson Lee. Thank you, Colonel, very much.
    We are now ready for the second panel.
    Ms. Jackson Lee. Okay. I thank the second panel again for 
your patience. And welcome this committee. We believe your 
testimony will be very instructive for a committee that has 
vast responsibilities on the Nation's critical infrastructure.
    At this time, we would like to welcome the second panel of 
witnesses. Our first witness will be Mr. Phillip J. Crowley, 
Senior Fellow and Director of Homeland Security. During the 
Clinton administration, Mr. Crowley was Special Assistant to 
the President of the United States for National Security 
Affairs, serving as Senior Director of Public Affairs for the 
National Security Council. Prior to that, he was Principal 
Deputy Assistant Secretary of Defense for Public Affairs. In 
all, Crowley, was a spokesperson for the United States 
Government, the United States military for 28 years, 11 of 
those years at the Pentagon and 3 at the White House. Welcome, 
Mr. Crowley.
    Our second witness is Mr. Timothy Scott. Mr. Scott is Chief 
Security Officer and Global Director, Emergency Services and 
Security for Dow. In this capacity, Mr. Scott is responsible 
for security crisis management and emergency planning, 
preparation and response for on--and off-site emergencies 
involving Dow or Dow products.
    Mr. Scott, we welcome you, and we thank you very much for 
your presence here today. Our third witness is Mr. John 
Alexander, with the United Steelworkers Health, Safety and 
Environment Department. He is here to give us frontline 
perspective on chemical security.
    And we welcome you, Mr. Alexander.
    Our final witness of the panel is Dr. Ara Tahmassian. Dr. 
Tahmassian is representing the higher education organizations 
and is the Associate Vice President for Research Compliance at 
the Boston University and Boston Medical Center, where he has 
responsibility for all nonfinancial research compliance issues. 
He has responsibility for preparation and implementation of 
integration strategies for multiple regulatory compliance 
programs at Charles River Campus, Boston University Medical 
Campus, and Boston Medical Center, as well as development of 
new programs, as well as being involved in developing new 
programs required by the research enterprise.
    Welcome again to you, Doctor, and thank you for your 
presence here today.
    Without objection, the witnesses' full statements will be 
inserted in the record, and I will ask each witness to 
summarize his statement for 5 minutes, beginning with Mr. 
Crowley.

 STATEMENT OF PHILIP J. CROWLEY, SENIOR FELLOW AND DIRECTOR OF 
        HOMELAND SECURITY, CENTER FOR AMERICAN PROGRESS

    Mr. Crowley. Madam Chairwoman, thank you very much. I now 
direct the Homeland Security Program at the Center for American 
Progress, and I am grateful for the opportunity to reflect on 
the emerging direction of chemical security regulation. And I 
commend the committee for coming back to this issue early in 
this process. More has been done in the last 10 months than the 
previous 5 years, a sign that we now recognize, if belatedly, 
that chemical security is our most significant infrastructure-
related homeland security vulnerability. A new framework is a 
reasonable start, but more can be done, as the prior panel had 
discussed.
    The threat is real, not hypothetical. The conclusions of 
the National Intelligence Estimate released last week are 
sobering. Iraq has become a deadly laboratory, and we have seen 
several attacks where al-Qa'ida has used chlorine gas tanker 
trucks as makeshift weapons. If it is happening there, it can 
happen here. Our vulnerability is clear. The previous emphasis 
on voluntary steps did not work. While some may have made 
security investments, there remain today too many open gates, 
accessible storage containers and unguarded rail sidings.
    A HAZMAT car moving through a major population center 
provides everything an urban terrorist would want, a weapon, 
delivery system and target all in one place. A successful 
attack would produce loss of life and injury that would dwarf 
what occurred on 9/11. First of all, I support what appears to 
be a very ambitious Top-Screen process by DHS. Sound judgments 
require as much information and as broad a perspective as 
possible. The mere fact that DHS will evaluate a wide range of 
chemical manufacturers and users should serve as an important 
catalyst for change. The last thing we should do is narrow its 
potential impact.
    At a recent conference, a senior executive of a Fortune 500 
company suggested that while security was important to his 
corporate leadership today, he could not guarantee it would 
remain so. Studies by our Center for American Progress echo 
this reality. Actions that improve chemical security are 
feasible and affordable, but the pace of change is inadequate. 
The real issue is what DHS will do based upon the Top-Screen.
    The purpose of government regulation is to broadly impact 
both perception and behavior to further a common good. The 
near-term objective should be to use the interim authority that 
Congress is granted to achieve the maximum possible impact. One 
way to do this is for DHS to take a system-wide approach to 
chemical security, as we do for maritime security. DHS should 
assess risk along with a facility's supply chain, not just what 
occurs inside its fence line. The highest point of risk may be 
a HAZMAT car on a freight line that runs through a major city 
like Washington, D.C., not far from where we are seated. DHS 
oversight can create a dynamic that brings the chemical and 
rail industries together to figure out how not just to manage 
risk but actually reduce it.
    Third, we must ensure that DHS has the capacity to properly 
implement this new authority. In a conference call in April, 
DHS officials acknowledged that implementation would be handled 
by a staff of 33 people at headquarters and the 40 field 
representatives that Secretary Stephan mentioned in his 
testimony, despite the fact that the DHS Top-Screen could 
involve tens of thousands of chemical facilities.
    Recall that the Coast Guard, one of the largest entities 
within the Department, struggled with implementation of the 
Maritime Transportation Security Act, even when employing its 
Coast Guard Auxiliary to help review port facility security 
plans. An industry of third-party auditors can help with 
enactment compliance and enforcement, but DHS cannot watch from 
the sidelines. It must be in the game and directly engaged.
    Fourth, DHS should set an aggressive implementation 
timeline. You must keep in mind that DHS will be undergoing its 
first Presidential transition in late 2008. Congress should 
request a report, including lessons learned and recommendations 
for permanent legislation from the current DHS leadership by 
the fall of next year to ensure continuity.
    Finally, Congress should pass legislation not later than 
early 2009 that establishes a permanent regulatory framework. A 
good model is the comprehensive cross-jurisdictional approach 
that the House followed with legislation implementing the 9/11 
Commission's recommendations. This legislation should broaden 
DHS's authority, in concert with the EPA, to regulate drinking 
water and water treatment facilities, which are now exempted, 
which would combine physical security and transportation 
policies into a comprehensive strategy that should establish 
material or process substitution as a key component of a 
successful security program.
    The legislation should make clear that Federal regulation 
is a floor, not a ceiling. There is simply no reason that the 
Federal Government should preempt States from taking additional 
measures that can make specific sites even more secure. I thank 
the Chairwoman, and I look forward to your questions.
    [The statement of Mr. Crowley follows:]

                Prepared Statement of Philip J. Crowley

    I am P.J. Crowley. I direct the homeland security program at the 
Center for American Progress. I am grateful for the opportunity to 
reflect on the emerging direction of chemical security regulation and 
its impact on both the public and private sector.
    More has been done on this issue in the past 10 months than the 
previous five years. This is clearly a sign that we now recognize, if 
belatedly, that chemical security is our most significant 
infrastructure-related homeland security vulnerability. The framework 
that is emerging is a reasonable start, but more needs to be done, 
particularly the need to move as rapidly as possible from an interim 
chemical security regulatory framework to a permanent program with 
broader authorities and incentives.
    The Department of Homeland Security embraces, and I believe 
properly so, a risk-based approach. The elements of risk, of course, 
include threat, `vulnerability and consequence. Each element conveys 
the urgency that we must proceed aggressively and we must do it right.
    The threat is real, not hypothetical. The conclusions of the 
National Intelligence Estimate released last week are sobering. Iraq 
has become a dangerous laboratory and various technologies and tactics 
have migrated via veterans of the jihad and the Internet to other 
fronts. In recent months, we have seen several attacks in Iraq where 
presumed al-Qa'ida operatives have used tanker trucks filled with 
chlorine gas as makeshift weapons. If it is happening there, it can 
happen here. We also see from the most recent plots in London and 
Glasgow that individuals will use ingredients they have at hand against 
familiar targets that can create both immediate destruction as well as 
broader economic ripple effects.
    Our vulnerability is clear. The previous emphasis on voluntary 
steps did not work. Chemical manufacturers, transporters and users were 
either unable or unwilling to take voluntary steps on a consistent 
basis to improve security across the varied landscape of the chemical 
industry. Some made investments in improved security, but as a number 
of investigative reports have shown, almost six years after 9/11, there 
are still too many open gates, unsecured rail sidings and accessible 
storage containers. A HAZMAT rail car moving through a major population 
center provides everything an urban terrorist could want--a weapon, a 
delivery system and a target--all in one place.
    The potential consequences of an attack employing acutely hazardous 
materials are well-known and have been for a long time. If successfully 
attacked, the expected injuries and loss of life would dwarf what 
occurred on 9/11. The generic chlorine tank explosion that DHS 
envisioned in its 2004 planning scenarios involved 17,500 fatalities, 
10,000 severe injuries and 100,000 hospitalizations. The EPA's Risk 
Management Program or RMP data identifies more than 500 facilities 
that, if attacked, place at least 100,000 people at risk and almost 
7,000 facilities that put at least 1,000 people at risk.
    This is the security environment within which we can evaluate what 
is being done now and where we must go from here.
    I want to concentrate my testimony in five areas--the scope of the 
``top-screen'' that DHS is employing in its facility evaluation; the 
need for DHS in its risk analysis to link chemical facility physical 
security and rail security as part of a comprehensive threat picture; 
the overall capacity of DHS to successfully execute its new chemical 
security authorities; setting an aggressive timeline for implementation 
of interim chemical security regulations, including lessons learned and 
gap analysis; and, finally, using this early experience as a 
springboard to enact a permanent chemical security legislation over the 
next 12--18 months.
    First of all, I support what appears to be a very ambitious top 
screen process by DHS. The initial effectiveness of the new regulatory 
framework will depend upon decisions DHS makes based on the top screen. 
The top screen does involve a lengthy and detailed questionnaire, but 
informed judgments require as much information and as broad a 
perspective as possible. The mere fact that DHS will evaluate a wide 
range of chemical manufacturers and users should serve as an important 
catalyst for action. The last thing we should do is narrow its impact.
    We continue to confront a ``business as usual'' mindset--that the 
threat is overstated, that doing what is easy is sufficient, that what 
we do to improve safety will work for security, that security can be 
cost-free. Our national security no longer depends just on what the 
military achieves ``over there.'' It also depends on individual 
business judgments made here as well. At a conference a couple of weeks 
ago, a senior executive of a Fortune 500 company suggested that, while 
security was important to his corporate leadership today, he could not 
guarantee that security would remain so tomorrow. This corporate 
attitude must change. Good security is good business.
    At the Center for American Progress, we have produced two research 
papers on chemical facilities and supply chains. We have documented how 
some companies in different segments of the chemical industry are 
gradually adapting their operations. Changes, including the adoption of 
safer and more secure chemicals and processes, can be achieved at a 
manageable cost. There is ample evidence from our analysis that such 
changes can improve industrial efficiency and reduce regulatory and 
associated costs. However, the results also show that change is not 
occurring fast enough.\1\ The private sector must be prepared to do 
more.
---------------------------------------------------------------------------
    \1\ See Paul Orum, Toxic Trains and the Terrorist Threat, How Water 
Utilities Can Get Chlorine Gas Off the Rails and Out of American 
Communities, Center for American Progress , April 2007, available at 
http://www.americanprogress.org/issues/2007/04/chemical/
_security_report.html. And Paul Orum, Preventing Toxic Terrorism, How 
Some Chemical Facilities are Removing Danger to American Communities, 
Center for American Progress, April 2006, available at http://
www.americanprogress.org/issues/2006/04/b681085_ct2556757.html.
---------------------------------------------------------------------------
    Second, the real issue is not whether DHS should require a top 
screen of thousands of entities, but what it will do with the 
information it gathers during the top screen. The purpose of government 
regulation is to broadly impact both perception and behavior in order 
to further a common good. The near-term objective should be to use the 
limited interim authority that Congress has granted to achieve the 
maximum possible impact. Federal regulation can promote both improved 
security and, of importance to the corporate world, can also create a 
level playing field where everyone in the market must meet specific 
performance standards.
    One way for DHS to use its authority to maximum effect is to take a 
system-wide approach to chemical security. The focus must be not only 
physical plant security, but supply chain security as well. We follow 
such a comprehensive approach with maritime security--a fully 
integrated focus from the point of manufacture, through foreign ports, 
onto container ships and then through our domestic ports here in the 
United States.
    However, for various reasons, including jurisdictional issues here 
in Congress, chemical security and rail security are treated as 
distinct rather than interrelated challenges. For example, a chemical 
manufacturer and user in remote areas can improve physical security--
gates, guards, lighting, access and storage. A rail operator can 
closely monitor interchanges and rail yards. But unless DHS establishes 
a comprehensive threat picture, it may not adequately address a 
facility's highest point of risk, which could be a HAZMAT car 
transporting a toxic-by-inhalation or TIH gas such as anhydrous 
ammonia, chlorine, sulfur dioxide or hydrogen fluoride on a freight 
line that moves through a major population center like Washington, D.C.
    In fact, while CSX has voluntarily discontinued TIH shipments on 
one of its lines through the District, there are still such shipments 
on a second line through Eckington Yards, within two miles of the 
Capitol. The Capitol was a target on 9/11 and could be again. One way 
to minimize such a terrorist opportunity is through rerouting. A better 
way would be for DHS to use its assessment process to encourage a shift 
to more secure alternatives. Thus, DHS should evaluate risk across a 
facility's supply chain, not just on what occurs inside a facility's 
fence line.
    Third, we must ensure that DHS has the capacity to properly 
implement its new authorities. This is an open question. In a 
conference call in April, DHS officials acknowledged that 
implementation would be handled by a staff of 33 people at headquarters 
and 40 field representatives, despite the fact that DHS anticipated 
that its top screen could impact several thousand chemical facilities. 
A few dozen employees will likely not enable DHS to exercise 
appropriate leadership and oversight. Recall that the Coast Guard, one 
of the largest entities within the Department, struggled with 
implementation of the Maritime Transportation Security Act even when it 
used the Coast Guard Auxiliary to review port facility security plans.
    An industry of third-party auditors is expected to help with 
enactment, compliance and enforcement. Clear lines must be drawn 
regarding functions that must be performed by government personnel and 
those that can reasonably be delegated to the private sector. Congress 
should pay close attention to the resources that are being provided to 
this function. Even if the primary compliance function is assumed by 
the private sector, DHS must have sufficient capabilities to do its own 
independent assessment of facilities that pose significant risks.
    In fairness to the private sector, government regulation is 
supposed to create a process whereby all stakeholders identify risk in 
light of the threat we face, evaluate a range of solutions and take 
appropriate actions that can both deter attacks and minimize the impact 
of any attack that does occur. It is not for the government to dictate 
solutions, but to encourage action and innovation by those who know the 
plant or the function best. What the private sector has a right to 
expect is a full government partner that sets clear standards, is 
responsive to complex situations that will inevitably arise and creates 
and maintains a level playing field by enforcing them across the entire 
sector. DHS cannot watch this unfold from the bleachers. It must be in 
the game and directly engaged with the private sector, particularly 
with respect to those facilities in the top security tiers.
    Fourth, we have to maintain a sense of urgency about this issue. We 
are behind. Former EPA Administrator Christine Todd Whitman and former 
Homeland Security Advisor and later Secretary Ridge were poised to act 
in 2002 under the new National Strategy for Homeland Security to 
require roughly 15,000 chemical facilities near major population 
centers to undertake vulnerability assessments, address those 
vulnerabilities and report actions taken to the federal government. The 
White House blocked action. Had appropriate steps been taken then, we 
would already have a mature and permanent structure in place.
    I mention this not as partisan criticism, but to urge that we act 
aggressively now. DHS should establish an expeditious timeline as to 
when it expects the facility tiering process to be completed; 
vulnerability assessments reviewed; security plans validated; and 
lessons learned evaluated. This is obviously of vital importance since 
DHS will be undergoing its first presidential transition in late 2008 
and there is a need for continuity since it will be the next 
administration that will be responsible for implementing permanent 
chemical security rules. I would recommend that DHS provide Congress 
with a report on interim regulation implementation within the next 15 
months, including recommendations for a permanent chemical security 
framework.
    Chemical security should remain a leading priority for Congress 
over the next two years. Without question, Congress should pass 
legislation by early 2009 that establishes permanent federal regulation 
of chemical facilities. A good model is the comprehensive legislation 
that fully implemented the recommendations of the 9/11 Commission, 
passed by the House in the first hours of the 110th Congress.
    In this legislation, besides making chemical security regulation 
permanent, Congress should close a gaping hole that exists now and 
broaden DHS' authority, in concert with the EPA, to regulate drinking 
water and water treatment facilities, which are now exempted. The 
legislation should expand the focus of existing efforts beyond simply 
physical security to include transportation. It should also establish 
material or process substitution as a key component of a successful 
security program. Knowledgeable employees should be included in 
planning. The legislation should make clear that federal chemical 
security regulation is a floor, not a ceiling. Given the growing 
threat, there is simply no reason that the federal government should 
preempt states from taking additional measures that can make specific 
sites even more secure.
    For all stakeholders--the federal and state governments and the 
chemical and rail industries--given the clear threat, vulnerability and 
consequence of a chemical attack in this country, the focus should be 
on how to work collaboratively to do more rather than offering reasons 
to do less.
    I look forward to your questions.

