[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]






 THE CHEMICAL FACILITIES ANTI-TERRORISM STANDARDS PROGRAM: ADDRESSING 
                ITS CHALLENGES AND FINDING A WAY FORWARD

=======================================================================

                                HEARING

                               before the

                     SUBCOMMITTEE ON CYBERSECURITY,
                       INFRASTRUCTURE PROTECTION,
                       AND SECURITY TECHNOLOGIES

                                 of the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                      ONE HUNDRED TWELFTH CONGRESS

                             SECOND SESSION

                               __________

                             MARCH 6, 2012

                               __________

                           Serial No. 112-74

                               __________

       Printed for the use of the Committee on Homeland Security
                                     



[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]



                                     

      Available via the World Wide Web: http://www.gpo.gov/fdsys/

                               __________

                  U.S. GOVERNMENT PRINTING OFFICE

76-601 PDF                WASHINGTON : 2013
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2250  Mail: Stop SSOP, Washington, DC 
20402-0001










                     COMMITTEE ON HOMELAND SECURITY

                   Peter T. King, New York, Chairman
Lamar Smith, Texas                   Bennie G. Thompson, Mississippi
Daniel E. Lungren, California        Loretta Sanchez, California
Mike Rogers, Alabama                 Sheila Jackson Lee, Texas
Michael T. McCaul, Texas             Henry Cuellar, Texas
Gus M. Bilirakis, Florida            Yvette D. Clarke, New York
Paul C. Broun, Georgia               Laura Richardson, California
Candice S. Miller, Michigan          Danny K. Davis, Illinois
Tim Walberg, Michigan                Brian Higgins, New York
Chip Cravaack, Minnesota             Cedric L. Richmond, Louisiana
Joe Walsh, Illinois                  Hansen Clarke, Michigan
Patrick Meehan, Pennsylvania         William R. Keating, Massachusetts
Ben Quayle, Arizona                  Kathleen C. Hochul, New York
Scott Rigell, Virginia               Janice Hahn, California
Billy Long, Missouri                 Vacancy
Jeff Duncan, South Carolina
Tom Marino, Pennsylvania
Blake Farenthold, Texas
Robert L. Turner, New York
            Michael J. Russell, Staff Director/Chief Counsel
               Kerry Ann Watkins, Senior Policy Director
                    Michael S. Twinchek, Chief Clerk
                I. Lanier Avant, Minority Staff Director

                                 ------                                

SUBCOMMITTEE ON CYBERSECURITY, INFRASTRUCTURE PROTECTION, AND SECURITY 
                              TECHNOLOGIES

                Daniel E. Lungren, California, Chairman
Michael T. McCaul, Texas             Yvette D. Clarke, New York
Tim Walberg, Michigan, Vice Chair    Laura Richardson, California
Patrick Meehan, Pennsylvania         Cedric L. Richmond, Louisiana
Billy Long, Missouri                 William R. Keating, Massachusetts
Tom Marino, Pennsylvania             Bennie G. Thompson, Mississippi 
Peter T. King, New York (Ex              (Ex Officio)
    Officio)
                    Coley C. O'Brien, Staff Director
                 Zachary D. Harris, Subcommittee Clerk
        Chris Schepis, Minority Senior Professional Staff Member















                            C O N T E N T S

                              ----------                              
                                                                   Page

                               STATEMENTS

The Honorable Daniel E. Lungren, a Representative in Congress 
  From the State of California, and Chairman, Subcommittee on 
  Cybersecurity, Infrastructure Protection, and Security 
  Technologies:
  Oral Statement.................................................     1
  Prepared Statement.............................................     4
The Honorable Yvette D. Clarke, a Representative in Congress From 
  the State of New York, and Ranking Member, Subcommittee on 
  Cybersecurity, Infrastructure Protection, and Security 
  Technologies:
  Oral Statement.................................................     5
  Prepared Statement.............................................     6
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Ranking Member, Committee on 
  Homeland Security:
  Prepared Statement.............................................     7

                               WITNESSES
                                Panel I

Hon. Rand Beers, Under Secretary, National Protection and 
  Programs Directorate, Department of Homeland Security:
  Oral Statement.................................................     9
  Prepared Statement.............................................    10
Ms. Penny J. Anderson, Director, Infrastructure Security 
  Compliance Division, Office of Infrastructure Protection, 
  Department of Homeland 
  Security.......................................................    17
Mr. David Wulf, Deputy Director, Infrastructure Security 
  Compliance Division, Office of Infrastructure Protection, 
  Department of Homeland 
  Security.......................................................    17

                                Panel II

Mr. William E. Allmond IV, Vice President, Government and Public 
  Relations, Society of Chemical Manufacturers and Affiliates:
  Oral Statement.................................................    31
  Prepared Statement.............................................    33
Mr. Timothy J. Scott, Chief Security Officer and Corporate 
  Director, Emergency Services and Security, Dow Chemical:
  Oral Statement.................................................    38
  Prepared Statement.............................................    40
Mr. David L. Wright, President, American Federation of Government 
  Employees Local 918:
  Oral Statement.................................................    42
  Prepared Statement.............................................    43

                             FOR THE RECORD

The Honorable Daniel E. Lungren, a Representative in Congress 
  From the State of California, and Chairman, Subcommittee on 
  Cybersecurity, Infrastructure Protection, and Security 
  Technologies:
  Request for Report.............................................     3

                                APPENDIX

Questions Submitted by Chairman Daniel E. Lungren to Rand Beers..    51
Questions Submitted by Ranking Member Yvette D. Clarke to Rand 
  Beers..........................................................    60
Questions Submitted by Ranking Member Yvette D. Clarke to Penny 
  J. Anderson....................................................    60
Questions Submitted by Ranking Member Yvette D. Clarke to Timothy 
  J. Scott.......................................................    61
Questions Submitted by Chairman Daniel E. Lungren to David L. 
  Wright.........................................................    61

 
 THE CHEMICAL FACILITIES ANTI-TERRORISM STANDARDS PROGRAM: ADDRESSING 
                ITS CHALLENGES AND FINDING A WAY FORWARD