    Ms. Jackson Lee. Okay. Thank you, Mr. Crowley.
    Mr. Scott, you are welcomed.

   STATEMENT OF TIMOTHY J. SCOTT, CHIEF SECURITY OFFICER AND 
   GLOBAL DIRECTOR, EMERGENCY SERVICES AND SECURITY, THE DOW 
                        CHEMICAL COMPANY

    Mr. Scott. Good afternoon, honorable Chairwoman. Thank you 
for the invitation to address your committee on the critical 
issue of chemical security. My name is Tim Scott, and I am the 
Chief Security Officer for Dow Chemical, the world's largest 
chemical company. I also have a dual role as the site leader 
for Emergency Services and Security at Dow's site in Freeport, 
Texas, our largest manufacturing site, and one of the largest 
in the world.
    Dow's products are essential to our Nation's economy and 
the daily lives of every American. The chemical sector is not 
only a part of our Nation's critical infrastructure but the 
foundation for all other sectors.
    I have three key points today. First, a comprehensive, 
uniform and risk-based approach to chemical security is 
critical. Second, effective partnerships are vital to our 
Nation's success in meeting this challenge. And third, while 
there are still some gaps to resolve, the Chemical Facility 
Anti-terrorism Standards are a significant step forward in 
securing the chemical sector.
    Dow believes the most effective way to address chemical 
security is through a comprehensive, risk-based approach, and 
we developed our Integrated Global Security Processes that you 
see on this poster behind me with just that in mind. Dow has 
focused on security for years, but over the last 5 years, we 
conducted two rounds of vulnerability assessments at our sites 
around the world conducted by teams of security professionals 
and process safety engineers and involving site employees at 
all levels at every site. We applied layers of physical 
security, along with technology and trained people around those 
critical assets to detect, deter, delay and respond to 
intruders. We also implement inherently safer approaches when 
they prove to be an effective solution to change the way our 
products are manufactured, stored or transported.
    We have programs in place to verify the backgrounds of our 
people working on our sites. We have hotlines for those who 
work on our sites, as well as the communities around us, to 
connect immediately with my global organization. And we have an 
EthicsLine for anyone to report, anonymously if they choose, 
any concerns, security issues or suspicious situations they may 
see.
    Our integrated approach to security includes securing our 
supply chain, a responsibility we share with suppliers, 
carriers, customers and government agencies. While less than 1 
percent of what we ship is classified as highly hazardous, we 
have aggressive programs to further reduce inventories and the 
amounts we ship. In addition, we require security seals on 
shipping containers. We use advanced track-and-trace 
technologies. We work with carriers on routing solutions. We 
are developing more robust next-generation railcars, and we are 
strengthening local awareness and response along our 
transportation routes.
    Partnerships on all levels are vital, and we are actively 
engaging Federal agencies, Congressional committees, and State 
and local agencies and emergency responders.
    In short, Dow Chemical is serious about security. We 
believe any facility that manufactures, uses or possesses 
materials in hazardous quantities should be required to 
implement risk-based security measures. We are encouraged by 
the new standards and believe they are a significant step 
forward. We believe States have a critical role to play and may 
also have unique security issues. And we support the States' 
rights to address those gaps through a coordinated effort with 
Federal authorities to ensure that conflict will not occur.
    We support the stated purpose of Appendix A and a Top-
Screen approach. However, we are encouraged the numbers of 
facilities potentially covered will be prioritized so that DHS 
can maintain its intended focus on high-risk facilities. We 
have concerns that the sunset clause, and the perceived 
deadlines that it creates, will hamper the ability to implement 
effective standards. We support DHS's efforts, and ask that 
adequate time be allowed for effective implementation.
    We have made a lot of progress, but more needs to be done. 
We need a comprehensive, uniform and risk-based approach to 
protect our Nation's people, communities and critical 
infrastructure. We need a continued partnership to develop a 
consistent and efficient approach to this challenge. We need to 
build on the progress we have already made to be successful in 
strengthening the security of the chemical sector, and we need 
this coordinated effort now. We are encouraged by the 
leadership of your committee and Congress in general, the 
partnership developed by DHS and the commitment to effective 
chemical security standards. Thank you.
    [The statement of Mr. Scott follows:]

                 Prepared Statement of Timothy J. Scott

Introduction
    Chairwoman Jackson Lee, ranking member Lungren and members of the 
Subcommittee, my name is Timothy J. Scott, and I am the Chief Security 
Officer and Global Director of Emergency Services and Security for The 
Dow Chemical Company--the world's largest chemical and plastics 
company. In addition to my corporate roles, I am the site leader for 
Emergency Services and Security at Dow's Texas Operations in Freeport, 
Texas--our company's largest manufacturing facility and one of the 
largest petrochemical complexes in the world. I also serve as the vice 
chairman of the Chemical Sector Coordinating Council (CSCC) working 
with the Department of Homeland Security (DHS) and a member of the 
National Maritime Security Advisory Committee for the U.S Coast Guard. 
Today, I am speaking on behalf of The Dow Chemical Company.
    I want to thank Congress for giving DHS the necessary authority to 
regulate the security of our sector. The Subcommittee should be 
commended for holding today's hearing on chemical security regulations 
and their impact on the public and private sector. This is a subject 
that is of extreme importance to our nation, and I'm pleased to be able 
to share Dow's experience in security as well as continue to serve as a 
resource and partner to the federal government on this important issue.
    Dow has taken an aggressive leadership role driving voluntary 
initiatives across the industry and has been a leading proponent for 
risk-based security regulations for chemical facilities. We are 
actively engaging in partnerships on security, emergency response and 
information sharing with federal, state, local and international 
governments as well as with other private entities and stakeholders.
    For Dow, this is a world-wide responsibility every day. In the 
United States, we have over 21,000 employees at 45 sites. Half of our 
employees are in the U.S. In total, we are 42,000 employees, neighbors 
and community leaders from 400 different geographic regions around the 
world. We have about 200 manufacturing sites in 38 countries that 
supply more than 3,200 products to customers in 175 nations. The 
Journal of Commerce has ranked Dow as the nation's 7th largest 
exporter. Dow's products are essential to every aspect of the daily 
lives of each and every American, and the chemical sector as a whole is 
not only a part of our country's critical infrastructure, but a basic 
building block for each of the other sectors.
    The three key points I would like Subcommittee members to take away 
from my remarks are:
        (1.) We must take a comprehensive, uniform and risk-based 
        approach to protect the people and communities of our nation as 
        well as our nation's critical infrastructure.
        (2.) Effective protection of critical infrastructure can only 
        be achieved through government-public-private partnerships to 
        ensure our nation's security while maintaining the flow of 
        commerce for a vibrant and growing economy.
        (3.) While long-term authority for DHS to regulate chemical 
        security is still required and some issues remain, the Chemical 
        Facility Anti-terrorism Standards (CFATS) are a significant 
        step forward in ensuring all chemical facilities meet the same 
        risk-based performance standards for security.
An Integrated Approach to Chemical Industry Security
    Our commitment to leadership in safety and security did not start 
on 9/11. In 1985 Dow formalized its long-standing effort to provide 
ongoing training, awareness and support to local emergency responders 
and communities with the implementation of the Community Awareness and 
Emergency Response (CAER) program. In 1986, TransCAER was created by 
Dow in partnership with Union Pacific Railroad to help ensure training 
and awareness to communities and local responders along Dow/Union 
Pacific transportation routes. Later this year--in a renewal of that 
partnership--we are launching a TransCAER community training tour that 
will make 28 stops over 74 days in California, and from Texas to 
Louisiana to Chicago along Union Pacific rail lines.
    In 1988 Dow developed a comprehensive, multi-level global security 
plan--a plan the company implemented during the first Gulf War and 
later on 9/11. Shortly after these tragic attacks, Dow helped the 
American Chemistry Council (ACC) draft the ACC Responsible 
Care Security Code of Management Practices--a voluntary 
initiative by leading chemical manufacturers to set the industry 
standard for handling security. Through Dow's voluntary global 
implementation of the Security Code, we permanently heightened our 
security preparedness by investing hundreds of millions of dollars in 
risk-based security upgrades since 9/11--not just in the United States, 
but worldwide--the only company to do so on a global level. Dow's 
efforts have been approved by the U.S. Coast Guard as meeting the 
requirements of the Maritime Transportation Security Act (``MTSA'') at 
the 12 U.S. integrated sites; and Dow sites in a dozen countries 
outside the United States have leveraged their Responsible Care 
Security Programs to demonstrate compliance with the International 
Maritime Organization's (IMO) International Ship and Port Facility 
Security Code.
    Last year, Dow formed an Independent Advisory Panel of 
distinguished experts around the world from disciplines including 
physical security, manufacturing process safety, transportation and 
supply chain security, emergency response, and crisis management. This 
panel, chaired by the Honorable Lee Hamilton, was organized by Dow for 
an independent review of our efforts and visited Dow sites around the 
world and received an unprecedented inside look at the way Dow conducts 
its security business.

Our approach to Chemical Facility and Site Security
    Dow's security program incorporates measures focused to detect, 
deter, delay and to respond to intrusions at Dow's facilities. Dow's 
security program includes: intelligence gathering through various 
private and governmental resources to assess risk, Security 
Vulnerability Assessments (SVA's) to assess vulnerability based on that 
risk, security plans to address risk, and appropriate security 
processes to secure our assets--people, property, proprietary 
information and cyber systems. Emergency preparedness, response 
services, and community outreach, are the final pieces to our 
integrated site security processes--and this integrated approach is 
embedded across our enterprise--in site and facility security, 
personnel security, supply chain security, information/cyber security 
and emergency response. This approach has also led to improved security 
awareness for our employees and communities as well as integrated 
response planning within the company and surrounding area.
    Dow's vulnerability assessments are conducted by a team of 
security, process safety, and operations professionals to take a total 
approach--ensuring all aspects of security and safety are evaluated to 
identify and reduce vulnerabilities at our facilities. As a result of 
site vulnerability assessments, we've made physical improvements that 
are visible (such as fencing, access control, vehicle barricades and 
increased patrols), some that are more covert such as electronic 
monitoring, alarms and video surveillance, and we've taken steps to 
implement inherently safer approaches--to change the way our products 
are manufactured, stored or transported to reduce risk.
    Employees and others working on Dow sites, as well as the general 
public in the community around Dow sites are an essential element of 
our integrated security process--often acting as our first layer of 
security by reporting suspicious or unusual activity in the community 
our near the site perimeter. Dow has in place a site-by-site Emergency 
Services and Security call-in line and dispatch service for employees 
and contractors, local community call-in numbers and an 800 number for 
use by these same people or the general public from anywhere in the 
U.S., a global ethics helpline through which employees and concerned 
parties can report any observed or suspected violation of law or Dow 
Policies, as well as security issues or suspicious situations or 
persons. Callers to the Dow EthicsLine have the option to remain 
anonymous if they prefer. Both security awareness training and ethics 
training are conducted for all employees on an annual basis, and drills 
are required of all Dow plants and sites on a regular basis, with at 
least 25% of those site drills being based on a security scenario and 
quarterly drills involving various segments of the community and local 
responders. To maintain regular open communications each Dow site has 
active Community Advisory Panels (CAPs) and Employee Communications 
Advisory Panels (ECAPs) to address community and employee questions and 
communication needs.
    As the partnership with various agencies matured and communication 
improved, a second round of Dow SVAs and additional upgrades were 
initiated around the world in 2005. Dow's program also includes an 
ongoing audit process to ensure the services and systems are 
maintained, updated and implemented appropriately.

Our Approach to Supply Chain Security
    Securing complex supply chains requires collaboration between 
manufacturers, transportation service providers, customers and 
governments. As a manufacturer and shipper, Dow is responsible for 
providing materials in a safe container that will meet the rigors of 
transportation. It's the transportation service provider's 
responsibility to safely and securely move materials from our location 
to the destination. Finally, government provides the appropriate 
regulatory environment to help ensure the safe and secure 
transportation of vital materials. Because of this shared 
responsibility, it's essential that we partner with everyone across 
Dow's supply chain as well as government agencies at all levels to 
evaluate vulnerabilities continuously and ensure that safeguards are in 
place.
    Dow also has developed a comprehensive risk management system to 
ensure the safe and secure distribution of its raw materials, 
intermediates and products worldwide. Dow has implemented a 
comprehensive process for conducting reviews, audits and assessments of 
Dow and supply chain partner operations. Our Distribution Risk Review 
process also dates back to pre-9/11 times.
    We have implemented a number of programs to reduce inventories and 
the amount of high hazard material we have to ship, we require security 
seals on shipping containers, and have programs in place to ensure 
background checks for transportation workers.

Our Approach to Cybersecurity
    Dow has developed a company-wide cybersecurity management plan that 
includes incident management and business continuity, completed a 
comprehensive cyber security risk analysis based on the ISO information 
security standard (ISO/IEC17799), and integrated cyber and information 
security into our site vulnerability assessments.
    Dow fully recognizes that cyber security is an integral part of 
overall security, and has helped integrate cybersecurity into chemical 
sector security programs such as the Responsible Care Security Code. In 
addition, Dow helped form the Chemical Sector Cyber Security Program to 
establish management practices and guidance to support overall chemical 
industry cybersecurity. Dow is committed to information security as an 
integrated approach to security.

Effective Government-Public-Private Partnerships
    Dow has always embraced the partnership approach with DHS and many 
other governmental agencies. On the security front we work closely with 
almost every federal agency that has some homeland security role, 
including the Department of Transportation, Transportation Security 
Administration, Food and Drug Administration, Federal Bureau of 
Investigations, Federal Emergency Management Agency, Environmental 
Protection Agency, as well as state and local agencies and emergency 
responders. We strongly believe that coordination on all levels between 
public and private sectors is vital to protect critical infrastructure 
and effectively implement risk-based security programs.
    Dow has worked closely with U.S. Sandia National Laboratories to 
refine the security vulnerability assessment methodology we use today 
for our internal security vulnerability assessments and have piloted 
DHS's RAMCAP risk assessment methodology. Dow will continue to provide 
information and expertise--directly, and through the various industry 
associations or the Chemical Sector Coordinating Council.
    Dow is working closely with our supply chain partners--the Federal 
Railroad Administration, Transport Canada, Union Pacific Railroad and 
Union Tank Car--in developing the Next Generation Rail Tank Car that 
takes into account new security scenarios, improving safety 
performance, and utilizing track-and-trace technology. The U.S. Senate 
recently appropriated an additional $3 million in fiscal year 2008 for 
the FRA to conduct additional baseline testing of existing rail tank 
cars and the evaluation of an advanced tank car design and a prototype 
of a safer rail tank car.
    Dow was one of the first chemical companies to work with U.S 
Customs and Border Protection (CBP) to implement their Customs-Trade 
Partnership Against Terrorism (C-TPAT) security initiative. C-TPAT is a 
joint government-business initiative to strengthen overall supply chain 
and border security. Dow has been awarded the highest level of 
recognition and approval in the program. Only a fraction of all 
companies that have applied for membership in the C-TPAT program have 
achieved this premier (Tier Three) status.

The Chemical Facility Anti-terrorism Standards (CFATS)
    Dow has continually advocated for uniform, national, risk-based 
performance standards for chemical facility security--allowing the 
chemical facility to reduce the vulnerability by using the appropriate 
combination of tools for that site including physical security upgrades 
that could include one or more options such as additional deterrence 
and delay mechanisms, safety devices, stronger containment, 
impenetrable seals and well trained personnel; or to utilize inherently 
safer approaches through process improvements such as by reducing 
quantities in process or inventory, changing to safer materials and 
improving process designs.
    Compliance with the new Chemical Facility Anti-terrorism Standards 
requires a great commitment of resources by the regulated community. 
However, Dow, to a great extent, has already assumed the burden and 
costs of security at its chemical facilities as part of its corporate 
responsibility. As a leader in chemical facility safety and security, 
Dow believes national standards enforced by DHS are necessary to 
elevate the security preparedness of all high risk chemical facilities 
in the U.S., regardless of the operator. We believe anyone or any 
facility that manufacturers, uses or possesses materials in hazardous 
quantities should be required to implement risk-based security 
measures.
    Clear, strong, and consistent performance standards (as Congress 
has mandated for commercial aviation, nuclear power, or maritime 
commerce) must be applied uniformly to all facilities nationwide to 
ensure effective national security and oversight. Consistency is 
critical to our county's success in addressing the security of the 
chemical industry and our nation's critical infrastructure in general. 
Consistent risk-based performance-based regulations, standards and 
guidelines; consistent planning, integration and implementation of 
those plans from top to bottom, from the National Infrastructure 
Protection Plan (NIPP) to the state and local response organizations to 
the chemical industry site response team--bringing all the resources 
and plans together under an integrated incident management system.
    DHS must work with all levels of federal, state, and local 
government to ensure that the performance goals are met, but without 
creating conflicting and competing programs on how a facility much 
achieve those goals. States have a critical role to play in protection 
of the homeland and we coordinate every day with state and local 
governments on emergency preparations, response, and environment health 
and safety.
    Dow is also cognizant that states and localities may have unique 
security issues that may need to be addressed through State Law. For 
instance, because of geographical location or population density, a 
state may wish to add an additional risk-based performance standard 
that supplements, but does not conflict with, the DHS regulation. To 
ensure the national standard provided by Section 550 and the proposed 
rule will not be frustrated and that conflict will not occur, Dow 
believes that a coordinated effort between federal and state 
authorities is necessary, before such supplementary State Law is 
enacted.
    Dow continues to support the Rule's underlying premise of 
establishing risk-based performance standards for the security of high-
risk chemical facilities. Dow also supports the stated purpose of 
Appendix A and the Topscreen approach--to be sufficiently inclusive of 
chemicals and quantities that might present a high level of risk 
without being overly inclusive and therefore capturing facilities which 
are unlikely to present a high level of risk. However, Dow is concerned 
that given the broad and expansive nature of the draft Appendix A list, 
thousands of relatively low risk facilities could be swept up by the 
Rule, thereby diluting DHS' resources and enforcement capacity and 
defeating the intended focus on ``high risk'' chemical facilities. DHS 
has indicated that it is working to revise this list to incorporate 
comments and feedback from the rulemaking process. It is our hope that 
the Department will address these specific concerns.
    Finally, Dow has concerns regarding the impact of the sunset clause 
on DHS's authority to fully implement CFATS. For too long, Dow and 
other industry leaders have made significant voluntary investments to 
improve security and we've done a good job on our own. These new 
regulations go a long way in standardizing security requirements and 
ensuring that high risk chemical facilities have taken the necessary 
steps to evaluate risk and address vulnerabilities.

Conclusion
    In closing, only through a comprehensive, uniform and risk-based 
approach can we protect the people and communities of our nation as 
well as our nation's critical chemical infrastructure. We are 
encouraged by the leadership of Congress and the continued partnership 
environment and drive to implement CFATS by DHS. We believe it is long 
overdue.
    Thank you and I'd be happy to answer any questions.

                              ATTACHMENT A



For more information: www.dow.com/security

                              ATTACHMENT B

 History of The Dow Chemical Company's Leadership in Chemical Security

1985
    The Dow Chemical Company implements CAER (Community Awareness & 
Emergency Response)--formalizing the company's long-standing efforts to 
provide ongoing training, awareness and support to local emergency 
responders and communities.

1986
    Dow forms TransCAER with Union Pacific Railroad program to assist 
communities on shipment routes.

1988
    Dow establishes multi-level contingency plans and integrates into 
corporate crisis management plans (plans implemented following 9/11).
2000
    Dow recommits to its participation in the U.S. Coast Guard's 
Chemical Transportation Advisory Committee (CTAC).

Following 9/11
Under Dow leadership, American Chemistry Council rolls out Responsible 
Care Security Code.
         Dow commences global assessment of its manufacturing 
        facilities and supply chain operations going beyond security 
        code and applying it to all facilities world-wide.
         Dow partners with Association of American Railroads & 
        Class 1 railroads to evaluate vulnerabilities and define 
        security measures (Railroad Security Management Plan).
         Under Dow leadership, an industry team develops best 
        practice guidelines for transporting hazardous chemicals. 
        Chlorine Institute adopts guidelines as mandatory for all 
        members.

2002
         Dow senior leader Kathleen Bader is named by President 
        to U.S. Homeland Security Advisory Council.
         Dow Distribution Risk Review Process is significantly 
        upgraded to include potential terrorism scenarios and enhanced 
        security countermeasures.
         Under Dow's direction, The Chemical Sector 
        Cybersecurity Program is established to coordinate sector's 
        activity and align with U.S. Government's National Strategy to 
        Secure Cyberspace.

 2002--2005
         Dow joins U.S. Customs & Border Protection's C-TPAT 
        (Customs Trade Partnership Against Terrorism) program and is 
        first chemical company to achieve highest level of recognition.
         Dow joins Canada Partners in Protection program.

 2002--2003
         Dow assists in development and pilot program for U.S. 
        Government's Sandia National Labs Risk Assessment Methodology. 
        Dow collaborates with Sandia Labs on transportation security 
        issues.
         Dow leaders advise in development of Center for 
        Process Safety's Alternate Risk Assessment Methodology (CCPS 
        SVA) used by majority of Industry.

2003_2004
         Dow sites participate in U.S. Department of 
        Transportation's National Hazmat Truck Safety & Security 
        Operational Test & Delphi Panel to evaluate security 
        technologies for highway shipment.
         Dow participates in Strategic Council on Security 
        Technology's Smart & Secure Tradelanes (SST) Initiative to 
        evaluate use of new technologies to improve end-to-end supply 
        chain security for international cargo shipments.
         Dow Chief Security Officer Tim Scott is named by DHS 
        Secretary to National Maritime Security Advisory Council.
         Dow senior leader David Kepler joins U.S. Chamber of 
        Commerce Homeland Security Task Force.
         Dow makes first public statement calling for U.S. 
        national legislation to regulate all chemical facilities;
        Dow continues to press for uniform, national risk-based 
        standards to this date.
         Dow leads group of industry CEOs to conduct sector 
        wide assessment of chemical industry cyber vulnerabilities.
    Dow sites in 12 countries outside U.S. leverage Responsible Care 
Security Programs to demonstrate compliance with International Maritime 
Organization's (IMO) International Ship & Port Facility Security Code.

2004
         Dow leadership drives incorporation of security 
        considerations into Chemical Distribution Institute (CDI), 
        ACC's Responsible Carrier Program & Global Safety & Quality 
        Assessment System (SQAS) of European Chemical Industry Council 
        (CEFIC) for evaluation and qualification of logistics service 
        providers.

2004_2005
         Dow leader Tim Overton serves on Chemical Sector 
        RAMCAP Committee to help drive development of DHS's Chemical 
        sector version of its new risk assessment methodology.
         Under Dow leadership, DHS is urged to include 
        Cybersecurity criteria as component in RAMCAP.
2005
         Dow leader Tim Overton represents chemical sector on 
        American Society of Manufacturing Engineers RAMCAP Standards 
        Committee.
         Dow unilaterally requires high-security seals on all 
        cargo containers worldwide.
         Dow completes first round of Site Vulnerability 
        Assessments & Upgrades and commences a second round.
         Dow leadership in Brazil drives adoption of 
        Responsible Care Security Code & Transportation Guidelines by 
        national chemical industry association (ABIQUIM).
         Dow senior leader David Kepler appears before U.S. 
        House Committee on Science calling for government focus on 
        significant threats to our national telecommunications 
        infrastructure and high-risk cyber threats.
         Dow conducts comprehensive, mutli-disciplinary effort 
        internally to evaluate security needs and challenges in China 
        and other emerging markets.
         Dow participates in Legal Obstacles Subgroup of the 
        Information Sharing Task Force of the Homeland Security 
        Advisory Council.
    Under Dow leadership, Industry works closely with U.S. Government's 
Idaho National Labs to develop Cybersecurity Awareness Program for 
Industrial Control Systems.

2005_2006
         Dow AgroSciences implement life-cycle cylinder 
        tracking program using combination of technologies including 
        RFID and GPS to improve security of 60,000 cylinders.
         Dow leadership drives complete update and revision of 
        Chemical Industry text book on transportation risk management.
         Dow assists in the development of the Chemical Sector 
        Specific Plan under National Infrastructure Protection Plan.

2006
         Dow leader Tim Overton serves on DHS/Oakridge National 
        Labs Committee to develop Screening Criteria to be used for DHS 
        in implementation of RAMCAP program for Chemical Facilities.
         Dow Chief Security Officer Tim Scott participates with 
        DHS Secretary Chertoff in first National Security Forum on 
        Chemical Security calling for national regulation of chemical 
        facility security.
         Dow forms unprecedented Independent Advisory Panel on 
        Chemical Security.
         Dow announces Next Generation Rail Tank Car, a joint 
        project with Union Pacific and Union Tank Car to provide a step 
        change in safety and security performance.
         Dow reaches out to fellow chlorine producers to 
        establish Chlorine Rail Tank Car Development Coordination 
        Panel; participating companies must commit to replacing 
        chlorine fleets with tank cars with improved safety and 
        security attributes by 2017.
         Dow launches project to put GPS tracking and condition 
        monitoring sensors on all chlorine rail tank cars by 2007 and 
        other highly hazardous materials by 2008.
         Dow announces commitment to reduce shipment of highly 
        hazardous materials by 50% by 2015 and a renewed commitment to 
        TRANSCAER over next 5 years to touch every community with 
        public awareness and emergency responder training where highly 
        hazardous materials move.
         Dow senior leader Gary Veurink addresses Center for 
        Chemical Process Safety to reiterate Dow's call for national 
        Chemical Security legislation.
         Dow makes global site security vulnerability/risk 
        reduction commitments for manufacturing sites to be reached by 
        2010.
         Dow is honored with U.S. Maritime Security Conference 
        award for Maritime & Supply Chain Security.
         Dow Chief Security Officer Tim Scott is selected as 
        Vice-Chairman of Chemical Sector Coordinating
         Council to coordinate security efforts across the 
        industry with DHS.
         Stanford University Study recognizes Dow as one of ten 
        ``Innovators in Supply Chain Security.''
         Dow Chief Security Officer Tim Scott is named one of 
        ``25 Most Influential Security Executives'' by Security 
        Magazine. 
        