                              ----------                              


                         Tuesday, March 6, 2012

             U.S. House of Representatives,
                    Committee on Homeland Security,
 Subcommittee on Cybersecurity, Infrastructure Protection, 
                                 and Security Technologies,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 2:40 p.m., in 
Room 311, Cannon House Office Building, Hon. Daniel E. Lungren 
[Chairman of the subcommittee] presiding.
    Present: Representatives Lungren, Meehan, Marino, Clarke, 
Richardson, and Richmond.
    Mr. Lungren. Mr. Meehan is here and that makes two of us. 
So with the approval of the Minority we can start with the two 
on our side. We shall start.
    The Committee on Homeland Security's Subcommittee on 
Cybersecurity, Infrastructure Protection, and Security 
Technologies will come to order. The subcommittee is meeting 
today to examine the chemical facilities anti-terrorism 
standards program at the Department of Homeland Security.
    Before I start, I just want to mention that we would remind 
our guests today that demonstrations from the audience, 
including the use of signs, placards, and T-shirts, as well as 
verbal outbursts, are a violation of the rules of the House. 
The Chairman wishes to thank our guests for their cooperation 
in maintaining order and proper decorum.
    I would recognize myself for an opening statement. I wish 
to thank Under Secretary Beers, Director Anderson, and Deputy 
Director Wulf for your cooperation in providing our committee 
with a detailed briefing on the challenges facing the MPPD's 
Infrastructure Security Compliance Division, ISCD, on February 
7. I must say that I was upset when I learned about the 
widespread mismanagement training and recruiting failures in 
the CFATS compliance division, which we now are learning about 
more than 5 years after the program was authorized.
    Some examples cited were 4,200 site security plans 
submitted to ISCD with no plans being finally approved, workers 
hired without appropriate skill levels, no adequate training 
program for chemical inspectors having been established, 
supervisors selected based on personal relationships rather 
than leadership or managerial ability and experience.
    The leaked Anderson memo also stated that the Congressional 
mandate forced development of the CFATS program at an 
impractical pace, the inference seemingly being that the 
accelerated pace pushed by Congress resulted in poor program 
implementation, inappropriate hirings, and wasteful expenditure 
of taxpayer funds.
    Now, Congress directed the Secretary in our 2007 DHS 
appropriations bill to develop a regulatory framework within 6 
months to address the security of U.S. chemical facilities. I 
believe that was a shorter period than we had envisioned in the 
bill that we worked on in this subcommittee. However, this 
short time line was an expression of Congressional urgency and 
concern regarding the threat to our chemical facilities, and I 
don't believe it really was a hard deadline. But nonetheless we 
wished to urge upon the Executive Branch our concern at that 
time in the hope that this would be expedited.
    Since that time, our Homeland Security Committee has 
conducted numerous oversight hearings and Departmental 
briefings where these compliance problems were never mentioned.
    Last year I, along with my colleagues on both sides, 
championed a long-term extension of the Department's CFATS 
authority, H.R. 901. This was also consistent with the request 
by the administration of a long-term extension. At that time 
these compliance problems were never referenced to us. To the 
contrary, the CFATS program was often cited as a model public-
private partnership for securing critical infrastructure. That 
in fact was the hope of those of us who had any part in 
offering the legislation in the first instance.
    Fortunately, these program challenges were detailed in the 
Anderson memo requested by you, Mr. Beers, and then exposed by 
Fox News. No one likes to be surprised, especially those of us 
in Congress. We have enough surprises, I guess, that we create 
for ourselves. I will say mismanagement of this division was 
disturbing, particularly to someone--like those of us on this 
subcommittee who have been strong CFATS advocates.
    So while the report was extremely disappointing, I want to 
emphasize that the CFATS program has many phases and what 
appears to be failures contained or pointed out in the memo, or 
in the compliance phase or the final phase of the program. 
CFATS has unquestionably improved the security of our chemical 
industry, identifying chemicals of interest and establishing 
threshold levels for those chemicals. It has also required 
high-risk facilities to conduct vulnerability assessments, 
development site security plans and adopt security performance 
standards to mitigate identified vulnerabilities. The 
Government has already spent hundreds of millions of dollars on 
this chemical security program, while our private sector has 
invested billions in CFATS security improvements. I believe 
those are assets and investments that ought not to be wasted.
    My hope is that, while the memo relates to failures in the 
compliance phase of the CFATS program, that this is not used 
as, or misread by people to believe that we have wasted money 
in the Government and that the private sector has wasted money 
as they have dealt with CFATS security improvements. Rather, I 
believe, we have had a model of private-public partnership. I 
devoutly hope that this will be continued.
    I was pleased to see your quick response to these 
management failures by issuing your list of corrective action 
items. What was missing in the action item list, it appears, is 
priorities and time lines. So without that, it seems to me 
priority and supervision, you end up hiring unqualified 
inspectors and paying them for jobs that don't yet exist.
    The Anderson memo reveals the CFATS program was being 
victimized by mismanagement. But as we know, mismanagement is 
correctable and in no way indicates the failure of the 
underlying program with security achievements. I believe that 
you share that sentiment, at least as evidenced by 
conversations we have had. You believe that the program is a 
worthy one and one that needs to be completed. That is why I 
assume the White House has supported the idea of extending the 
life of this program.
    I look forward to hearing your plans to reorganize this 
office so it can accomplish its mission-approving site security 
plans, inspecting those facilities and ensuring that they 
implement the risk-based security measures outlined in their 
SSP.
    It is obvious, Mr. Beers, that you are responsible for the 
management of the program. As Under Secretary of the National 
Protection and Programs Directorate, you are in charge of 
CFATS, and so adjustments of these management difficulties are 
under your watch and we will be very interested to hear how you 
are and intend to correct those failures.
    It is my belief, and I believe it is shared by other 
Members of this subcommittee, that there ought to be no more 
surprises as we finish implementing the CFATS program. We will 
conduct vigorous oversight of the infrastructure security 
compliance division action plan.
    This oversight will include--we will expect to have 
quarterly briefings by Director Anderson to our subcommittee 
staff on what action items and reforms have been implemented. I 
have included a more detailed quarterly report request, and I 
ask that it be made a part of the record. If there is no 
objection we shall enter it into the record.
    [The information follows:]
       Request for Report Submitted by Chairman Daniel E. Lungren
Mr. Rand Beers,
Under Secretary for the National Protection and Programs Directorate, 
        U.S. Department of Homeland Security, Washington, DC 20528.
    Dear Under Secretary Beers: As you know, I entered a request for 
quarterly reporting on the status of the Chemical Facilities Anti-
Terrorism Standards (``CFATS'') program in the official record during 
the House Committee on Homeland Security Subcommittee on Cybersecurity, 
Infrastructure Protection, and Security's hearing on March 6, 2012. The 
intent of this letter is to formalize that request and outline its 
details to you.
    To ensure that Congress is appropriately informed of the CFATS 
program's progress towards implementation, I request a quarterly report 
to the subcommittee. This report should come in the form of briefings 
carried out by Ms. Penny Anderson, the Director of ISCD. At minimum, it 
should include:
    a. Progress reports on review, authorization, and approval of site 
        security plans;
    b. Updates on changes to the tiering formula, facility tier 
        changes, and efforts to ensure security of tiering inputs and 
        algorithms;
    c. Updates on hiring and training of inspector cadre;
    d. Information about training program development and 
        implementation;
    e. Explanations of changes in leadership and management of program.
    I appreciate your cooperation on this important issue. If you have 
any questions, please contact my staff director Mr. Coley O'Brien or 
counsel, Ms. Monica Sanders.
            Sincerely,
                                         Daniel E. Lungren,
Chairman, Subcommittee on Cybersecurity, Infrastructure Protection 
   and Security Technologies, House Committee on Homeland Security.

    [The statement of Mr. Lungren follows:]
                Statement of Chairman Daniel E. Lungren
    I want to thank Under Secretary Beers, Director Anderson, and 
Deputy Director Wulf for your cooperation in providing our committee 
with a detailed briefing on the challenges facing the NPPD's 
Infrastructure Security Compliance Division ISCD on February 7.
    I was upset when I learned about the widespread mismanagement, 
training, and recruiting failures in the CFATS compliance division, 5 
years after this program was first authorized. Examples:
   4,200 SSPs were submitted to ISCD, less than 50 have been 
        approved;
   No inspection program design or procedures adopted;
   Restrictions on hiring qualified inspectors;
   No adequate training program for inspectors to conduct 
        compliance inspections.
    The leaked memo also stated that the Congressional mandate forced 
development of the CFATS program at an impractical pace. The inference 
being that the accelerated pace pushed by Congress resulted in poor 
program implementation, the hiring of inappropriate staff, and the 
wasteful expenditure of taxpayer funds.
    Our Homeland Security Committee conducted numerous oversight 
hearings and Departmental briefings, where these problems were never 
mentioned. I championed a long-term extension of the Department's CFATS 
Authority last year (H.R. 901) and these problems were never discussed. 
To the contrary, the CFATS program was often cited as a model public/
private security partnership.
    Fortunately, these program challenges were detailed in the Anderson 
memo requested by you, Under Secretary Beers, and then exposed by Fox 
News. No one likes to be surprised, especially Congress. The wholesale 
mismanagement of this Division is disturbing, particularly to someone 
like myself, who drafted the legislation CFATS was modeled after.
    While this report was extremely disappointing, I want to emphasize 
that the CFATS program has many phases and these failures are in the 
final phase--the compliance phase of the program. This program has 
unquestionably improved the security of our chemical industry, 
identifying dangerous chemicals of interest and establishing threshold 
levels for those chemicals. It has also required high-risk facilities 
to conduct vulnerability assessments, development site security plans, 
and adopt security performance standards to mitigate identified 
vulnerabilities.
    The Government has already spent hundreds of millions of dollars 
for this chemical security program and the private sector has spent 
billions of dollars.
    While the compliance phase is critical to the success of CFATS by 
insuring that identified security measures have been implemented by our 
high-risk chemical facilities, these management problems are all 
correctable.
    I was pleased to see your quick response to these management 
failures by issuing your list of corrective action items. What was 
missing in your action item list were priorities and time lines. 
Without leadership, priorities, and supervision, you end up hiring 
unqualified inspectors and paying them for jobs that don't yet exist.
    I look forward to hearing your plans to reorganize this office so 
it can accomplish its mission--approving site security plans (SSP), 
inspecting these facilities and ensuring that they implement the risk-
based security measures outlined in their SSP.
    I also want to be clear that there will be no more surprises as we 
finish implementing the CFATS program. I will conduct vigorous 
oversight of the Infrastructure Security Compliance Division action 
plan by requiring Director Anderson to report to our staff on a 
quarterly basis what action items and reforms have been implemented.
    I now recognize the gentle lady from New York, Ms. Clarke, for her 
opening statement.