        

    Ms. Jackson Lee. Thank you, Mr. Scott.
    Mr. Alexander.

  STATEMENT OF JOHN ALEXANDER, HEALTH AND SAFETY SPECIALIST, 
 HEALTH SAFETY AND ENVIRONMENT DEPARTMENT, UNITED STEELWORKERS

    Mr. Alexander. I would like to thank Chairwoman Jackson Lee 
and the committee for allowing the United Steelworkers to share 
their concerns about the chemical security regulations.
    The first item that I wanted to bring up was worker 
involvement. The current proposals do not provide for 
involvement by workers or their labor representatives, in 
contrast with other similar regulations also aimed at public 
safety. We believe that such involvement is essential to 
chemical plant security. Anyone who has worked in a chemical 
plant knows that the workers know better than anyone where the 
weaknesses are and what needs to be addressed in order to make 
a facility safer. And not to, in this particular piece of 
legislation or regulation, not to include the workers we 
believe is a very big mistake. If you check just some of the 
other regulations that already exist, for the most part they do 
have clauses in there that require worker participation in 
addressing those problems.
    The Top-Screen process, we made some recommendations in the 
first round that they have a list of chemicals in order to 
figure out how they were going to use the Top-Screen process. 
And we are glad to see that the Department of Homeland Security 
adopted that type of a process in order to make the 
determination who would have to complete it. But by the same 
token, now that we look at the list, we have over a hundred 
chemicals that, if you have any amount whatsoever, will require 
Top-Screen process. And we have to question how much of a 
strain that is going to put on the Department of Homeland 
Security for facilities that have those chemicals, some of 
those chemicals that will serve as no risk whatsoever. And at 
the same time, we have chlorine listed at 7,500 pounds. 
Anything under 7,500 pounds will not have to complete a Top-
Screen process. And we have to just question where and how they 
came up with some of the lists of the chemicals.
    The risk assessment and risk-based tiering, we are 
wondering why we have to have four different tiers. In the 
regulations, it reads what the highest-risk process, what would 
have to be required that those companies complete. And if you 
read that list, there is nothing in that list that the lowest-
tier facility should not be doing. So we don't understand why 
you need so many different tiers. Either you got a high risk, a 
low risk or no risk. And you need to make it pretty simple. Why 
make it complicated? It is a pretty simple thing. You don't 
need extra tiers to complicate the issue. And we don't 
understand why we are going the way we are going. If you have a 
low risk, you obviously ought to be doing the same thing you 
are doing in high-risk facilities as far as security and so 
forth and so on, on the list.
    Safer technology, inherently safer technology. We can't 
understand in any way, shape or form why inherently safer 
technology is not at least a recommendation, let alone a 
requirement in these regulations. The easiest and safest way to 
take a facility that is a high-risk threat to turn it into not 
a threat would be to use inherently safer technology. So that 
is not just chemical substitution but also when you change your 
processes for emergency shutdown. You hit one button, it closes 
all your valves on the system, so that if there is an attack 
and if there is a release, you can shut the whole system down 
almost instantly so that it doesn't turn into a larger, 
catastrophic event.
    Our release systems, probably 20 to 30 percent of the 
facilities in the Nation, we had a lot of laws passed in the 
late 1970s and early 1980s that the chemical facilities would 
have to have their release systems go to a controlled 
atmosphere rather than the atmosphere, but a lot of the 
companies chose not to do that because it wasn't feasible; it 
would cost too much money. That is inherently safer 
technologies. If you want to reduce the damage that would be 
done if there was an attack, then you should have release 
systems going to controlled systems, which you don't.
    Background checks. The background checks, I have already 
just a few months ago, when I was investigating a fatality at a 
power plant, was refused entry because of the new, quote, what 
I was told, the new regulations from the Department of Homeland 
Security that would not allow me entry because I didn't have a 
background check. I am guaranteed entry by the National Labor 
Relations Act. And there is nothing in these regulations that 
protect our guarantees or rights that we already have. And 
already we are being denied entry into facilities where we are 
required to conduct investigations when workers are seriously 
injured or killed.
    Access to information, another issue. There is nothing in 
the regulation that protects our rights to access to 
information. If you read everything that is written on critical 
vulnerable information, critical vulnerable information, 
depending upon whose interpretation of what it is, could 
include information that we are allowed and permitted to have 
to protect workers, the community and other folks that might--
even the management of the plants, to protect the people that 
could be overexposed. And critical vulnerable information can 
deny us those rights. There should be something written in here 
that in no way any of our rights that are guaranteed by OSHA, 
the EPA or any other agency be denied because of the Department 
of Homeland Security regulations.
    There is much more in-depth information in the written 
testimony that I submitted, and I would hope that everyone on 
the Committee would take a look at it. And just in summary, 
what I would like to say, some of the most fundamental 
protections that one would expect to be identified in the 
Department of Homeland Security regulations are missing. The 
involvement of workers and their representatives in all aspects 
should be there. The use of inherently safer technologies, the 
ambiguity of terms, the unwarranted background checks and the 
possible classification of information used to protect workers 
and the public, and the lack of the government accountability 
on all those issues beg to be addressed.
    One last thing on the background checks. I don't understand 
what anyone would hope to find on an employee who has been 
working in the facility for 20 years and conducting a 
background check that is going to identify them as a terrorist.
    [The statement of Mr. Alexander follows:]

                  Prepared Statement of John Alexander

    Honorable Bennie Thompson and Members of the Committee, the United 
Steelworkers (USW) appreciates the opportunity to appear before the 
U.S. House Committee on Homeland Security and the Subcommittee on 
Transportation Security and Infrastructure Protection. My name is John 
Alexander; I am a health and safety specialist for the USW's Health, 
Safety and Environment Department at our international headquarters in 
Pittsburgh, PA.
    The testimony I present today is to examine the Department of 
Homeland Security's (DHS) chemical security regulations and its effect 
on the public and private sector.
    The full name of our union is the United Steel, Paper and Forestry, 
Rubber, Manufacturing, Energy, Allied-Industrial and Service Workers 
International Union, AFL-CIO.CLC, but we have a short name more common 
in use, which is the USW. As the largest industrial union in North 
America, we represent a total of 850,000 active workers employed all 
across North America. The USW represents approximately 50,000 workers 
in chemical plants, oil refineries and other workplaces that produce, 
use or store significant quantities of highly hazardous chemicals. 
However, using the DHS definition that specifically applies to chemical 
facilities, the USW represented workers exceeds the 50,000 figure by 
tens of thousands.
    We have a keen interest in effective standards protecting our 
members, their families, and the general public. Along with other 
organizations, we worked hard for effective legislation in the last 
Congress and we continue that work. The provisions attached to the DHS 
appropriations bill late last year did not meet all our objectives, but 
it did provide a useful starting point. Unfortunately, the USW 
continues to have grave concerns on how some of the issues are being 
addressed. Some of the current proposals will do little to enhance the 
security of chemical facilities or the safety of workers and the 
public. We will summarize our comments below, and deal with each in 
more detail in a subsequent section.

Comment 1: Worker Involvement
    Summary--The current proposals do not provide for involvement by 
workers or their labor representatives, in contrast with other similar 
regulations also aimed at public safety. We believe that such 
involvement is essential to chemical plant security.
    The recent Chemical Facility Anti-Terrorism Standards-Proposed Rule 
lacked requirements for employee and union representative's involvement 
as does 6 CFR part 27.

For example:
    ``The site visits are conducted by DHS protective security 
professionals, subject-matter experts, and local law enforcement, along 
with the facility's owners and operators.'' (p. 78278)
    In other rules, such as OSHA's General Industries Standards (29 CFR 
1910), the government encourages employee and employee representatives 
to be present during their site visits. To not involve some of the most 
informed employees and representatives is not to utilize one of the 
best assets to the adoption of a successful program. Workers are in a 
unique position to identify and prevent potential facility 
vulnerabilities. They understand just where an intruder might enter a 
plant; whether or not security guards are doing their job; the location 
of volatile materials; whether the facility is sufficiently staffed 
with trained personnel; if backup control systems properly operate; as 
well as other potential risks. Because of their concerns about 
workplace safety and health, they routinely point out hazards to 
management. Workers also are often required to respond during 
emergencies, and in doing so, function as both the first and last line 
of defense against a disaster. Workers and their unions can be vital 
participants in plant safety and security. To be fully effective, 
worker participation must be supported by strong whistleblower 
protection.
    Although the appropriations legislation authorizing the rule is 
silent on this subject, it certainly does not bar worker and union 
involvement. DHS could and should take guidance from the history of the 
legislation. The bills that emerged from the committees of jurisdiction 
in the House and Senate (H.R.5695 and S.2145) both contained worker 
participation and whistleblower protections. Other jurisdictions have 
also dealt with this issue. The State of New Jersey's Toxic Catastrophe 
Prevention Act, (N.J.S.A. 13:1K-19 et seq.) and New Jersey Department 
of Environmental Protection Administrative Order 2005-05 establishes 
procedures for participation by employees and their representatives. 
Any DHS legislation should include a requirement for worker and union 
involvement in all facets of the operations including the security 
plans, top screen process, safe operations and emergency shutdowns.

Comment 2: Top Screen Process
    Summary--Top Screen Process required by facilities containing 
certain amounts of chemicals is out of line. High level of Risk is not 
properly defined. Leaving the definition to the discretion of anyone or 
any agency with no specified parameters leaves open the possibility of 
misinterpretation of the Department's intent, and could create 
difficulties and inconsistencies in application of the rule.
    The Top Screen process is a process that will provide information 
to the DHS in order to make the determination at what level of security 
risk the facility will be designated.
    T2``A fundamental question posed by Section 550 is which facilities 
it covers. Section 550 specifies that the provision ``shall apply to 
the chemical facilities that, in the discretion of the Secretary, 
present high levels of security risk.''. . .''
    In 6 CFR part 27 Appendix A, a list determining the amounts of 
chemicals located at a facility will determine whether the facility 
will be required to perform a Top Screen.
    More than a hundred of those chemicals are listed at any amount of 
possession. We believe many of these chemicals are listed at 
unreasonably low amounts. Having many of these chemicals on site at 
such low amounts would in no way place a site at a high risk level. By 
requiring all of such facilities to perform a Top Screen would present 
two major problems. First, it is inappropriate to require a facility to 
perform a Top Screen just because it has any amount of some of the 
chemicals listed. This will place an unjust burden on facilities that 
would never be considered a target. Secondly, the inordinate number of 
facilities that would be sending their Top Screen to the DHS would 
over-burden the department requiring them to address and reply to those 
facilities informing them that they are at the no risk tier of the 
tiering system. The DHS could well better spend their time ensuring 
that High Risk Level facilities are addressing their security issues.
    The problem presented with the determination of High Risk Level is 
that it is up to the DHS to make that decision. Better parameters or a 
specific definition would better serve the DHS.
    The absence of a definition also leaves no room to discuss what the 
parameters for inclusion should be. It is all up to the Secretary. In 
addition, the proposal seems to invite the Secretary to determine 
coverage on a case-by-case basis, creating long delays in 
implementation.

Comment 3: Risk Assessment and Risk Based Tiering
        Summary--Risk Based Tiering should be kept simple. The three 
        categories should be: High Risk, Low Risk, and No Risk. To do 
        otherwise is to create confusion where it is not needed.

        The proposal states:
    ``As a practical matter, the Department must utilize an appropriate 
process to determine which facilities present sufficient risk to be 
regulated.'' (p. 78281)

But then:
``The Department may draw on many sources of available information. . 
.''
``The Department may also seek and analyze. . .'' ``The Department 
proposes to employ a risk assessment methodology system very similar to 
this RAMCAP Top-screen process. . .''
``The proposed regulation would permit the Department to implement this 
type of Top-screen risk analysis process to screen facilities.''
    What type? DHS ``may'', ``may also'', ``very similar to,'' does not 
define what their method will be. The only description the Department 
offers is that ``the department has worked with the American Society of 
Mechanical Engineers (ASME) and others to design a RAMCAP ``Top 
Screen'' process. . .'' There is no comprehensive explanation of what 
the method will be. This is especially troubling given the fact that: 
``As noted, the statute gives the Secretary unreviewable discretion to 
make this determination.''
    No one, not even the Department, seems to know what method will be 
used. But, the Department claims to have unreviewable discretion in 
implementing the method. The Department should define what the method 
entails so that constructive comments can be made on whether or not the 
method should be refined. How can one comment on that which is not 
described? Who are the others who helped design what the Department may 
use? Were there workers, workers representatives, Union Health, Safety 
and Environmental Specialists, other Governmental Specialist, (i.e. 
OSHA, EPA etc.) consulted?
    DHS should first define the method, and then ask for comments. We 
cannot blindly comment on that which is not explained.
    ``The Department believes that the ``risk-based performance 
standards'' and the Section 550 Program should indeed incorporate risk-
based tiering''. (p. 78283)
    The Department shall place covered facilities in one of four risk-
based tiers, ranging from highest risk facilities in Tier 1 to lowest 
risk facilities in Tier 4.
    The Department then seeks comment on how to differentiate 
requirements based on tiering. Later the document proposes that a high 
risk facility will have different requirements than a lower risk-base 
tiered facility.
    6 CFR Sec. 27.230 now identifies the steps a High Risk facility 
will be required to perform. None of those listed are items that a Low 
Risk facility shouldn't perform.
    In order not to complicate this issue further, DHS should simply 
identify the criteria for those facilities that will be regulated or 
not. If the DHS otherwise insists on having tiers, than the tiers 
should be limited to high or low risk. It may be futile or even 
counterproductive to try to determine which facility is more prone to 
an attack. In fact, a terrorist might choose a lower-tiered facility 
because it is classified as lower risk, with less stringent security 
requirements.
    An attempt to delineate what items should be performed for four 
categories is an exercise in futility. That is not to mention a 
quagmire for the DHS for enforcement and an undue burden on the 
facilities.