    Mr. Lungren. It is now my pleasure to recognize the 
gentlelady from New York, Ms. Clarke, the Ranking Member of the 
subcommittee for her opening statement.
    Ms. Clarke. Thank you, Mr. Chairman. Thank you for calling 
this hearing on the chemical facilities anti-terrorism 
standards program. The Under Secretary's Office provided us 
with a confidential memorandum report that he ordered in summer 
2011 for internal use, but was leaked to the news media and a 
summary article published in December.
    We have been provided with a rare insight into the internal 
workings of a regulatory program that is experiencing drastic 
spasms. The CFATS issues before us today are greater than just 
the leaked internal memorandum that made headlines late last 
year.
    Let me review the facts. The Department established CFATS 
in fiscal year 2007 and has received approximately $442 million 
since then in appropriated funds to implement both the CFATS 
and ammonium nitrate programs. The Department has testified 
numerous times as to the successful issuance of regulation and 
establishment of a regulatory framework, and DHS has annually 
engaged stakeholders in a chemical security summit.
    The information memorandum contains information that raises 
questions about the accuracy of those presentations. The 
information memorandum, for example, states that millions of 
dollars of training contracts have resulted in no compliance 
inspector training, the information technology systems are 
insufficient to meet ISCD needs, and that regional and 
headquarter locations invested in unneeded capabilities 
inconsistent with mission needs.
    The information memorandum identifies a series of 
institutional flaws such as a lack of a system for tracking the 
usage of consumable supplies, pay grades not aligning with job 
requirements, and weak leadership providing the appearance of 
favoritism, cronyism, and retribution.
    Here is what is really disturbing. The fact that DHS raised 
none of these points in its prior testimony or discussions, 
instead presenting the appearance of an on-going regulatory 
program. While the Under Secretary has testified that he was 
not aware of the scope of the problems within ISCD until 2011, 
the senior ISCD official in charge would seemingly have 
possessed detailed information not available to the Under 
Secretary.
    Additionally, Congress has required, through appropriations 
report language, both reports and briefings on facets of the 
CFATS program, none of which reported the challenges ISCD was 
experiencing.
    It is our job to attempt to identify the root causes of the 
challenges experienced by ISCD in order to avoid similar 
problems in other agencies in an attempt to identify how prior 
appropriated funds were spent and what value was received and 
how we should attempt to identify the official or officials 
responsible for the failures in ISCD performance.
    Mr. Chairman, besides the fact-finding that we need to do, 
there is a bigger question of authorization. It seems only 
reasonable to me that in light of these leaked memorandums--
excuse me, this leaked memorandum--and the host of problems it 
outlines for the CFATS program, it will behoove Congress to 
think again about giving the program an extended authorization 
without further committee oversight and guidance.
    As you know, I offered two amendments limiting the 7-year 
authorization proposed in H.R. 901. I think the idea of 
limiting the authorization of this troubled program looks 
pretty good today. Last Congress we brought in all the 
stakeholders to craft legislation to fully authorize the 
program. It was a major undertaking. We brought in industry and 
labor and everyone else who had a concern about this issue. 
That is the kind of guidance and authorization this troubled 
program needs.
    What I do know is that the front-line workers in every 
Government program, whether it be law enforcement, management, 
or regulatory programs, are the heart of the service to the 
American people. To protect us they make sure things are secure 
and they interact with business and industry and citizens every 
day. These are the important workers in your CFATS program.
    I am very keen to hear the testimony today of David Wright 
who represents the inspectors, the lead workers, who make up 
the inspector cadre, the core and the heart of this program. We 
need to get their views on the problems you have found if we 
are to solve these challenges.
    Mr. Chairman, I hope we are going to hear some of the 
answers we need today. I yield back the balance of my time.
    [The statement of Ms. Clarke follows:]
              Statement of Ranking Member Yvette D. Clarke
                             March 6, 2012
    Mr. Chairman, thank you for calling this hearing on the Chemical 
Facilities Anti-Terrorism Standards program. The Under Secretary's 
office provided us with a confidential memorandum report that he 
ordered in the summer 2011, for internal use, but was leaked to the 
news media, and a summary article published in December. We have been 
provided with a rare insight into the internal workings of a regulatory 
program that is experiencing drastic spasms.
    The CFATS issues before us today are greater than just the leaked 
internal memorandum that made headlines late last year. Let me review 
the facts:
   The Department established CFATS in fiscal year 2007 and has 
        received approximately $442 million since then in appropriated 
        funds to implement both the CFATS and ammonium nitrate 
        programs.
   The Department has testified numerous times as to the 
        successful issuance of regulation and establishment of a 
        regulatory framework, and DHS has annually engaged stakeholders 
        in a chemical security summit.
   The information memorandum contains information that raises 
        questions about the accuracy of those presentations. The 
        information memorandum, for example, states that millions of 
        dollars of training contracts have resulted in no compliance 
        inspector training, that information technology systems are 
        insufficient to meet ISCD needs, and that regional and 
        headquarters locations invested in unneeded capabilities 
        inconsistent with mission needs.
   The information memorandum identifies a series of 
        institutional flaws, such as the lack of a system for tracking 
        the usage of consumable supplies, pay grades not aligning with 
        job requirements, and weak leadership providing the appearance 
        of favoritism, cronyism, and retribution.
   Here's what really disturbing, the fact that DHS raised none 
        of these points in its prior testimony or discussions, instead 
        presenting the appearance of an on-going regulatory program.
    While the Under Secretary has testified that he was not aware of 
the scope of the problems within ISCD until 2011, the senior ISCD 
official in charge would seemingly have possessed detailed information 
not available to the Under Secretary. Additionally, Congress has 
required through appropriations report language both reports and 
briefings on facets of the CFATS program, none of which reported the 
challenges ISCD was experiencing.
    It is our job to attempt to identify the root causes of the 
challenges experienced by ISCD in order to avoid similar problems in 
other agencies, and attempt to identify how prior appropriated funds 
were spent and what value was received, and we should attempt to 
identify the official or officials responsible for the failures in ISCD 
performance.
    Mr. Chairman, besides the fact-finding that we need to do, there is 
a bigger question of authorization. It seems only reasonable to me that 
in light of this leaked memorandum and the host of problems it outlines 
for the CFATS program, it would behoove Congress to think again about 
giving the program an extended authorization without further committee 
oversight and guidance. As you know, I offered two amendments limiting 
the 7-year authorization proposed in H.R. 901, and I think the idea of 
limiting the authorization of this troubled program looks pretty good 
today.
    Last Congress we brought in all the stakeholders to craft 
legislation to fully authorize this program. It was a major 
undertaking. We brought in industry and labor and everyone else who had 
a concern about this issue, that's the kind of guidance and 
authorization this troubled program needs.
    What I do know is that the front-line workers in every Government 
program; whether it be law enforcement, management, or regulatory 
programs, are the heart of the service to the American people. They 
protect us, they make sure things are secure, and they interact with 
business and industry and citizens everyday. These are the important 
workers in your CFATS program, and I am very keen to hear the testimony 
today of David Wright who represents the inspectors, the lead workers 
who make up the inspector cadre, the core and heart of this program. We 
need to get their views on the problems you have found if we are to 
solve these challenges.
    Mr. Chairman, I hope we are going to hear some of the answers we 
need today and, I yield back.

    Mr. Lungren. The gentlelady yields back.
    Other Members of the committee are reminded their opening 
statements may be submitted for the record.
    [The statement of Ranking Member Thompson follows:]
             Statement of Ranking Member Bennie G. Thompson
                             March 6, 2012
    Mr. Chairman, thank you for holding today's hearing.
    Congress expressed concern about the safety and security of 
chemical facilities long before 9/11.
    The danger of a sudden release of hazardous chemical fumes caused 
by a terrorist attack is a nightmare scenario.
    In 2006, Congress passed legislation providing the Department of 
Homeland Security with the ability to assure that chemical plants are 
safe and secure. This year, the authorization for that program will 
expire.
    Much should have happened in 6 years. But unfortunately, there is 
not much progress to report.
    In December 2011, we learned about the stunning lack of progress 
and the serious programmatic failures when an internal memo on the 
CFATS program was leaked.
    It is my understanding that the Under Secretary stated on a prior 
occasion that the memo ``fails to provide a complete picture of the 
program.''
    It is difficult for any document to capture the complete picture. 
But while a picture may be incomplete, it still may be accurate.
    Mr. Under Secretary, I hope your testimony covers whether many of 
the troubling assertions contained in the internal memo are accurate:
   Is the ISCD ready to conduct a compliance inspection?
   Will inspectors will be able to review more than 20 
        facilities per year?
   Does the unit suffer from low morale and perceptions of 
        favoritism?
   Have job descriptions been developed?
   Have in-house training courses been developed?
   How much is spent on contractors?
   Are contractors performing inherently Governmental 
        functions?
    Without the answer to these questions, we cannot answer the most 
important question--when will the CFATS program be fully operational?
    Finally, Mr. Chairman, I need to point out that a fully functioning 
program cannot occur in an atmosphere of blame and recrimination.
    The most troubling aspect of this internal memo is that it makes 
clear that the management of this program has developed a belief that 
finger-pointing and blame are an effective way of addressing the 
concerns of front-line workers.
    Leadership does not point fingers. Leadership joins hands and works 
together.
    This program will only become fully functional with leadership and 
hard work.
    Mr. Under Secretary, if you do not have that kind of leadership in 
this program now, I suggest you attain it quickly.
    There can be no doubt that a lack of administrative clarity and 
management commitment impeded this program in the past.
    Congress must conduct vigilant oversight to assure that the program 
begins to move forward.
    These challenges show the need for a detailed, biennial 
reauthorization process.
    With that, I yield back.

    Mr. Lungren. We are pleased to have three very 
distinguished witnesses before us today on this important topic 
in our first panel. Rand Beers, the Under Secretary for the 
National Programs and Protection Directorate at the Department 
of Homeland Security, a position he has held since June 2009. 
In this role he is tasked to reduce risk to physical cyber and 
communications infrastructure and collaborate with governments, 
the private sector, nongovernment organizations, and 
international bodies to prevent, respond to, and mitigate 
threats to U.S. National security from acts of terrorism, 
natural disaster, and other catastrophic events.
    Ms. Penny Anderson serves as the director of the Department 
of Homeland Security National Protection and Program 
Directorate's Office of Infrastructure Protection, 
Infrastructure Security Compliance Division. Ms. Anderson is 
responsible for leading the implementation of DHS regulatory 
authority for the Nation's high-risk chemical facilities, as 
well as supporting National-level critical infrastructure risk 
management, preparedness, and protection programs. Before 
joining NPPD, Ms. Anderson served as the Transportation 
Secretary Administration Federal Security Director for West 
Michigan from November 2007 to July 2011. In this capacity she 
was the primary point of coordination and oversight for 
transportation security management in West Michigan, including 
implementation of all TSA security compliance programs in that 
region.
    Mr. Dave Wulf joined the Department of Homeland Security in 
July 2011 as the deputy director of the Infrastructure Security 
Compliance Division, ISCD, within the Office for Infrastructure 
Protection. In this role Mr. Wulf leads the National 
implementation of the chemical facility anti-terrorism 
standards program to assess high-risk chemical facilities, 
promote collaborative security planning, and ensure that 
covered facilities meet risk-based performance stands. Mr. Wulf 
also manages the Department's efforts to establish and 
implement a regulatory regime for ammonium nitrate products. 
Prior to joining DHS, Mr. Wulf held a number of positions at 
the Bureau of Alcohol, Tobacco, Firearms, and Explosives, 
serving among other roles as the Chief of Bureau's Office of 
Regulatory Affairs and Director of the National Center for 
Explosives, Training, and Research.
    Thank you all for being here. We will remind you that your 
full written testimony will be made a part of the record. We 
would ask you for a summary of 5 minutes. We have got the light 
system to guide you on that.
    We will just start from my left to right with Secretary 
Beers first.

    STATEMENT OF HON. RAND BEERS, UNDER SECRETARY, NATIONAL 
  PROTECTION AND PROGRAMS DIRECTORATE, DEPARTMENT OF HOMELAND 
                            SECURITY