Comment 4: Safer Technology
        Summary--Safer Technology, there is no requirement or 
        suggestion to apply inherently safer technology and or changes 
        to the process to lower the risk of a facility. This lack is 
        perhaps the greatest defect in the regulation.
    The proposal never addresses the use of inherently safer 
technology. Such a provision was not required by the legislation, but 
neither is it barred. Safer processes may not be feasible in some 
circumstances, but they should at least be considered in any security 
plan. Many safety measures may be possible without expensive redesign 
or new equipment. Safer fuels or process solvents can be substituted 
for more dangerous ones. The storage of highly hazardous chemicals can 
be reduced. The lack of any requirement even to consider such measures 
is the greatest failing of the proposal and regulation.
    Safer Technologies include but are not limited to changes in the 
process that would reduce the possibility or likelihood of an attack 
turning into a major catastrophe. Yet, nowhere in the standard is this 
even addressed. If in fact, we are attempting to reduce the likelihood 
of an attack of a chemical facility or the effects thereof, then it is 
unconscionable that inherently safer technology goes unaddressed in 
this legislation.

Comment 5: Other Missing Provisions
        Summary--Other missing provisions, the proposal would provide 
        far greater protection by including provisions requiring the 
        employment of sufficient and qualified personnel in order to 
        meet the DHS requirements; strengthening the recordkeeping and 
        reporting requirements for process malfunctions or any 
        attempted terrorist attack; defining the need for emergency 
        response, safe shut down, evacuation and decontamination 
        procedures in case of an attack or malfunction; and effective 
        training requirements for workers in covered facilities.
    The proposal lacks many other requirements that would greatly 
enhance security in chemical facilities, and mitigate releases of 
highly hazardous chemicals, either through a terrorist attack, or from 
industrial accidents. A partial list includes: requiring the employment 
of sufficient and qualified personnel in order to meet the DHS 
requirements; strengthening the recordkeeping and reporting 
requirements for process malfunctions or any attempted terrorist 
attack; defining the need for emergency response, safe shut down, 
evacuation and decontamination procedures in case of an attack or 
malfunction; and effective training requirements for workers in covered 
facilities.

Comment 6: Background Checks
        Summary--Background checks, although there is some 
        justification for background checks for new hires, background 
        checks for current workers are unlikely to identify potential 
        terrorists, and could create opportunities for discrimination.

        The DHS proposes:
    ``A proposed standard on personnel surety would require covered 
facilities to ``perform appropriate background checks on and ensure 
appropriate credentials for facility personnel, and as appropriate, for 
unescorted visitors with access to restricted areas of potentially 
critical targets'' (p. 78286)
    Conducting background checks on current, long-term employees of a 
high risk facility is unlikely to identify a potential terrorist. 
However, conducting background checks will open the Pandora's Box of 
ways that the gathered information can be misused. Millions of workers' 
right to privacy could be violated by such an order in an attempt to 
identify that which is extremely unlikely. Countless dollars will be 
spent for that which the DHS claims is necessary, but is not. 
Significant amounts of time will be spent prosecuting those who will 
misuse the information gathered in an illegal fashion. Time and money 
will be spent defending those who will be unjustly treated by 
information gathered by a background check. Some of this might be 
justified for new hires, who could potentially seek employment in order 
to commit a terrorist act. But it is very unlikely that long-term 
employees will turn out to be terrorists, or that they will be caught 
by any reasonable background check.
    Some of the potential problems with background checks might be 
avoided by placing strict limits on access to, and the use of personal 
information required by the rule. That should certainly be done if 
background checks are required for new hires. However, ensuring that 
background checks are fair and accurate will require a significant 
allocation of resources by DHS, with very little return in the case of 
long-term employees.
    In the proposal there is no provision protecting individuals who 
need occasional access to these facilities from being unjustly delayed 
by a background check. For example, labor unions have a duty to their 
members to investigate accidents in the workplace. Prompt access is 
absolutely essential in order to acquire vital information. Background 
checks could easily be misused to disallow prompt access. Investigators 
and or experts in their field do also require prompt access.
    On 4-24-07, I was assigned to investigate a fatality of one of our 
members that took place at a Power Plant. The company refused entry 
based on the ``New DHS regulations''. After hours of discussion, I was 
able to persuade the company to allow entry. We already are being 
denied access that is protected by the National Labor Relations Act 
simply because the DHS refused to address that the DHS regulation would 
not interfere with rights guaranteed by previous legislation.
    These entries are protected by other federal laws which 550 says 
this rule is not to abridge. The PL109-295 Homeland Security 
Appropriations Act of 2007 Section 550 (f) states: ``Nothing in this 
section shall be construed to supersede, amend, alter, or affect any 
Federal law that regulates the manufacture, distribution in commerce, 
use, sale other treatment, or disposal of chemical substances or 
mixtures.'' The DHS should provide language that will guarantee prompt 
access to labor representatives and others. The language in the 
proposal could be interpreted to be in conflict of rightsguaranteed by 
the National Labor Relations Act. Provisions should also be provided 
that describe how the DHS anticipates such inevitable conflicts will be 
adjudicated.
    One solution would be to include requirements for escorting 
individuals that are called into a facility, such as contractors, to 
perform a variety of work that has not had background checks.

        Later the proposal states:
    ``. . .the Department will consider appropriate grounds for denying 
access or employment to individuals when their background check reveals 
an anomaly. In a different context, the Department has developed a list 
of ``disqualifying crimes,'' as part of a threat assessment process, 
that prevent individuals from gaining access to certain facilities or 
privileges. See 46 U.S.C.70105 (c); 71 FR 29396. . .'' (p. 78284)
    What type of anomaly is the DHS expecting to find from a background 
check of a worker that would deny them employment? The DHS doesn't even 
bother with a definition of ``an anomaly''. Accessing the document 
referenced, one can identify the listed ``disqualifying crimes.'' 
Section (c) Determination of Terrorism Security Risk identifies several 
of the crimes that would disallow employment or access to covered 
facilities or critical processes. They are:
        (A) If a person ``has been convicted within the preceding 7-
        year period of a felony or found not guilty by reason of 
        insanity of a felony--
                (i) that the Secretary believes could cause the 
                individual to be a terrorism security risk to the 
                United States; or
                (ii) for causing a severe transportation security 
                incident;
        (B) has been released from incarceration within the preceding 
        5-year period for committing a felony described in subparagraph 
        (A);
        (C) may be denied admission to the United States or removed 
        from the United States under the Immigration and Nationality 
        Act (8 U.S.C. 1101 et seq.); or
        (D) otherwise poses a terrorism security risk to the United 
        States''. . .
    The possibility of using this information to terminate workers is 
painfully obvious. For example, in Ohio it is a felony to not pay two 
of the twelve months of the year required child support payments. One 
would hope that the Secretary would not be inclined to think of this 
individual as a terrorist. However, if he or she did, the employee 
could lose their job with no recourse.
    Nor has DHS explained what constitutes ``causing a severe 
transportation security incident''? A legal strike or lockout, or a 
work refusal over a safety issue might be considered by the employer to 
constitute a ``severe transportation security incident.'' The DHS needs 
to define these terms.
    These very questions arose in the past with regard to other rules. 
In some cases they were addressed. The Maritime Transportation Security 
Act and the HAZMAT CDL allow provisions for workers, who have committed 
what is considered a disqualifying crime, to be able to demonstrate 
that they are nonetheless not a security risk. The DHS has offered no 
such provision in this proposed rule or regulation.

Comment 7: Access to Information
        Summary--Access to information, the provisions regarding 
        vulnerability information is overbroad. Workers and the public 
        should have the right to know what risks they face. Guarantees 
        should be included that provide the right to information to 
        workers including site plans that have already been guaranteed 
        by previous legislation.

The DHS states:
    ``Section 550 (c) of the Homeland Security Appropriations Act of 
2007 provides the Department with the authority to protect from 
inappropriate public disclosure any information developed pursuant to 
Section 550, ``including vulnerability assessments, site security 
plans, and other security related information, records and documents.'' 
In considering this issue, the Department recognized that there are 
strong reasons to avoid the unnecessary proliferation of new categories 
of sensitive but unclassified information, consistent with the 
President's Memorandum for the Heads of Executive Departments and 
Agencies of December 16, 2005, entitled ``Guidelines and Requirements 
550 (c), however, Congress acknowledged the national security risks 
posed by releasing information relating to the security and/or 
vulnerability of high risk chemical facilities to the public generally. 
For all information generated under the chemical security program 
established under Section 550, Congress gave the Department broad 
discretion to employ its expertise in protecting sensitive security and 
vulnerability information. Accordingly, the Department proposes herein 
a category of information for certain chemical security information 
called Chemical-terrorism Security and Vulnerability Information 
(CVI).'' (p. 78288)
    If one analyzes this paragraph carefully, it states that DHS has 
authority to refuse disclosure of certain information. The information 
includes ``any information developed pursuant to Section 550, 
``including vulnerability assessments, site security plans, and other 
security related information, records and documents''. This also 
includes unclassified information. In summary, any information the 
Department places in its new category is Chemical-Terrorism Security 
and Vulnerability Information (CVI). The Department identifies the 
President's Memorandum and Congress as the source for the authority 
given to them to refuse the disclosure of CVI.

    The next paragraph reiterates this authority by stating:
    ``Congress also recognized that, to further the national security 
interests addressed by Section 550, the Department must be able to 
vigorously enforce the requirements of Section 550, and that these 
efforts may include the initiation of proceedings in Federal district 
court. At the same time, it is essential that any such proceedings not 
be conducted in such a way as to compromise the Department's ability to 
safeguard CVI from public disclosure. For this reason, Congress 
provided that, in the context of litigation, the Department should 
protect CVI more like Classified National Security Information than 
like other sensitive Unclassified information. This aspect of Section 
550 (c) has no analog in other sensitive unclassified information 
regimes.''
    In other words, DHS concludes they have the authority to treat CVI 
more like Classified National Security Information.
    In the next section, ``Protection from Public Disclosure,'' the 
proposal states:
    ``In setting forth the minimum level of security the Department 
must provide to CVI, Section 550 (c) refers to 46 U.S.C. 70103, which 
was enacted by the Maritime Transportation Security Act of 2002: 
``Notwithstanding any other provision of law and subsection (b), 
information developed under this section *** shall be given protections 
from public disclosure consistent with similar information developed by 
chemical facilities. . .''
    Later the proposal includes a very broad list of what could be 
considered CVI:
    ``The following information should be reviewed by the VA team as 
appropriate for determination of applicability as critical assets: 
chemicals, such as the Clean Air Act 112(r) list of flammable and part 
68 or the OSHA Process Safety Management (PSM) 29 CFR 1910.119 list of 
highly hazardous chemicals; inhalation poisons or other chemicals that 
may be of interest to adversaries. . .''
    There is no question that some information should be protected from 
public disclosure. Which tanks contain which chemicals is an example. 
At the same time, a potential terrorist with knowledge of chemical 
engineering will almost always be able to determine what chemicals may 
be on the site taken as a whole. Hiding that information from the 
public serves no legitimate purpose.
    There are good reasons for the public to have access to critical 
information about nearby chemical facilities. Community residents 
should have the right to know the risks they face, so they can work to 
reduce those risks. The information may also be necessary for effective 
emergency planning, and to protect vulnerable populations.
    CVI material should be limited to information generated by the 
proposed legislation. Any information that has been or can be 
independently gathered should not be considered CVI. Information such 
as PSM, EPA's Risk Management, Emergency Planning and Community Right 
to Know Act including Sections 311, 312, and 313, related records or 
any other such material need to be clearly defined that they do not and 
will not fall into the CVI category.
    Community, labor and environmental organizations fought for decades 
for the right to know about the hazardous chemicals that they were and 
are being exposed to in an effort to protect their very lives. It is 
estimated that more than 50,000 workers die each year from exposures to 
hazardous chemicals. To take away the right to know the names and 
hazards of the chemicals to which they are exposed would deny them the 
ability to protect themselves and ultimately result in increased 
illness and death.
    Unfortunately, the proposal couples an unacceptably vague 
definition of CVI with unbridled discretion granted the Secretary. DHS 
should replace these provisions with language precisely defining the 
information to be protected, based on a careful weighing of the 
public's right and need to know against the need to deny sensitive 
information to a potential terrorist. Those provisions should be 
subjected to full public notice and comment. Finally, there must be a 
mechanism to challenge determinations by the Secretary.
    6 CFR Sec 27 has not adequately addressed the above concerns. A 
provision should be added that ensures information designated CVI that 
has otherwise guaranteed access, shall not over-rule those preceding 
regulations. In addition, where 6 CFR Sec 27 identifies the inspection 
process by the DHS Inspector, a requirement should be added to include 
a designated union representative, designated by the local President, 
be present with the company representative during such inspection where 
a union is present in the company.

Conclusion
    Some of the most fundamental protections that one would expect to 
be identified in the DHS regulation are missing. The involvement of 
workers and their representatives in all aspects, the use of inherently 
safer technology, the ambiguity of terms, the unwarranted background 
checks, and the possible classification of information used to protect 
workers and the public, the lack of government accountability, are all 
issues that beg to be addressed.
    In addition, many of these issues and concerns were addressed 
previously in the Maritime Transportation Security Act (MTSA) and the 
HAZMAT CDL rule which were written for other groups of workers. 
Substantial changes and provisions were adopted protecting workers. It 
would do well for the committee to review all of the Acts or 
regulations that have been adopted on security and on health and safety 
more generally.
    We all want to protect our country and our citizens. But these 
regulations take away important rights while ignoring measures that are 
simultaneously more protective and more compatible with American 
democracy. If we proceed in the fashion outlined by DHS, the terrorists 
will have accomplished part of their goal.

    Ms. Jackson Lee. I will pose those questions to you, Mr. 
Alexander. Your time has expired. Thank you. We will put your 
statement into the record.
    Mr. Tahmassian, thank you for your presence here. We hope 
that we will be giving some corrected pronunciation to your 
name. Welcome.