    Mr. Beers. Thank you, Chairman Lungren and Ranking Member 
Clarke, as well as distinguished Members of the subcommittee. 
It is a pleasure to be here before you today to discuss the 
Department's efforts to regulate security at high-risk chemical 
facilities under the Chemical Facilities Anti-terrorism 
Standards Act.
    Alongside me today, as you indicated, are Penny Anderson 
and David Wulf, the director and deputy director respectively 
of the Infrastructure Security Compliance Division. They manage 
CFATS program and they are also the authors of the internal 
assessment, which I will discuss shortly. They are here with me 
today to answer any questions that you might have about the 
original content of that assessment.
    As you are aware, the Department's current statutory 
authority to implement CFATS, section 550 of fiscal year 2007 
Department of Homeland Security Appropriations Act, as amended, 
was recently extended through October 4, 2012. I strongly 
believe that the CFATS program is a program that we need, and I 
am confident that it has made America safer, and I would 
welcome the opportunity to continue to work with this committee 
and the Congress and all levels of government and the private 
sector to further improve this vital National security program.
    Since CFATS' inception we have issued the basic rule, we 
have defined the chemicals of interest, we have jointly 
conducted two surveys with industry to define the facilities 
that have a substantial enough quantity of these chemicals 
determined to be high-risk.
    After receiving the initial submissions of more than 40,000 
facilities potentially under the program, we have narrowed the 
number of covered facilities to approximately 4,500. In that 
process 1,600 facilities completely removed their chemicals of 
interest and more than 700 other facilities have reduced their 
holdings of chemicals of interest to levels resulting in that 
the facilities are no longer being considered high-risk. These 
actions, many of which NPPD believes were the result of choices 
made by facilities after the Congressional passage of section 
550 and the adoption of the CFATS regulation, have helped 
reduce the number of high-risk chemical facilities located 
throughout the Nation and have correspondingly made the Nation 
more secure.
    The Department has done much work over the past few years 
to establish and implement the unprecedented regulatory 
program, but CFATS clearly has challenges that still need to be 
addressed. In recognition of this, upon the arrival of the 
program's new director and deputy director this past summer, I 
asked them to provide for my consideration their views on the 
successes and challenges of the CFATS program. Candid, honest 
assessments and critiques are valuable tools in evaluating 
progress and determining where improvements are needed. 
Furthermore, in an unprecedented program like CFATS, such 
corrections can be expected and on-going decisions will need to 
be made.
    In late 2011 a detailed report was hand-delivered to me in 
November. It is important to note that in addition to the 
referenced challenges, the report also proposed for my 
consideration a charted path to addressing these challenges; 
specifically the action plan, with detailed recommendations for 
addressing the issues identified, are those that we have shared 
with the committee. Since my receipt of the report we now have 
nearly 100 action items contained in this plan, and each has 
been assigned to a member of the program senior leadership team 
for action, and we have already seen progress on many of these 
items.
    For accountability, planning, and tracking purposes, the 
members of the leadership team have been asked to provide 
milestones and a schedule for completion of each of the tasks 
assigned. The program's acting chief of staff will monitor 
progress.
    In addition, program leadership meets weekly with my 
principal deputy under secretary, Suzanne Spalding, and 
provides updates as appropriate. As I said, I am happy to 
report that we have already made tangible progress in 
addressing some of the challenges of this report.
    One issue identified in the report is the completion of 
site security plans, and we have reviewed those in I think a 
consistent, reasonable, and timely fashion. We have an interim 
review process that is allowing the Department to authorize 
Tier 1 facility plans in a more effective and timely manner. 
Using this interim report approach over the last few months 
ISCD has been able to more than quadruple the number of 
authorized plans. Specifically, as of January, we have 55 
different SSPs that have been conditionally authorized. We 
expect to complete all the Tier 1 site security plan 
authorizations and to notify facilities in the coming months 
ahead. ISCD also expects to begin issuing authorizations to 
Tier 2 facilities in fiscal year 2012.
    While this interim review process is underway, we are also 
working on an even more efficient long-term approach to site 
security plan reviews for Tiers 2, 3, and 4. The Department 
takes its responsibility seriously for the CFATS program and 
the Nation's security, and we are moving forward quickly and 
strategically to address the challenges before us.
    Again, we believe that CFATS is making the Nation safer and 
we are dedicated to its success. We will make the necessary 
course corrections to improve the program and to better protect 
the Nation.
    Thank you, sir and madam, and all the Members for holding 
this important meeting. I am happy to respond to any of the 
questions that you might have.
    [The statement of Mr. Beers follows:]
                    Prepared Statement of Rand Beers
                             March 6, 2012
    Thank you, Chairman Lungren, Ranking Member Clarke, and 
distinguished Members of the committee. It is a pleasure to appear 
before you today to discuss the Department of Homeland Security's (DHS) 
efforts to regulate the security of high-risk chemical facilities under 
the Chemical Facility Anti-Terrorism Standards (CFATS).
    As you are aware, the Department's current statutory authority to 
implement CFATS--Section 550 of the fiscal year 2007 Department of 
Homeland Security Appropriations Act, as amended was recently extended 
through October 4, 2012. I believe strongly in the CFATS program and 
welcome the opportunity to continue to work with the committee, 
Congress, and all levels of government and the private sector to 
further improve this vital National security program.
    In the interest of facilitating that collaboration, my testimony 
today focuses on the current status of the program, examples of the 
program's successes to date, some of the current challenges facing the 
National Protection and Programs Directorate (NPPD) in implementing 
CFATS, and the actions we are taking to address these challenges. 
Additionally, I will reiterate the principles that we believe should 
guide the program's maturation and continued authorization.
    At my direction, the program's leadership has outlined their 
priorities, the challenges they believe the program faces, and a 
proposed path forward to address those challenges and accomplish 
program objectives. I assure the committee that the CFATS program is 
making progress; that NPPD, the Directorate with oversight 
responsibility for the CFATS program, is continuously reviewing the 
program to identify areas for improvement and correcting course when 
necessary to ensure proper implementation; and that CFATS's value as a 
National security program warrants your support and commitment.
                 chemical facility security regulations
    Section 550 of the fiscal year 2007 Department of Homeland Security 
Appropriations Act directed the Department to develop and adopt, within 
6 months, a regulatory framework to address the security of chemical 
facilities that the Department determines pose high levels of risk. 
Specifically, Section 550(a) of the Act authorized the Department to 
adopt rules requiring high-risk chemical facilities to complete 
Security Vulnerability Assessments (SVAs), develop Site Security Plans 
(SSPs), and implement protective measures necessary to meet risk-based 
performance standards established by the Department. Consequently, the 
Department published an Interim Final Rule, known as CFATS, on April 9, 
2007. Section 550, however, expressly exempts from those rules certain 
facilities that are regulated under other Federal statutes, 
specifically those regulated by the United States Coast Guard pursuant 
to the Maritime Transportation Security Act (MTSA), drinking water and 
wastewater treatment facilities as defined by Section 1401 of the Safe 
Water Drinking Act and Section 212 of the Federal Water Pollution 
Control Act, and facilities owned or operated by the Departments of 
Defense or Energy, as well as certain facilities subject to regulation 
by the Nuclear Regulatory Commission (NRC).
    The following core principles guided the development of the CFATS 
regulatory structure:
    1. Securing high-risk chemical facilities is a comprehensive 
        undertaking that involves a National effort, including all 
        levels of government and the private sector.--Integrated and 
        effective participation by all stakeholders--Federal, State, 
        local, Tribal, and territorial government partners as well as 
        the private sector--is essential to securing our critical 
        infrastructure, including high-risk chemical facilities. 
        Implementing this program means tackling a sophisticated and 
        complex set of issues related to identifying and mitigating 
        vulnerabilities and setting security goals. This requires a 
        broad spectrum of input, as the regulated facilities bridge 
        multiple industries and critical infrastructure sectors. By 
        working closely with members of industry, academia, and 
        partners across government at every level, we leveraged vital 
        knowledge and insight to develop the regulation;
    2. Risk-based tiering is used to guide resource allocations.--Not 
        all facilities present the same level of risk. The greatest 
        level of scrutiny should be focused on those facilities that 
        present the highest risk--those that, if attacked, would 
        endanger the greatest number of lives;
    3. Reasonable, clear, and calibrated performance standards will 
        lead to enhanced security.--The CFATS rule establishes 
        enforceable risk-based performance standards (RBPS) for the 
        security of our Nation's chemical facilities. High-risk 
        facilities have the flexibility to develop appropriate site-
        specific security measures that will effectively address risk 
        by meeting these standards. NPPD's Infrastructure Security 
        Compliance Division (ISCD), the Division within NPPD 
        responsible for managing CFATS, will analyze all final high-
        risk facility SSPs to ensure they meet the applicable RBPS and 
        will approve those that do. If necessary, ISCD will work with a 
        facility to revise and resubmit an acceptable plan and can 
        disapprove security plans if an acceptable plan is not 
        submitted; and
    4. Recognition of the progress many companies have already made in 
        improving facility security leverages those advancements.--Many 
        companies made significant capital investments in security 
        following 9/11, and even more have done so since the passage of 
        the legislation establishing this program. Building on that 
        progress in implementing the CFATS program will raise the 
        overall security baseline at high-risk chemical facilities.
    On November 20, 2007, the Department published CFATS's Appendix A, 
which lists 322 chemicals of interest--including common industrial 
chemicals such as chlorine, propane, and anhydrous ammonia--as well as 
specialty chemicals, such as arsine and phosphorus trichloride. The 
Department included chemicals based on the potential consequences 
associated with one or more of the following three security issues:
    1. Release--Toxic, flammable, or explosive chemicals that have the 
        potential to create significant adverse consequences for human 
        life or health if intentionally released or detonated;
    2. Theft/Diversion--Chemicals that have the potential, if stolen or 
        diverted, to be used as or converted into weapons that could 
        cause significant adverse consequences for human life or 
        health; and
    3. Sabotage/Contamination--Chemicals that, if mixed with other 
        readily available materials, have the potential to create 
        significant adverse consequences for human life or health.
    The Department also established a Screening Threshold Quantity for 
each chemical of interest based on its potential to create significant 
adverse consequences to human life or health in one or more of these 
ways.
    Implementation of the CFATS regulation requires the Department to 
identify which facilities it considers high-risk. In support of this, 
ISCD developed the Chemical Security Assessment Tool (CSAT) to help the 
Department identify potentially high-risk facilities and to provide 
methodologies those facilities can use to conduct SVAs and to develop 
SSPs. CSAT is a suite of on-line applications designed to facilitate 
compliance with the program; it includes user registration, the initial 
consequence-based screening tool (Top-Screen), an SVA tool, and an SSP 
template. The CSAT tool is a secure method as it can be accessed only 
by Chemical-terrorism Vulnerability Information (CVI) authorized users.
    Through the Top-Screen process, ISCD initially identifies high-risk 
facilities, which the Department then assigns to one of four 
preliminary risk-based tiers, with Tier 1 representing the highest 
level of potential risk. Tiered facilities must then complete SVAs and 
submit them to the Department for approval, although preliminary Tier 4 
facilities may submit an Alternative Security Program (ASP) in lieu of 
an SVA. Each SVA is carefully reviewed for its description of how 
chemicals are managed and for physical, cyber, and chemical security 
risks.
    After completing its review of a facility's SVA, ISCD makes a final 
determination as to whether the facility is high-risk and, if so, 
assigns the facility a final risk-based tier. Each final high-risk 
facility is then required to develop for ISCD approval an SSP or, if it 
so chooses, an ASP, that addresses its identified vulnerabilities and 
security issues and satisfies the applicable RBPS. ISCD's final 
determinations as to which facilities are high-risk, and as to their 
appropriate tier levels, are based on each facility's individual 
security risk as determined by its Top-Screen, SVA, and any other 
available information. The higher the facility's risk-based tier, the 
more robust the security measures it will be expected to adopt in its 
SSP. Risk tier will also be a factor in determining the frequency of 
inspections.
    The SSP is a critical element of the Department's efforts to secure 
the Nation's high-risk chemical facilities; it enables final high-risk 
facilities to document their individual security strategies for meeting 
the applicable RBPS. The RBPS cover the fundamentals of security, such 
as restricting the area perimeter, securing site assets, screening and 
controlling access, cybersecurity, training, and response. Each high-
risk facility's security strategy and measures, as described in the 
SSP, will be unique, as they depend on the facility's risk level, 
security issues, characteristics, and other facility-specific factors. 
In fact, under Section 550, the Department cannot mandate any specific 
security measure to approve the SSP.
    Therefore, the CSAT SSP tool collects information on how each 
facility will meet the applicable RBPS. The SSP tool is designed to 
take into account the complicated nature of chemical facility security 
and allows facilities to describe both facility-wide and asset-specific 
security measures. NPPD understands that the private sector generally, 
and CFATS-affected industries in particular, are dynamic. The SSP tool 
allows facilities to involve their subject-matter experts from across 
the facility, company, and corporation, as appropriate, in completing 
the SSP and submitting a combination of existing and planned security 
measures to satisfy the RBPS. NPPD expects that most SSPs will comprise 
both existing and planned security measures. Through a review of the 
SSP, in conjunction with an on-site inspection, ISCD determines whether 
a facility has met the requisite level of performance given its risk 
profile and thus whether its SSP should be approved.
    For additional context, I would like to provide you with an example 
of how some facilities approach the development and submission of their 
SSPs: In the case of a Tier 1 facility with a release hazard security 
issue, the facility is required to restrict the area perimeter 
appropriately, which may include preventing breach by a wheeled 
vehicle. To meet this standard, the facility is able to propose 
numerous security measures, such as by cables anchored in concrete 
blocks along with movable bollards at all active gates or by perimeter 
landscaping (e.g., large boulders, steep berms, streams, or other 
obstacles) that would thwart vehicle entry. The Department will approve 
the security measure as long as ISCD determines it to be sufficient to 
address the applicable performance standard.
    In May 2009, DHS issued Risk-Based Performance Standards Guidance 
to assist high-risk chemical facilities in determining appropriate 
protective measures and practices to satisfy the RBPS. It is designed 
to help facilities comply with CFATS by providing detailed descriptions 
of the 18 RBPS as well as examples of various security measures and 
practices that could enable facilities to achieve the appropriate level 
of performance for the RBPS at each tier level. The Guidance also 
reflects public and private-sector dialogue on the RBPS and industrial 
security, including public comments on the draft guidance document. 
High-risk facilities are free to make use of whichever security 
programs or processes they choose--whether or not in the Guidance--
provided that they achieve the requisite level of performance under the 
CFATS RBPS.
                         implementation status
    To date, ISCD has reviewed more than 40,000 Top-Screens submitted 
by chemical facilities. Since June 2008, ISCD has notified more than 
7,000 facilities that they have been initially designated as high-risk 
and are thus required to submit SVAs; and ISCD has completed our review 
of approximately 6,500 submitted SVAs. (Note, not all facilities 
initially designated as high-risk ultimately submit SVAs or ASPs, as 
some choose to make material modifications to their chemical holdings, 
or make other changes, prior to the SVA due date that result in the 
facility no longer being considered high-risk.) In May 2009, ISCD began 
notifying facilities of their final high-risk determinations, risk-
based tiering assignments, and the requirement to complete and submit 
an SSP or ASP.
    In May 2009, ISCD issued 141 final tier determination letters to 
the highest-risk (Tier 1) facilities, confirming their high-risk status 
and initiating the 120-day time frame for submitting an SSP. After 
issuing this initial set of final tier determinations, ISCD 
periodically issued notifications to additional facilities of their 
final high-risk status. To date, more than 4,100 additional facilities 
have received final high-risk determinations and tier assignments, and 
several hundred that were preliminarily-tiered by ISCD were informed 
that they are no longer considered high-risk.
    As of February 14, 2012, CFATS covers 4,464 high-risk facilities 
Nation-wide; of these 4,464 facilities, 3,693 are currently subject to 
final high-risk determinations and due dates for submission of an SSP 
or ASP. The remainder of the facilities are awaiting final tier 
determinations based on their SVA submissions. ISCD continues to issue 
final tier notifications to facilities across all four risk tiers as we 
make additional final tier determinations.
    It should be noted that since the inception of CFATS, more than 
1,600 facilities completely removed their chemicals of interest, and 
more than 700 other facilities have reduced their holdings of chemicals 
of interest to levels resulting in the facilities no longer being 
considered high-risk. These actions, many of which NPPD believes were 
the result of choices made by facilities after Congressional passage of 
Section 550 and the adoption of the CFATS regulation, have helped 
reduce the number of high-risk chemical facilities located throughout 
the Nation, and have correspondingly made the Nation more secure. This 
is just one way in which Congress's passage of Section 550 to authorize 
the CFATS program is already helping to make our citizens safer and our 
Nation more secure.
    Prior to approving an SSP, ISCD must first authorize the SSP.
   In February 2010, ISCD began conducting pre-authorization 
        visits of final-tiered facilities, starting with the Tier 1 
        facilities, and has completed approximately 180 such pre-
        authorization visits to date. ISCD used these pre-authorization 
        visits to help gain a comprehensive understanding of the 
        processes, risks, vulnerabilities, response capabilities, 
        security measures and practices, and other factors at a covered 
        facility that affect security risk and to help facilities more 
        fully develop and explain the security measures in their SSPs.
   After ISCD issues a Letter of Authorization for a facility's 
        SSP, ISCD conducts a comprehensive and detailed authorization 
        inspection before making a final determination as to whether 
        the facility's SSP satisfies all applicable RBPS.
     To date, ISCD has authorized or conditionally authorized 
            55 of the 117 Tier 1 SSPs and conducted 10 authorization 
            inspections.
     Facilities that successfully pass inspection and that DHS 
            determines have satisfied the RBPS will then be issued 
            Letters of Approval for their SSPs.
     Facilities must fully implement their approved SSPs to be 
            considered CFATS-compliant.
     ISCD plans to issue the first Letters of Approval this 
            year and is currently conducting its due diligence to 
            ensure that the existing or planned security measures at 
            any facility that will receive a Letter of Approval will, 
            in fact, meet the appropriate risk-based performance 
            standards.
   It is important to note that many of the roughly 4,000 SSPs 
        or ASPs received to date have required or likely will require 
        substantial additional information and clarification from the 
        facilities, adding to the time line as DHS works with the 
        facilities to fill in the gaps and finalize their SSP or ASP 
        submissions.
   Under CFATS, when a facility does not meet its obligations 
        under the program, an Administrative Order is the first formal 
        step toward enforcement. An Administrative Order does not 
        impose a penalty or fine but directs the facility to take 
        specific action to comply with CFATS--for example, to complete 
        an overdue SSP within a specified time frame.
   If the facility does not comply with the Administrative 
        Order, the Department may issue an Order Assessing Civil 
        Penalty of up to $25,000 each day the violation continues and/
        or an Order to Cease Operations.
   In June 2010, ISCD issued its first Administrative Orders to 
        18 chemical facilities for failure to submit an SSP. During the 
        remainder of the year, ISCD issued an additional 48 
        Administrative Orders to chemical facilities that had failed to 
        submit their SSPs in a timely manner under CFATS. We are 
        pleased to report that all 66 facilities complied with the 
        Administrative Orders issued. As CFATS implementation 
        progresses, we expect to continue to exercise our enforcement 
        authority to ensure CFATS compliance.
                            outreach efforts
    Since the release of CFATS in April 2007, ISCD has taken 
significant steps to publicize the rule and ensure that the regulated 
community and our security partners are aware of its requirements. As 
part of this outreach program, ISCD has regularly updated impacted 
sectors through their Sector Coordinating Councils and the Government 
Coordinating Councils of industries most impacted by CFATS, including 
the Chemical, Oil and Natural Gas, and Food and Agriculture Sectors. 
ISCD has also solicited feedback from our public and private sector 
partners and, where appropriate, has reflected that feedback in 
implementation activities.
    To date, ISCD inspectors have conducted nearly 900 Compliance 
Assistance Visits and have held more than 3,000 informal introductory 
meetings with owners and/or operators of CFATS-regulated facilities. 
ISCD staff have presented at hundreds of security and chemical industry 
conferences; participated in a variety of other meetings of relevant 
security partners; established a Help Desk for CFATS questions that 
receives between 40 and 80 calls daily; put in place a CFATS tip-line 
for anonymous chemical security reporting; and developed and regularly 
updated a highly regarded Chemical Security website (www.DHS.gov/
chemicalsecurity), which includes a searchable Knowledge Center. ISCD 
has also offered regular SSP training webinars to assist high-risk 
facilities to complete their SSPs.
    In addition, ISCD continues to focus on fostering solid working 
relationships with State and local officials as well as first 
responders in jurisdictions with high-risk facilities. To meet the 
risk-based performance standards under CFATS, facilities need to 
cultivate and maintain effective working relationships--including a 
clear understanding of roles and responsibilities--with local officials 
who aid in preventing, mitigating, and responding to potential attacks. 
To facilitate these relationships, ISCD inspectors have been actively 
working with facilities and officials in their areas of operation, and 
they have participated in more than 2,000 meetings with Federal, State, 
and local partners, including more than 100 Local Emergency Planning 
Committee meetings. Such meetings afford ISCD inspectors with an 
opportunity to provide our Federal, State, and local security partners 
with a better understanding of CFATS requirements and allow our 
inspectors to gain insight into the activities of Federal, State, and 
local partners operating within their jurisdictions.
    Other efforts to ensure State and local awareness of and 
involvement in CFATS include the joint development with the State, 
Local, Tribal, and Territorial Government Coordinating Council and 
sharing of outreach materials specifically tailored to the emergency 
response community, which summarize CFATS programs and processes for 
local emergency responders; annual collaboration with the State of New 
Jersey's Office of Homeland Security and Preparedness and participation 
in several CFATS-based workshops hosted by the State that have brought 
together facility owners/operators, site security personnel, emergency 
responders, and other State-based stakeholders; and participation in 
two successful CFATS workshops hosted by the State of Michigan in 
Detroit and Midland, Michigan. Moving forward, ISCD hopes to continue 
and expand our collaborative efforts with our State partners on CFATS-
based workshops. Additionally, in May 2010, ISCD launched a web-based 
information-sharing portal called ``CFATS-Share.'' This tool provides 
selected Federal, State, and local stakeholders, such as interested 
State Homeland Security Advisors and their designees, DHS Protective 
Security Advisors, the National Infrastructure Coordinating Center, the 
DHS Chemical Sector-Specific Agency, as well as certain members of the 
State, Local, Tribal and Territorial Government Coordinating Council, 
access to key details on CFATS facility information as needed.
    ISCD also continues to collaborate within DHS and with other 
Federal agencies in the area of chemical security, including routine 
engagement among the NPPD's subcomponents and with the USCG, the 
Transportation Security Administration, the Department of Justice's FBI 
and Bureau of Alcohol, Tobacco, Firearms and Explosives, the NRC, and 
the EPA. An example of this coordination includes the establishment of 
a joint ISCD/USCG CFATS-MTSA Working Group to evaluate and, where 
appropriate, implement methods to harmonize the CFATS and MTSA 
regulations. Similarly, NPPD has been working closely with the EPA to 
begin evaluating how the CFATS approach could be used for water and 
wastewater treatment facilities.
    Internally, we are continuing to build ISCD. We have hired, or are 
in the process of on-boarding, more than 206 people, and we are 
continuing to hire to meet our staffing goal of 253 positions this 
fiscal year. These numbers include our field inspector cadre, where we 
have filled 102 of 108 field inspector positions and all 14 field 
leadership positions.
                  identified challenges and next steps
    The Department, NPPD, and ISCD have done much work over the past 
few years to establish and implement this unprecedented regulatory 
program, but CFATS still has challenges to address. In recognition of 
this, upon the arrival of ISCD's new Director and Deputy Director, I 
asked them to provide for my consideration their views on the successes 
and challenges of the CFATS program. Candid, honest assessments and 
critiques are valuable tools in evaluating progress and determining 
where improvement is needed. Furthermore, course corrections are to be 
expected and on-going decisions will need to be made.
    In late November 2011, the ISCD Director and Deputy Director hand-
delivered to me a memo providing their views. It is important to note 
that, in addition to the referenced challenges, the ISCD memorandum 
also proposed for my consideration a charted path to addressing the 
challenges. Specifically, the memorandum included an Action Plan with 
detailed recommended steps for addressing the issues identified, and we 
have shared those with the committee. Since my receipt of the ISCD 
memorandum, each of the nearly 100 action items contained in the 
proposed Action Plan has now been assigned to a member of ISCD's senior 
leadership team for action, and I have already seen progress on many of 
these items. For accountability, planning, and tracking purposes, the 
members of that leadership team have been asked to provide milestones 
and a schedule for the completion of each task assigned to them, and 
the Acting ISCD Chief of Staff will monitor progress. In addition, ISCD 
leadership meets with my Principal Deputy Under Secretary at least once 
a week to provide status updates on the action items.
    The speed with which the program was stood up necessitated some 
decisions that, at the time, seemed appropriate. For example, at the 
program's outset, certain roles and responsibilities were envisioned 
for the program staff that, in the end, did not apply. This resulted in 
the hiring of some employees whose skills did not match their ultimate 
job responsibilities and the purchase of some equipment that in 
hindsight appears to be unnecessary for chemical inspectors. 
Additionally, we initially envisioned a greater number of field offices 
than we determined were necessary to deploy in our current environment. 
These decisions and the subsequent challenges that have resulted from 
them are directly related to the accelerated stand-up of the program--
and while we regret that they occurred, we consider them valuable 
lessons learned.
                           program successes
    I would like to point out to the committee that NPPD has made 
progress in addressing some of the other challenges in the ISCD 
memorandum and Action Plan. One identified challenge regards the 
ability of ISCD to complete SSP reviews in a consistent, reasonable, 
and timely fashion. To help overcome past difficulties in meeting this 
challenge, ISCD is utilizing an interim SSP review process that is 
allowing the Department to review Tier 1 facility SSPs in a more 
effective and timely manner.
    Over the past few months, ISCD has been able to more than quadruple 
the number of authorized SSPs, and I am pleased to report that as of 
February 21, 2012, 55 of the 117 Tier 1 SSPs have been authorized or 
conditionally authorized. ISCD expects to complete its review of all 
Tier 1 SSPs and to notify the facilities of ISCD's decisions on those 
SSPs within the coming months. ISCD also expects to begin issuing 
authorizations to Tier 2 facilities during fiscal year 2012. While this 
interim review process is under way, ISCD is also working on an even 
more efficient long-term approach to SSP review for facilities in Tiers 
2, 3, and 4. This long-term approach will incorporate lessons learned.
    A second challenge identified in the memorandum concerns 
organizational culture and morale. Based in part on internal staff 
surveys and personal observation, ISCD leadership believes that 
improved internal communication, stronger programmatic leadership, 
consistent levels of accountability, and a clearly articulated shared 
vision and values will significantly improve morale throughout ISCD. 
The Action Plan contains numerous planned or proposed actions designed 
to achieve this goal, many of which already are being implemented.
    For instance, ISCD employees now contribute to, and receive a 
monthly ISCD newsletter and weekly updates on ISCD events in an effort 
to improve internal communications; numerous ISCD Director-led town 
halls and open-door sessions have been held with employees in the 
District of Columbia and throughout the country; vacancy announcements 
that will be used to hire a permanent leadership team to support the 
new Director and Deputy Director are going through the Departmental 
human capital process; more thorough supervisory training and guidance 
on performance monitoring is being identified and will be provided to 
all Divisional supervisors; and a cross-Divisional working group was 
established to update or develop a Division mission statement, vision 
statement, and statement of core values, which will be shared and 
consistently reinforced with all ISCD staff. Through these and other 
activities, I believe that Division-wide morale is improving, which 
ultimately will pay dividends not only in improved staff retention, but 
also in improved staff performance. In addition, ISCD leadership has 
worked with, and will continue to work with, the CFATS inspector 
cadre's union to develop and implement appropriate and sustainable 
solutions to address these challenges.
    In working on implementing action items and identifying the best 
solutions for the challenges facing CFATS, NPPD leadership is committed 
to receiving input from and, where appropriate, collaborating with the 
regulated community and our Federal, State, and local partners.
    NPPD, ISCD, and the Department are taking our responsibilities for 
the CFATS program and the Nation's security seriously and are moving 
forward quickly and strategically to address the challenges before us. 
We believe that CFATS is making the Nation safer and are dedicated to 
its success. We will make the necessary course corrections to improve 
the program to better protect the Nation.
               legislation to permanently authorize cfats
    We have benefited from the constructive dialogue with Congress, 
including Members of the committee, as it continues to contemplate new 
authorizing legislation for CFATS. The Department recognizes the 
significant work that the committee and others have accomplished to 
reauthorize the CFATS program. We appreciate this effort and look 
forward to continuing the constructive engagement with Congress on 
these important matters.
    The Department supports a permanent authorization for the CFATS 
program and is committed to working with Congress and other security 
partners to establish a permanent authority for the CFATS program in 
Federal law.
                               conclusion
    As the activities described above demonstrate, NPPD is continuing 
to make progress in the implementation of CFATS. CFATS already is 
reducing the risks associated with our Nation's chemical 
infrastructure. In August 2011, the American Chemistry Council (ACC) 
conducted a survey of CFATS-regulated facility owners covering 
approximately 800 facilities and received over 135 responses. Among 
other things, the ACC survey found that the majority of respondents 
believe extending CFATS will improve chemical security at CFATS-
regulated facilities. The results also revealed that companies have 
made substantial investments in security upgrades as a result of CFATS, 
and plan to make additional investments following ISCD approval of 
their SSPs.
    As we implement CFATS, we will continue to work with industry, our 
Federal partners, States, and localities to get the job done, meet the 
challenges identified in the ISCD report, and effectuate the continuing 
utility of the program in preventing terrorists from exploiting 
chemicals or chemical facilities in a terrorist attack against this 
country.
    Thank you for holding this important hearing. I would be happy to 
respond to any questions you may have.