STATEMENT OF ARA TAHMASSIAN, ASSOCIATE VICE PRESIDENT, RESEARCH 
                 COMPLIANCE, BOSTON UNIVERSITY

    Mr. Tahmassian. Thank you. I would like to thank you, Madam 
Chairwoman, and the committee for allowing me the opportunity 
to appear today. I am here today representing the higher 
education associations, and over 2,000 colleges and 
universities as its membership. I am, in real life, an 
Associate Vice President for Research Compliance at Boston 
University and Boston Medical Center, where I have a 
responsibility for research compliance, including safety and 
security at over 600 labs spread over 25 buildings.
    There are three main points that I would like to highlight 
for you today. First is the commitment that the higher 
education has to continue to comply with the new chemical 
standards. Second, I would like to convey to you the concerns 
of colleges and universities about the standards that were 
published in April of 2007. And finally, I would like to 
emphasize that we are encouraged with how the Department of 
Homeland Security has responded to some of our concerns.
    First, I wish to make it clear to the committee that 
colleges and universities are committed to safe conduct of 
research and teaching on their campuses. We recognize that all 
of us, including colleges and universities, must become more 
vigilant in the post-September 11th world. Universities have 
for years complied with an evolving set of Federal regulations 
governing health, safety and security, from OSHA to CDC, the 
Environmental Protection Agency, Department of Agriculture, and 
Nuclear Regulatory Commission to name a few. To meet these 
requirements, our institutions have assessed the risks of 
chemicals used on campus labs and have adopted appropriate 
safety measures for the protection of researchers and the 
environment. We are approaching the Department of Homeland 
Security chemical standard with the same commitment to 
compliance. Having said that, we hope that we can work with the 
Department of Homeland Security to align these new requirements 
with those already imposed on us by other Federal agencies so 
long as such alignment can serve both homeland security and 
other health and safety goals. And also we would like to ensure 
that whatever approach is taken to these rules, it doesn't 
inadvertently weaken the national security by hindering science 
and engineering research and education on our campuses.
    Let me briefly speak to the specific university concerns 
regarding the Chemical Facility Antiterrorism Standards. The 
higher education community was surprised to discover that the 
list of chemicals of interest which was published in appendix A 
in April included a number of compounds commonly found in our 
labs. If the rule were adopted with no further changes, it 
would apply virtually to every college and university, many 
hospitals, and certainly to some secondary schools. The final 
rule addresses risks posed by large chemical manufacturing and 
industrial facilities. It is not, in our view, well tailored to 
deal with the unique characteristics of colleges and 
universities, which have relatively small quantities of many 
different types of chemicals, which are dispersed over many 
labs and a multitude of buildings.
    These features of universities lead to two challenges. One 
is the completing of the Top-Screen as it is now designed. As I 
have already mentioned, the campus environment is 
decentralized, complex and, most importantly, dynamic. On any 
given day, some portion of the chemicals housed in the lab is 
being consumed in experiments, and in another, there are new 
ones being acquired. We have robust systems that were developed 
to ensure the safe handling and disposal of chemicals. These 
systems and these risk assessments do not require to track the 
day-to-day inventories. The proposed 60-day window for 
completing the Top-Screen inventory doesn't provide colleges 
and universities sufficient lead time to collect the required 
information for that purpose.
    . Secondly, our campuses may be required to undertake a 
vulnerability assessment and prepare security plans. And we do 
expect that some universities will be asked to develop and will 
fall into that category. We would like to see security plans 
that make sense for universities, which are operated 
differently, than industrial concerns.
    Having expressed this concern, I also want to commend the 
Department of Homeland Security for how it has already 
responded to our concerns. Specifically, the Department has 
recently begun working closely with the college and university 
community to develop a strategy for securing chemicals on 
campuses in a reasonable and effective way. I am pleased that 
the DHS has agreed to establish a working group of experts from 
the higher education community to consider rational and 
efficient strategies for inventorying and securing chemicals on 
our campuses consistent with the intent of the new standard. 
This consultation should result in a better rule, which would 
be easier to implement, much greater compliance, and less 
unintended destruction of teaching and research.
    In conclusion, I would like again to reemphasize that 
colleges and universities are committed to ensuring safety and 
security of education and research on campuses. We are grateful 
to Congress and the administration. We appreciate the 
importance of balancing security with the needs of the 
education and research. Thank you again for the permission to 
appear before you, and I would like to welcome any questions 
you may have. Thank you.
    [The statement of Mr. Tahmassian follows:]

                Prepared Statement of Dr. Ara Tahmassian

                              On behalf of

American Council on Education
Association of American Universities
Campus Safety, Health and Environmental Management Association
Council on Governmental Relations
National Association of College and University Business Officers
National Association of State Universities and Land-Grant Colleges
    I appreciate the opportunity to testify here today on behalf of the 
American Council on Education and several other higher education 
associations and the more than 2,100 colleges and universities that are 
their members. These institutions are a diverse group, public and 
private, small and large, offering associate's degrees through 
doctorate degrees as well as professional and post-doctoral research 
programs.
    I am the Associate Vice President for Research Compliance at Boston 
University and Boston Medical Center and am responsible for all non-
financial research-related compliance issues at both institutions. The 
university and its medical center have approximately 600 labs spread 
over 25 buildings on two campuses separated by approximately two miles.
    Before I explain some of the challenges universities and colleges 
face implementing the current Chemical Facilities Anti-Terrorism 
Standards, I am pleased to inform the committee that the Department of 
Homeland Security has been responsive to our concerns and has 
established a working group with experts from the higher education 
community to consider strategies for securing chemicals on our campuses 
in a reasonable and effective way. This partnership is in the early 
stages and discussions will continue throughout the summer to reach a 
consensus on how best to get the job done. We are very encouraged by 
these discussions and the Department's recognition that college and 
university campuses confront unique challenges in meeting the 
Department's goals.
    Colleges and universities are committed to the safe conduct of 
research and teaching on their campuses. Many colleges and universities 
function as small cities, complete with security forces and emergency 
response capabilities. They have long been subject to federal 
regulation governing health, safety, and security in research under the 
auspices of Occupational Safety and Health Administration, Centers for 
Disease Control, Environmental Protection Agency, Department of 
Agriculture, and the Nuclear Regulatory Commission. To meet the 
requirements of these agencies, institutions have to perform a risk-
based analysis of the chemicals being used and the general type of 
procedures being performed in order to determine the safety measures 
required for the protection of employees and the environment. These 
measures include requirements such as training, protective personal 
clothing and disposal methods. Extensive new regulations for the 
management of select agents, radioisotopes, and visa requirements for 
international students have been introduced since 9-11, and have 
expanded the requirements for physical security of certain campus labs. 
Congress and the administration have recognized in recent years that a 
thriving university-based research enterprise is critical to national 
and economic security. We anticipate that the Department of Homeland 
Security will take a similar approach to the chemical facilities rule 
and find an approach that does not inadvertently weaken national 
security by hindering science and engineering education and research on 
college and university campuses.
    Admittedly, the higher education community was taken aback when the 
Department published its interim final rule on Chemical Facility Anti-
Terrorism Standards in April. Not that we hadn't read the December 
notice of proposed rulemaking--we had, and concluded that universities 
would not be considered ``chemical facilities'' under the rule. The 
proposed rule seemed to be clearly designed to address security at 
chemical manufacturers and large industrial facilities that possess 
large amounts of hazardous chemicals. College and university 
laboratories do use chemicals, but under the control of faculty and 
investigators and in small quantities dispersed over many laboratories 
in numerous buildings. We were surprised to discover that the list of 
chemicals of interest published as Appendix A to the interim final rule 
in April included a number of compounds that are quite common in 
laboratories, often with a threshold of ``any amount.'' In our 
estimation, as originally published, the rule would have applied to 
virtually every college and university in the country, and probably to 
many hospitals, doctors' offices, and secondary schools as well.
    The Department consulted with some sectors of industry in 
developing the regulations, but it did not consult with colleges and 
universities about the level of risk and the best way to ensure 
security while avoiding any disruption of teaching and research. It is 
therefore not surprising that the rule and associated questionnaire 
(the Chemical Security Assessment (CSAT) Top-Screen) are ambiguous in 
several places if applied to the academic environment.
    The rule presents several serious concerns, which we hope to 
resolve with the Department over the next few months.
    First, completing the Top-Screen as it is now designed would be 
challenging for colleges and universities, especially within the short, 
60-day deadline. The research environment is decentralized, complex, 
and most importantly, dynamic. Some institutions have more than 1,000 
individual laboratories. Our research endeavors are not static but 
constantly changing as researchers adjust their approach and explore 
new questions. On any given day, some portion of the chemicals housed 
in these laboratories is consumed in experiments and others are 
purchased or prepared as mixtures. Most of these chemicals are stored 
in small containers, typically ranging in size from tiny vials holding 
a few milliliters up to five-gallon bottles. Unlike other types of 
industrial facilities, few institutions have centralized inventory or 
purchasing controls in place. Colleges and universities need sufficient 
time to set up systems to track specific items, if they are expected to 
meet new regulatory requirements.
    We have been assured that the Department is revising the list in 
Appendix A in response to comments and consultations, but we have not 
yet seen the results. Depending on the specifics, this may very well 
resolve a number of issues and provide relief for many smaller 
institutions of higher education. Because of the nature of our research 
facilities, we still need lead time after the list of chemicals of 
concern is finalized to put proper tracking systems in place.
    Our preliminary discussions with Department officials have 
indicated their willingness to consider the design of the Top Screen 
and the best way to collect useful information from colleges and 
universities.
    Second, once an entity has completed the Top Screen process, it may 
be required to undertake a vulnerability assessment and prepare a 
security plan. Most of us expect that some universities will be asked 
to develop a security plan. We appreciate the Department's performance-
based approach to the requirements for such plans but would like to see 
revised criteria for higher education institutions. We are encouraged 
that DHS has said the requirements for security plans will reflect the 
level of risk of attack, sabotage, or theft at a particular 
institution.
    We hope that we can work with the Department to develop a framework 
for university security plans that reflects an understanding of certain 
factors that are common across colleges and universities. Universities 
present a low risk for toxic release through theft, sabotage, or 
attack. The distribution pattern of chemicals across many laboratories 
on a campus reduces the risk of a toxic release on a significant scale. 
We are aware of the need to ensure the safety and security of our 
campuses and we have instituted appropriate measures.
    However, we also encourage a policy of open access to campus 
laboratories. We want all students, not just chemistry majors and 
doctoral students, to have hands-on research experience. At a time when 
there is a national concern about the availability of highly trained, 
creative scientists and engineers to lead our high-tech industries, we 
should do all we can to promote undergraduates especially to seek out 
research opportunities. Locking laboratory doors or limiting access to 
entire buildings may have the unintended effect of discouraging 
students from getting those first-hand experiences that at a minimum 
promote scientific literacy and, in some cases, may prompt a student to 
specialize in science.
    We hope that DHS will take a broad view of risk in its assessments 
of risk (or undertake a cost-benefit analysis) and will consider the 
potential effects on science and engineering education and the 
productivity of university research groups.
    As I said at the outset, we are pleased that the lines of 
communication with DHS are open. We are grateful that the Department of 
Homeland Security is willing to recognize the special circumstance of 
the education sector. Additional time for consultation about the level 
of risk on college and university campuses and the ways in which 
chemicals are handled, used, and stored will result in a better rule 
and greater compliance. We hope to reach agreement about the collection 
of relevant information about chemical inventories at colleges and 
universities and on common elements of security plans. Colleges and 
universities are committed to ensuring the safety of education and 
research on campus; we are grateful that Congress and the 
administration appreciate the importance of balancing security with the 
needs of education and research.