    Mr. Lungren. Thank you very much Mr. Secretary.
    Now Ms. Anderson.

   STATEMENT OF PENNY J. ANDERSON, DIRECTOR, INFRASTRUCTURE 
    SECURITY COMPLIANCE DIVISION, OFFICE OF INFRASTRUCTURE 
          PROTECTION, DEPARTMENT OF HOMELAND SECURITY

    Ms. Anderson. Thank you, Mr. Chairman. Thank you for the 
opportunity to meet with you and the Members of the 
subcommittee today.
    I appreciate the opportunity to talk about the CFATS 
program, where we are and where we need to go. I particularly 
appreciate the opportunity to provide some context for this 
internal memorandum. As we are all aware, that is what this 
was. It was not an investigative report, it was an internal 
memorandum to my leadership, expressing Mr. Wulf's and my 
observations about what we thought our priorities should be, 
what our challenges are, and, most importantly, about the way 
forward. Because it was written in that context and meant in 
that way, it didn't provide the context that would have been 
necessary for external readers of the program. Again, I 
appreciate the opportunity in that regard to provide some 
context.
    I would last like to say that while I view the challenges 
identified within that memorandum as not insignificant, I also 
do not view them as insurmountable. I think that an awful lot 
of good work has been done by a lot of really good, hardworking 
people, and that we can make the corrections necessary to keep 
us on the right track and move us down the road. I again look 
forward to discussing with you that way forward. Thank you, 
sir.
    Mr. Lungren. Thank you.
    The Chair now recognizes Mr. Wulf to testify.

   STATEMENT OF DAVID WULF, DEPUTY DIRECTOR, INFRASTRUCTURE 
    SECURITY COMPLIANCE DIVISION, OFFICE OF INFRASTRUCTURE 
          PROTECTION, DEPARTMENT OF HOMELAND SECURITY