    Ms. Jackson Lee. Let me thank all of the witnesses for 
their instructive testimony. And as I begin my questioning, we 
will proceed by asking questions of each of you. If there is 
someone who desires to answer the question, or add to the 
answer or offer a different perspective of the witness that I 
questioned, please acknowledge, and I will be happy to expand 
this record. This is very key to, one, the oversight that we 
are responsible for, but at the same time it is a part of the 
instruction manual for a more extensive review of these 
questions of chemicals and the need for further legislative 
response. Several good points have been made here. But I do 
want to refresh the witnesses' memories. And as I do so, again 
let me thank Mr. Scott in particular, because we know the long 
history that Dow Chemical has had. It is a well-known American 
fixture, if you will. And it has a history of being attentive 
to these concerns. And so we appreciate the testimony that you 
have given. And as you reflect on my statements, your 
appreciation for your attentiveness, please also reflect on the 
points that I am about to make. Chemicals are benign until they 
are used in an untoward manner. So most of us would have 
considered fertilizer and ammonia somewhat benign prior to 
Timothy McVeigh. And now we look at ammonia and fertilizer and 
other elements and various moving trucks--I don't want to call 
on a particular name brand--somewhat suspiciously. That is why 
we are in this committee room today. I take with extreme 
seriousness and sensitivity a thriving chemical industry. I 
also reflect upon what Americans are used to, freedom, freedom 
to design, research, think, move goods. But unfortunately, and 
this statement I don't mind our enemies hearing, we have to 
turn more inward. We have to be more vigilant. And that is why 
we, if you will, established this committee, to include 
critical infrastructure, which is well known to be 
predominantly in the private sector. But we are acknowledging 
that creativity on chemical uses outside of the chemical plant, 
materials that could be secured, particularly at the 
universities, and we are certainly respectful of how attentive 
universities and some are probably becoming, but we do know 
that there is the very sure possibility that those who are 
intending to do harm can find any number of ways to use 
innocent products to do so. And I would like you to answer my 
questions in that backdrop so that we can be constructive as we 
proceed. I am acknowledging that DHS is in negotiations with a 
great number of those who have different perspectives. I will 
be asking them to provide us with a briefing as they move 
toward any decision-making. It will be very important that 
Congress is included in this loop, primarily because even from 
last week we live in a different time.
    Mr. Crowley, then my question to you, as I have asked 
Secretary Stephan, and would you expand on two aspects? One, 
the seam, I think that is a very important point, the seam of 
the travel of chemicals, whether or not we have enough funding 
as you perceive it, having been in government, to develop 
legislation along the concept of seam. Let me be very frank 
about jurisdictional issues. I think this should be a homeland 
security issue singularly, because it relates to security. But 
when you think of seam you might have jurisdictional questions, 
because a seam requires transportation modes. But, again, if it 
is transportation security, it falls in this subcommittee and 
Homeland Security. So the question of seam. And I don't know if 
you have had the opportunity to look at the regulatory scheme 
we put in place in last year's and then the appropriations 
language. I don't think we are finished. But whether or not 
there are sufficient resources, and as you listened to the 
Secretary, sufficient staffing that would give you the comfort 
that if you had to sit here today and say that we were moving 
toward securing ourselves against al-Qa'ida, that you would be 
able to say, with the backdrop of your experience, that we are 
almost there, that this is the right direction, that we don't 
need do any more. Mr. Crowley?
    Mr. Crowley. Yes, ma'am. I would say we are moving 
gradually in the right direction. What concerns me is I think 
as we have reflected upon what is happening in Iraq, for 
example, the threat is advancing faster than we are taking 
steps to meaningfully reduce risk. Your comment on the seam is 
dead on. Right now, we are treating chemical security as one 
phenomenon. We are treating rail security as a separate 
phenomenon. And I would encourage the committee at some point 
to try to put those together into a comprehensive approach. 
Right now, on the rail rule making, for example, the process 
comes down to keep the stuff moving, you know, through the 
system. I don't think that is adequate from a security 
standpoint. I absolutely--what Mr. Markey said about the gap, 
the chlorine gap, I think that is fundamental. Chlorine, as we 
see, is perhaps the chemical that already is in the sights of 
al-Qa'ida. And as I said in my testimony, if they ever get a 
chance to perfect what they are doing in Iraq, it will be on 
the Internet. It will be available and be an incentive for 
those who want to try to do something similar here. So finding 
ways to reduce the length of our supply chains I think is 
critical. And I think Mr. Scott and Dow have some ideas on how 
to best do that. I am gravely concerned, as I sit here and 
listen to Col. Stephan, and here we are, we are in the process 
of initiating and implementing a regulatory framework, and he 
is still looking ahead to funding and personnel that he doesn't 
have right now. I think there is a serious question, when you 
look at the Top-Screen is going to capture tens of thousands of 
chemical facilities in their tiering, they are likely to 
capture at least several thousand facilities in their tiering. 
And if you do the math, they have right now perhaps, you know, 
something like one person evaluating a thousand facilities. 
That is not going to work. It appeared to me that he was 
talking about having different kinds of oversight based on the 
level of risk. But we have to make sure that those areas that 
are clearly performing a critical security role, that function 
has to be reserved for government employees. And that is not an 
area that I think can be effectively done by the private 
sector.
    Ms. Jackson Lee. With nonclassified speculation, what 
magnitude of an incident could occur with chemical plants?
    Mr. Crowley. Madam Chairman, my metric in this whole thing 
exists right down the street from where we sit. If we 
eventually develop a chemical security regime that allows CSX 
to transport hazardous material, including TIH gases on the 
rail lines, two of them that go through Washington, D.C., 
because we recognize that the Capitol, for example, was a 
target on 9/11. Thankfully, they weren't able to get here. But 
if the regime allows that to happen, then I don't think we have 
genuine chemical security. So that is, I think, as we go along, 
we have to find ways to link chemical security, what is 
happening in the fence line, but the regime that DHS develops 
must take into account and assess the risk that is posed by the 
transportation of chemicals between a manufacturer and a user. 
The highest point of risk could well be in the middle of that 
supply chain. And if DHS's system is driven by an assessment of 
risk inside the fence line, without taking into account what is 
happening in the supply chains, then I don't think we will end 
up with real chemical security.
    Ms. Jackson Lee. Let me thank you. And before I go on to 
Mr. Scott, you mentioned Iraq. Let me mention it again, because 
there is an element of the lack of expertise that a layman, in 
quotes, maybe what is perceived to be a terrorist, a regular 
terrorist fighter, those terrorists that are being trained by 
the conditions in Iraq, which I think are well publicized and 
documented, that we are multiplying the number of terrorists, 
young terrorists, individuals that are keyed in to an incident 
in this country. Is there the necessity of extreme 
intelligence, technical training, years of experience to make 
something happen with toxic or explosive chemicals that have 
that base, Mr. Crowley? Is there a need--do you have to be 
vastly experienced to be able to participate in something 
dastardly happening?
    Mr. Crowley. Not necessarily. The good news is that as we 
move down the scale from----
    Ms. Jackson Lee. That is the bad news. The question was, do 
the terrorists have to be sophisticated, trained, knowledgeable 
Ph.D.'s to make something happen with chemicals?
    Mr. Crowley. Not at all. And the physicians in Glasgow and 
London, that is the good news and the bad news, they weren't 
successful, but all they needed was a better bomb maker. But 
they are focused on things that are familiar to them, and they 
are focused on familiar targets. And what is chilling to me 
about Glasgow and London is they got to their intended targets. 
They weren't discovered by intelligence agencies or law 
enforcement in advance. Thankfully, their bombs didn't work, 
but we can't rely on that every time. But the short answer is, 
these are highly educated people, but they are not necessarily 
scientists.
    Ms. Jackson Lee. Thank you, Mr. Crowley.
    Mr. Scott, it leads me to you and to, again, restate my 
appreciation for what Dow has done as a representative of the 
industry. And also to go right to what I understand has been 
discussed by Dow as its recognition of the different levels at 
which different States and their regulatory scheme is and Dow's 
willingness to accept different State rules and laws. Is that 
still what Dow is prepared to do, if there were States that had 
more secure regulations that your facilities were in or any 
chemical industry facility was in? Is it just the willingness 
to accept preemption?
    Mr. Scott. Before I answer that question, I would like to 
build on a couple of points that Mr. Crowley hit on if I could 
do that.
    Ms. Jackson Lee. If you could just answer this one yes or 
no, the preemption, are you willing to cede to some of the 
States that have different laws from the Federal Government?
    Mr. Scott. We think there should be a strong enough 
national law, national regulation in place that the States 
would say, that is strong enough; we don't need any more. But 
we recognize that there are areas where States have some 
special issues that they need to address. And if that is the 
case, we support the States' rights to put regulations in place 
to address those issues, as long as they are not in conflict 
with the national regulations.
    Ms. Jackson Lee. I thank you, and you may respond to some 
of the points that Mr. Crowley was making.
    Mr. Scott. Thank you. Just a couple of points. On the gaps 
between supply chain and site security, one of the things that 
we are really looking at with our integrated approach to 
security is just that. How do we build layers of security 
around critical assets on our sites and then extend those 
layers of security through the entire supply chain to our 
customers through any routes of modes of transportation to our 
customers? Because what we want to try to do is build a 
security line from beginning to end of the chemicals that we 
work with that our Nation needs. And we think that is a doable. 
That is a manageable project if we can get our arms around that 
and get everybody involved in that from all aspects. So we 
would support that. And the integration of our supply chain 
with our site security also allows you not to shift the risk 
from one area to another. You address the entire supply chain. 
The other piece of that is any gaps between--or the options on 
rail and security. There are toolkits out there of a wide range 
of tools that we can use to improve security, whether it is 
supply chain or whether it is at the site security, the 
physical security level. And what we are supporting is the use 
of any one of those tools, whichever tool makes sense to make 
the most effective improvement in security. Thank you.
    Ms. Jackson Lee. Let me pursue this line of questioning 
with you, and note that you have been a strong part of the 
Chemical Sector Coordinating Council, doing a lot on trying to 
enhance chemical security. And with that in mind, you have been 
a leader on the possible broadness of these regulations, sort 
of having a massive sweep of facilities with small quantities 
or other types of facilities, that may not be chemical, that 
might have small quantities. I pose the question in a way that 
we are all thinking now. A small amount of a chemical in one 
place and a small amount in 10 other places brings together a 
batch that may be deadly. And so in the spirit of trying not to 
inconvenience, are we truly true to our commitment, which is to 
secure the homeland? Is there not a better way than to take 
these small quantities off the lists? Can you expand on that, 
your view that it is too expansive and the regulations are 
drawing in some that do not need to be drawn in, but one small 
batch can be multiplied with other small batches? We are 
talking about the potential of terrorists who will use all 
means of creativity to do harm to this Nation. Mr. Scott?
    Mr. Scott. We think that DHS is taking a risk-based 
approach. The Top-Screen and the CFATS are taking risk-based 
approaches. And as far as the levels, the amounts of product or 
chemicals that are involved in appendix A, we haven't seen the 
final list yet, so we don't really know what is there. But we 
believe any facility, regardless of whether it is a chemical 
manufacturing facility or a very small facility that has a high 
risk of theft or diversion, off-site impact or anything that 
can be weaponized should be included in the regulations.
    Ms. Jackson Lee. What is your opinion about sunset?
    Mr. Scott. The sunset I believe sets up very perceived 
deadlines that rush the process or seem to rush the process. 
And we have seen a couple of cases, not just with DHS, but in 
other areas where, when you rush to a solution, you don't get 
the most effective solution. So a sunset, we think, just puts 
in some arbitrary or perceived deadlines. And we would like to 
see DHS be given the amount of time that is needed to 
effectively implement the implementation. We think they have 
taken significant steps in the right direction. We want to let 
them continue on down that path.
    Ms. Jackson Lee. Thank you for that. That is one issue that 
we are going to look at very closely, as to whether or not the 
sunset works for us or against us. I know that you are here 
with a very strong handle on the industry and a very strong 
sensitivity to the industry. Do you think we have a lot more 
work to do? Not every holder of chemicals is a Dow Chemical. 
And so I think it is important for Congress to hear it 
straight. Do we have a lot of work to do? Chemicals are held in 
many, many different facilities. Again, I have asked this 
question to each of the witnesses so far. Your opinion on that, 
please.
    Mr. Scott. We push very strongly for legislation just for 
that reason. We think that there are a lot of companies out 
there and a lot of associations that have taken a leadership 
position and put in voluntary security upgrades at their sites 
and the supply chain and done this on a voluntary basis. But we 
thought the need for regulation was there, and we have 
supported that because we need to get a lot of other players 
involved that need to be involved in the process.
    Ms. Jackson Lee. Thank you very much.
    Mr. Alexander, your employees are on the front line beyond 
the issue of security. Over the years we have seen coming from 
my part of the world, chemical accidents, explosions, loss of 
life. You mentioned your concern about the tiered risk system; 
everybody is at risk. You want to explain that further?
    Mr. Alexander. Well, in the regulations here, when it talks 
about a high risk versus low risk or other tiers, it identifies 
a list of issues that have to be addressed for a high-risk 
facility. And it insinuates, it doesn't say what would have to 
be done for the lower risk, but it insinuates that it would be 
a different list depending upon the associated risk. And our 
opinion is that the issues that are listed in there are issues 
that should be addressed at every facility, whether it is a 
high risk or a low risk. If you are going to say that, because 
it is a high risk, you need to follow that list that is in 
there, and if you did follow it, and if that did deter someone 
from being a terrorist and using that as a facility for threat, 
then why not go to a lower risk one and do the same thing if it 
doesn't have the security? So what we are saying is there 
shouldn't be a differentiation between any of them. They are 
all a risk. They are a risk to the workers. They are a risk to 
the communities. And what we all know, from the people dealing 
with the chemicals, is even a low-risk facility can have 
catastrophic events if the people, the terrorists were to act 
in a way such that it would cause a catastrophic event. So we 
feel that it should be the same.
    The one thing that we disagree with on that list is the 
background checks. Background checks for people that you are 
hiring, we understand, and most any company that uses any good 
sense would have background checks before they hire someone. 
But background checks, what we have seen in a former Department 
of Homeland Security regulation that was passed, have been 
misused against workers who are actually already at the site 
and have been working there for years. And in the Maritime and 
Department of Transportation, they have had to add more 
provisions; where if a person is accused or been found to have 
a felony within a 7-year period, and now they are a terrorist 
threat and the company has a right to fire them because of 
that, they have added provisions so that they can appeal that 
decision. And in this regulation, there is no way to appeal it 
or anything else. So if a company wanted to target a particular 
worker and dismiss them for obviously other reasons, and they 
could do that. Then it can happen. And it has happened. It 
happened in the maintenance of way. And that is one reason why 
they had to add those provisions. So we don't understand why 
those provisions aren't in this one.
    Ms. Jackson Lee. Let me first of all say, Mr. Alexander, we 
faced this issue before. We faced this issue with the 
Department of Homeland Security. Your raising this, as we look 
to a more comprehensive approach, even though we have had two 
bites at the apple on chemical security is one that we will 
take under advisement. And I think it should be clear that you 
are not suggesting that we do away with background checks. You 
are suggesting that, in the background checks, it should not be 
used as a basis for terminating individuals who have been there 
and working and very much a part of the particular company and 
may have something in their background that has nothing to do 
with their propensity toward terrorist acts. And that is 
something we want to be aware of.
    Mr. Alexander. Right.
    Ms. Jackson Lee. Let me ask you just two more quick 
questions. Would more employee training, as we have looked to 
do in other critical infrastructure industries, be helpful as 
well, that the actual--there be a requirement that the workers 
be engaged in thwarting potential terrorist acts or what to do, 
but basic worker training as it relates to security in these 
plants?
    Mr. Alexander. Absolutely. We feel that the workers should 
be involved in every aspect, including training. If there is an 
attack, you have to know how to shut the process down, how to 
deal with it. If you have an attack that causes chemicals to be 
released, what are you going to do with the rest of the 
process? Is the whole thing going to go up? Training with the 
workers on how to deal, and you only have minutes. We have some 
provisions in the law under emergency response at this 
particular time that gave a loophole, so to speak, to companies 
that didn't have to train workers where they could count on 
services from outside the plant. And what we have found was 
what is most critical is the time. Whenever you have an 
incident, you have to act as quickly as possible. And by 
training the workers and having people on-site that know how to 
deal with that would certainly reduce an event from being as 
catastrophic as it could be.
    Ms. Jackson Lee. You mentioned safer technology, and you 
seem to suggest that, other than establishing the risk-based 
strategy, we don't have anything that encourages these 
companies to go out and buy, go out and seek, go out and 
investigate safer technologies. Is that the point you are 
making?
    Mr. Alexander. The point that I was making on safer 
technologies, there is nothing in this regulation that either 
requires or recommends a company to seek safer technologies. 
And even though it may result in a benefit to the company by 
doing so that might take them off of a risk, there is nothing 
here that says it. One of the easiest ways to eliminate the 
chemicals, not that you could do it with all of them, but 
chemicals from being transported, for instance chlorine--
chlorine is the easiest example, and probably the most likely 
chemical that someone is going to try to use, and I think that 
is why you are seeing it coming up missing now--is don't use 
it. And there are plenty of substitutions for chlorine that can 
be used.
    But the first thing that Mr. Crowley talked about--not the 
first thing, but one of the things he talked about--is water 
treatment plants being exempted. And Mr. Markey talked about 
them. That is where the chlorine is at, and they are exempt. 
And they have the ability to use substitution chemicals that 
would not be nearly as dangerous or even comparable to using 
chlorine. So why they are not part of this regulation is a 
really good question. And why isn't this regulation 
encouraging, you know, or recommending at least, if not 
requiring, companies to seek out inherently safer technology, 
not just a substitution of chemicals, but the process itself, 
the mechanical process that they are using? We have ways of 
protecting the facilities better than what they are being 
protected now.
    Ms. Jackson Lee. Mr. Crowley, quickly, does that make sense 
to you?
    Mr. Crowley. It absolutely does. I don't think that it is 
for the Federal Government to dictate a specific solution to 
any chemical manufacturer or user. But if, in the process, you 
now have inherently safer and secure alternatives as part of 
that process, as one tool, then what it will do is it will 
dramatically reduce our level of vulnerability. And then we can 
deal with those residual chemicals and processes that don't 
lend themselves to an alternative, you know, through an 
effective means.
    But certainly in the research that we have done, we have 
clearly shown that there are viable and affordable alternatives 
out there. We surveyed a number of facilities. Some of them are 
changing, but many are not. And there is just this inertia that 
I think the regulatory process can help with. And many 
facilities can convert from an existing dangerous, inherently 
dangerous process that can be exploited by a terrorist to a 
safer alternative at modest cost.
    Mr. Scott. Madam Chairwoman, if I could add to that, 
please, I would like to point out, we would also support, as 
one of the many tools that you have in your toolkit, an 
inherently safer technology, both in process design and product 
use. But just for the record, I would like to also point out 
that chlorine does account for--is used in 93 percent of all 
pharmaceuticals, 25 percent of all medical plastics and 86 
percent of crop-protection chemicals. It is a basic building 
block for many of the things that are in our culture today.
    Ms. Jackson Lee. Is that chlorine?
    Mr. Scott. Chlorine.
    Ms. Jackson Lee. Which means the import of your statement 
is, it would make it difficult to remove.
    Mr. Scott. There are opportunities for use of inherently 
safer technology, but chlorine is a basic building block for 
everything we use in our world today.
    Ms. Jackson Lee. Mr. Alexander, I asked everyone else, do 
you think we made any progress on being safer as it relates to 
chemical plants, as relates to your employees, who are, many 
times, employed by these companies?
    Mr. Alexander. I think we are making progress. There is no 
doubt we are making progress. And I was happy to see some of 
the suggestions that we made earlier on were adopted in this 
regulation. But there certainly are some things that we need to 
consider along the way of how they may adversely affect other 
situations, like for instance the workers in the workplace. You 
know, if you create a law that is going to take away rights of 
workers and rights of the community for right to know and the 
ability for their representatives to investigate and protect 
the workers, then we are creating a problem where there was 
none before. So we just ask that you carefully consider and put 
some stipulations in here, the original stuff that was written, 
where it basically said they would not just preempt State law. 
The original stipulation said, they would preempt any law. That 
is the exact words that were written in there. And we can't 
allow a knee-jerk reaction to ignore what we have fought for 
years and years for rights for workers in the community to try 
to protect our facilities. Not that we shouldn't protect our 
facilities, but we need to be careful that we don't take away 
other rights that will endanger communities and workers. So by 
taking away those rights, then you have an adverse effect. So 
we need to just be careful. We are all about moving forward and 
making the facilities safer and less of a threat. There is no 
doubt about that. But we just need to be careful how we move 
forward to make sure that we don't cause an adverse effect.
    Ms. Jackson Lee. Well, let me acknowledge the work that we 
have still to do and the components that each of you represent, 
and particularly employees that are either on the front line of 
safety or on the front line of security are a key to what we 
are trying to accomplish here. And so your continued 
involvement would be welcomed.
    Mr. Tahmassian, let me thank you for representing the 
university community. The last thing we want to do is to stifle 
research and development, which is the cutting edge of the 
Nation's economy. But I am reminded, frankly, of, again, 
without being redundant, of the climate in which we live. It 
has been recently publicized that terrorist cells are in the 
United States. Cells by their very definition may be one person 
or two persons. They may be 10 persons. But we do know that 
they are, by the able of definition of cell, nuclear, able to 
move around, small. That means university campuses can be 
vulnerable. So I would welcome your explanation as to why, if 
we found a way to manage the universities, know that you are on 
a particular budget, that universities should not be included?
    And my second question is that large universities are 
probably more susceptible to resources to do what you have just 
suggested, Boston, Boston University. But we have thousands 
upon thousands of colleges and universities that have chem labs 
and are handling various chemicals. What is our response to 
them?
    Mr. Tahmassian. Madam Chairwoman, we are really not asking 
to be completely excluded. What we are asking is a process by 
which the standard is sort of adapted to the different 
environment of the universities. If you look at the 
universities--and again, we are going by the first version of 
the appendix A that we saw. To obtain the 2,000 pounds, to be 
very specific--and I can give you an illustrative example. 
Nitric acid, which is very commonly used in almost every 
chemistry lab and almost every biology lab, has a threshold of 
2,000 pounds. If you roughly assume that one gallon is 
equivalent of 10 pounds, and the majority of the labs in a 
university environment at most will have 1 gallon of it, that 
means to obtain that 2,000 or to hit the 2,000-pound threshold, 
you literally have to go to something between 200 and 220 labs, 
which might be to different buildings, to reach that threshold. 
So what we are really looking at is, how do we define those 
kind of thresholds that make sense for the university 
environment rather than saying that we want an umbrella 
exclusion. I don't know if that answers----
    Ms. Jackson Lee. If I am hearing you, you are saying, do 
not exclude but be responsible to the prototype of a university 
and what it means and how much quantity you would have.
    Mr. Tahmassian. That is correct.
    Ms. Jackson Lee. In the regulations, then, would you 
welcome defined regulations that might single out the 
university and college community so that there would be 
requirements, but they would be requirements that would be 
responsible to the business that you are in?
    Mr. Tahmassian. Yes.
    Ms. Jackson Lee. One of the things that is distinctive is, 
we don't do background checks on students. And the campus is 
the bastion of freedom of expression. And so there lies all 
kinds of speculation. Who would have ever thought in the series 
of London bombings and Scotland that caregivers, medical 
professionals would be involved? No one has yet reported 
whether or not the materials that they found, and I don't know 
if the nexus has been made, was connected to their profession. 
But, certainly, in a hospital, you are very much part of having 
access to chemicals. And certainly hospitals are on our list 
for critical infrastructure and concerns that we will be 
raising as they care for those who are in need. But if that be 
the case, then we would want to work as carefully as we can.
    But why don't you respond to just the broad point that I 
made about students and lack of background checks? Mr. 
Alexander said he has a problem with background checks. He just 
doesn't want it to be used against long-standing employees. And 
we have had that issue before, and we are going to work with 
them. But what is your level of protection, professors and 
others? Very difficult with this whole idea of freedom of 
expression and freedom of speech, which is where this is 
supposed to occur.
    Mr. Tahmassian. The issue of background checks in the 
university overall for employees is not new. We do background 
checks on a number of what we consider sensitive--for example, 
many people who currently work with finances, and if they are 
handling cash, including at the hospital, they are subject to 
background checks. I think the question of the students is a 
little bit more complicated, because, as you indicated, we have 
not been in the business of background checks from a criminal 
perspective of the students.
    However, when the students are on the campuses, the 
majority of the campuses do have programs where the faculty, 
the professors, the teaching assistants are actually now 
trained in looking for certain behavior patterns and seeing if 
there are things which are unusual. And these are not 
necessarily just from sort of looking for terrorism. That is 
not what I am implying. It is if there are behavioral changes 
that we think a student might be having difficulties, is 
depressed. And these are brought up to the attention of the 
university officials who have appointed actually social 
workers, psychiatrists, psychologists that will talk to the 
students and try to monitor them. I think that working within a 
framework such as that, we might be able to come up with a 
solution that meets the security requirements, as well as the 
university.
    Ms. Jackson Lee. I don't want the pronouncement out of this 
hearing that the committee has decided to background check all 
the Nation's students. But I do want to express a concern to 
you about those who are the caretakers of labs, researchers, 
faculty, again, not stifling educational freedom. But this is 
the kind of microscope that we have to begin to look at in 
America; not to stifle thought and stifle research but to be 
currently aware that we live in a world where al-Qa'ida is not 
isolated. It is franchised, and it moves around.
    Ms. Jackson Lee. And it may be in places where we would 
least expect it. So when we look at a comprehensive approach, 
that is why you are here today, because we want it to be 
sensible, responsible but serious, and the last word, of 
course, is ``comprehensive.''
    I would encourage you to look back on your whole university 
council and the issues that I have just raised. Even though 
small amounts may be at these various chemical labs and in 
research components of universities, they might not have to go 
to 200 universities to secure what they need. It might be one 
university or a series of universities, and that is not a 
difficult task.
    Let me thank you for your testimony.
    I am going to conclude, Mr. Crowley, and let me just ask 
everybody the question of how secure you feel we are with our 
efforts toward chemical security and particularly as it relates 
to universities.
    Mr. Tahmassian. I think we have made significant progress 
over the last 6 or 7 years. Seven years ago, nobody thought 
about security the way we are thinking about it now. Most of 
our security was securing the environment for our faculty and 
for our students so their personal belongings do not get stolen 
and so they do not get attacked and so on. Today, actually, as 
you walk into the facility, name badges are displayed by 
everyone. People challenge you if they do not recognize you in 
the lab. We have made a fair amount of progress. Obviously, 
like anything else, there is a lot more that could be done; and 
we continuously need to be vigilant and to look at how we can 
better perform than we have done in the past.
    Ms. Jackson Lee. Let me thank you very much for that 
assessment. It gives us a broad view.
    Mr. Crowley, the end is going to be beholden to you. Are we 
at a crisis? We are reading the national intelligence 
estimates, some of which have been publicized, so that we are 
speaking from what we have--those who are here, I will speak to 
what has been in the newspapers. The national intelligence 
estimates, as I have characterized, indicate that al-Qa'ida is 
moving around and has franchised. This committee has an 
enormous responsibility to address the question.
    We are, in the 9/11 conference, trying to meet some of the 
requirements such as the screening of 100 percent of cargo, 
which is part of your scene; and, of course, there is 
opposition to that. Do we have any latitude of being lax on 
ensuring a very pronounced regulatory, comprehensive process 
for chemical security?
    Mr. Crowley. Chairwoman Jackson Lee, I think the crisis, if 
we have it, is one of focus. I mean, obviously, the longer we 
get from 9/11, the good news is we have not been attacked, but 
we are becoming complacent. I think that is probably the 
greatest thing that we have to overcome.
    Dr. Tahmassian earlier mentioned the fact that, through 
this process that we have started with chemical security, they 
now recognize that they are part of this. They did not expect 
that so many universities would be captured by the preliminary 
list that DHS puts out.
    I think that is exactly the process that we should be 
having here, that all entities across--you know, and I mean 
there is a wide latitude in terms of what we consider to be a 
chemical facility. There is a full range of activities here. 
But certainly the process is beginning to help various 
companies and entities recognize that they have to be part of 
this security equation.
    I think what the good news is about this Top-Screen is it 
begins a process. It begins a dialogue with, perhaps, some 
entities that did not see themselves as part of this security 
equation.
    So I think the bad news here is that we are becoming 
complacent. We have bought into some rhetoric that has been 
used in the political realm that we are fighting them over 
there so we do not have to confront them here. The reality of 
what we saw in Glasgow, Scotland, is we are likely to confront 
them here; and we may not have the intelligence that tells us 
where they are so that we can stop them in advance.
    So we have to rely on processes like this one, and then 
through that process you begin a dialogue so that you can get 
at the heart of the security concern and address that, 
establish positive responsibility by various entities that have 
possession of dangerous chemicals and establish a process where 
we can, over time, significantly reduce this risk.
    Ms. Jackson Lee. Let me thank the witnesses very much for 
their testimony. Mr. Crowley, Mr. Scott, Mr. Alexander, and Mr. 
Tahmassian, let me thank you very much. You have given us a 
roadmap.
    The other part of the scene that Mr. Crowley speaks to is 
the whole idea of intelligence, and that is certainly the 
responsibility of this committee and other subcommittees, 
having the intelligence to be preventative. But, at the same 
time, as we glean intelligence, if for one moment our 
intelligence slips, which all of it is based on human 
opportunities and abilities, then we must have, on the other 
hand, a high, high barrier, a very high mountain of prevention. 
I am not in any way satisfied that, as we sit here today, we 
have covered or are beginning to cover--though, I think we are 
making great steps, and I am very appreciative of the sectors 
that, on their own accounts, have sought DHS. They are to be 
applauded. But there are human elements to that. There are 
human interests. There are interests that are all involved.
    So I am not convinced as chairperson of this committee that 
we have, frankly, reached the vastness of where we need to go. 
I have heard the words ``tens of thousands.'' So that means 
that we have the able representation of Mr. Scott, very able, 
and the presence of the council here, but, beyond that, there 
are tens of thousands handling chemicals in America who are 
unsupervised, who are unwatched and who are certainly not ready 
to face what potentially may be a terrorist incident.
    This overview is to engage each and every one of you. We 
will not do it in a vacuum. We need to do it quickly. I do not 
think what has been done is enough, and it does not in any way 
give me comfort that we could not foresee in days or in weeks 
ahead someone's taking license, unfortunately, in the climate 
that we are in. That is our responsibility, to be able to stand 
up and say that we have done all that we could to prevent a 
horrific incident that could be reflected through the words of 
Mr. Markey in his comments about chlorine--and respecting Mr. 
Scott's retort on that--but also as to any number of chemicals.
    I am not satisfied that our employees who are handling 
chemicals outside of the industry are trained. I believe we 
need more monies for surrounding neighborhoods--some of the 
greatest victims or vulnerable persons as relates to the use of 
chemicals in a terrorist act, and certainly, some of the 
nuances that have been said--fairness with background checks, 
responding to the universities, responding to the chemical 
industry--are all in place, but, as we leave this room, the 
question is have we done what we need to do to not read a 
headline this week, the next week and the next week. Your 
testimony will help us move to that point, I hope, but, for me, 
we are not moving fast enough.
    So I thank you all very much for your testimony and for 
your presence here today. It has been constructive and 
instructive, and I hope that we will be able as a committee and 
as a Department to work together.
    Let me finalize by saying the members are in different 
places. There is legislation on the floor, any number of 
committees because we are nearing a point of a recess, of a 
work recess. So I do want to say, on behalf of the members, 
that they will submit their statements into the record. They 
appreciate the testimony. The ranking member was called off to 
a meeting.
    Likewise, I appreciate your testimony. We work together on 
this committee in a bipartisan manner, and I hope that we will 
have that opportunity to do that in the name of the American 
people, to step in front of, if we possibly can, any potential 
incident as a result of the oversight of our particular 
committee.
    Thank you all. This hearing has now come to a close. Any 
further statements will be submitted into the record.
    [Whereupon, at 3:55 p.m., the subcommittee was adjourned.]

                                 