    Mr. Wulf. Thank you, Mr. Chairman. I don't want to 
reiterate the remarks of the Under Secretary and Director 
Anderson. But I will just say that I very much appreciate the 
opportunity to be here today. Both Director Anderson and I 
arrived at ISCD NPPD about 8 months ago. I just cannot say 
enough about how excited I was to join the team at the 
Department and NPPD, and specifically within our division. It 
is really filled with just a huge number of talented and 
committed individuals who are just completely dedicated to 
moving the CFATS and our ammonium nitrate program forward.
    As Director Anderson mentioned, our report did identify a 
number of significant challenges. In no way are those 
challenges insurmountable. We are looking forward to continuing 
to work with our industry stakeholders, as well as stakeholders 
within the union, to move the program forward. I am looking 
forward to answering questions about the program today. Thank 
you so much.
    Mr. Lungren. All right.
    We will have a first round of questions, 5 minutes apiece. 
I will recognize myself for the purpose of asking questions.
    Mr. Wulf, Ms. Anderson, if I were to just take the 
testimony you just gave just now, I would think everything was 
hunky-dory, that we are moving ahead, we have minor problems, 
we don't have to worry about it. I would hope that that would 
be the case. But in the memo you outlined some serious 
problems. If you were to make an overarching statement about 
the nature of the problems, what would it be? Ms. Anderson.
    Ms. Anderson. Thank you, sir, for that question. An 
overarching statement about the challenges. I think that many 
of the challenges that we are facing are challenges that are 
not uncommon to a new program standing up in a Government 
environment, standing up very quickly. The statement you often 
hear is ``building an airplane while flying it.''
    What we are doing I think is moving in the right direction. 
I think that a lot of the work that has been done is important, 
it has provided a sound basis for the program technically, and 
that the vast majority of the challenges are not programmatic 
but more administrative in nature.
    Mr. Lungren. Let me ask you this. One of the first things 
you mention in the memo is at the beginning of the CFATS 
program the specific requirements of our Congressional mandate 
resulted in extraordinary pressure to proceed with the 
development implementation of the program at an impractical 
pace. What do you mean by that? I mean Congress oftentimes 
urges the Executive Branch to get moving on something. This is 
important. We always use the expression, ``It is not rocket 
science,'' but I mean, this does involve science and does 
involve chemicals, chemistry, et cetera. But what is the cause 
of this extraordinary pressure? Is that really an excuse for 
what you found?
    Ms. Anderson. Mr. Chairman, I wasn't here when the program 
stood up, and it is difficult for me to speak to what was in 
people's minds, people who are not here to talk about that. But 
what has been expressed to me, and I would certainly defer to 
the Under Secretary to clarify or add to this, is that there 
was every effort to understand, to recognize Congress' sense of 
urgency in terms of the importance, the criticality of this 
program, making sure that chemical facilities were secure and 
that we mitigate the risk to those facilities. In the spirit of 
that, we rushed forward rather quickly, and, again, in the 
spirit of any new regulatory program or any new program, hit 
some bumps in the road and have had to take some course 
corrections. It is a big program, it is a complex program, and 
I think it is not unusual to encounter some challenges on the 
way.
    Mr. Lungren. Under Secretary Beers, the administration has 
asked for an extension, it is not a permanent--it is about as 
permanent as you can get in the Executive Branch--extension, a 
multi-year extension. It is one of the things that I have 
supported because I do believe in this program. But what would 
you say to the critics who suggest that the revelations that 
are contained in this memo are evidence that we have got to go 
back to ground zero, that in fact the program has failed, that 
the fact that you have had these difficulties with respect to 
the compliance phase is an indication of the lack of foundation 
of the program itself?
    Mr. Beers. Sir, in answer to that, I would say two things. 
The first thing is that, as indicated by the chart up on the 
screen, and I realize it is a little busy, if you were to look 
at the 12 steps that are in that chart, reading from left to 
right, top to bottom, we are in the 10th step of a 12-step 
process at this point in time. So my first point would be we 
have come a long way from the very beginning of the program in 
terms of the things that we have accomplished.
    As we have gotten to the compliance stage--excuse me, as we 
have gotten to the site security plan authorization stage, we 
have come to the realization through a number of difficult 
steps and the result of the report that Ms. Anderson and Mr. 
Wulf provided us, that we need to make sure that we have all of 
the people and items in place that will allow us to execute the 
program successfully in the final stages.
    So my first point is I think we have come a long way. We 
clearly still have challenges. The second point is that as long 
as the program continues to operate on an annual authorization 
basis since the original authorization, it leaves a degree of 
uncertainty as to the long-term status of the program. I 
believe that we and our industry partners will be on a much 
stronger footing if you all indicate to us that you believe in 
the program as we do and want to see it go forward.
    Having said that, we obviously owe you a great deal of 
information about the progress we make with respect to the plan 
of action and would hope that in the oversight function we 
would be able to provide that. Thank you.
    Mr. Lungren. Thank you. My time is expired. Ms. Clarke is 
recognized for 5 minutes.
    Ms. Clarke. Thank you very much, Mr. Chairman. Under 
Secretary Beers, your office recently provided the subcommittee 
with an internal memorandum entitled ``Challenges Facing ISCD 
and the Path Forward'' which identify challenges facing ISCD as 
it continues implementing the CFATS programs, including those 
related to human capital management, strategic planning, 
procurement, and basic program administration. Many of the 
challenges identified in the memorandum appear to be 
longstanding issues that have hindered development of CFATS' 
program for some time.
    Nevertheless, when you testified before the House Committee 
on Energy and Commerce on the CFATS program in March 2011, you 
gave no indication there were significant problems with the 
program's progress.
    When did NPPD management first become aware of problems 
with the CFATS program and what problems were brought to its 
attention at that time?
    Mr. Beers. As we have briefed this committee and other 
committees, at the point in time that I asked for this report, 
there had been three different pieces of information or 
problems that had come to my attention which the committees 
have all been briefed on. The first was related to locality 
pay, the second was related to the slowness of the 
authorization of the site security plans, and the third was 
related to the tiering mistake that occurred within the 
program. Those three items represented--and the last item came 
to my attention in June last year. Those three items and a 
report that I, together with Assistant Secretary Keil, had 
commissioned in December 2010, formed the basis of wanting to 
make sure that we had a real thorough scrub of the program. 
That is what resulted in the report.
    Ms. Clarke. Okay. Let me just ask. The challenges described 
in the ISCD memorandum raised questions about whether ISCD is 
positioned to make progress implementing the CFATS program, 
especially over the short term. What barrier does ISCD face 
overcoming some of the challenges discussed in the memorandum? 
What can NPPD do to help ISCD overcome these challenges? What 
actions can the subcommittee, and ultimately the Congress, take 
to help NPPD and ISCD overcome these challenges? Does NPPD 
intend to conduct a study to determine the extent to which the 
management challenges outlined in the ISCD internal memorandum 
extend to other NPPD components?
    Mr. Beers. The NPPD front office, as well as the 
infrastructure protection front office, stand fully behind the 
ISCD director and deputy director. We have provided them with 
human capital support in order to be able to realign the 
positions and the people in the organization to ensure the best 
possible match of requirements and qualifications. We have 
overcome the restrictions that existed from DHS overall about 
whether or not there could be training officers hired within 
the office. We have regular meetings with the leadership of the 
office in order to ascertain both where progress is on the plan 
of action and whether there are obstacles identified that 
leadership in NPPD can overcome, and, if necessary, to go to 
the Secretary of Homeland Security to overcome those obstacles 
should they exist.
    Ms. Clarke. Let me just ask this, finally. In light of the 
detailed failings of the program and especially in light of the 
managerial deficiencies outlined in the recently-leaked 
memorandum, is it your opinion that the program should be 
reauthorized carte blanche for 7 years without any 
recommendations from the authorizing committee, and if so why?
    Mr. Beers. It is my hope that the committee will authorize 
the program for the full 7 years in order to create stability 
with the program. I believe that we can meet the oversight that 
you should obviously hold us responsible for, and I think that 
that is a recipe for going forward.
    We have two very good people running the program now. We 
have the clear intent on the part of leadership to give them 
our full support, not that we didn't before, but we didn't 
realize how much support was necessary. So I think that what 
you see here is committed leadership that is ready to go 
forward, and we would hope that you would be prepared to 
authorize the program for the full 7 years.
    Mr. Lungren. The gentlelady's time is expired. Mr. Meehan 
from Pennsylvania is recognized for 5 minutes.
    Mr. Meehan. Thank you, Mr. Chairman. Thank you for your 
presence here today.
    One of the big concerns, of course, is not just your work 
in trying to internally resolve these issues, but the fact that 
there are businesses and others who are out waiting for the 
ultimate determination in a time of economic challenge that 
continues to be a concern.
    Can you talk to me a little bit about the tiering formulas 
that are taking place and the process by which the tiers were 
identified and how that resolved itself, at least at the first 
level?
    Mr. Beers. Sir, initially we identified chemicals of 
interest and levels of holdings that sites might have to 
determine whether or not a second look was required. That 
information was provided. As I indicated in my opening 
statement, 40,000 facilities were identified.
    Mr. Meehan. Self-reported?
    Mr. Beers. Self-reported, sir.
    Mr. Meehan. Were any random checks done to make sure that 
there was accuracy in the self-reporting?
    Mr. Beers. The check was the second tiering process, sir, 
which was a much more detailed--excuse me, a second assessment, 
which was a much more detailed site vulnerability assessment 
which was provided by those companies which reduced the 40,000 
facilities to 4,000-plus facilities. So we had a pretty clear 
indication there that we were getting to the heart of the high-
risk chemical facilities, who were then put into tiers 
depending upon the level of their holdings and the 
vulnerability of those holdings. That provided an ability to 
look at each of them against a risk calculus that suggested how 
great the risk was.
    Mr. Meehan. At some point in the program there were some 
flaws in that process.
    Mr. Beers. Right.
    Mr. Meehan. Can you identify how those flaws arose and what 
we did to correct them?
    Mr. Beers. Yes, sir. So what we discovered in the tiering 
process was that the information that was used to put companies 
in particular tiers--the original tiering was done with 
unclassified dummy information, dummy in the sense that it 
wasn't what we were going to use finally, but it gave us enough 
of a sense to get within the ball park of what the risk factor 
was. When we did the final tiering, that information did not 
get substituted for with the information which was classified, 
which was a narrower parameter of how high the risk was, 
parameter in the sense of how many individuals would be 
affected by a chemical release in the vicinity of the plan. So 
as a result of that, we discovered that we had mis-tiered a 
number of facilities and that those facilities----
    Mr. Meehan. To the detriment of the facilities in the sense 
some were tiered as being a higher risk or less of a risk?
    Mr. Beers. All of the tiering results of that either caused 
a reduction in the tiering or they stayed in the same tier. No 
company that was mis-tiered went to a higher tier level as a 
result of that.
    Mr. Meehan. Did any of these companies challenge their 
tiering?
    Mr. Beers. With respect to the re-tiering, no. With respect 
to tiering as a general proposition, companies change their 
holdings over time, they have new procedures that they put in 
place. The program allows them to come in and resubmit a screen 
and ask as to whether or not that would adjust.
    Mr. Meehan. That would be done in an efficient fashion?
    Mr. Beers. That can be done by anyone at any time.
    Mr. Meehan. I want to jump to one last question in the time 
that I have. Ms. Anderson, at one point in time you had talked 
a little bit about the management and the culture, where there 
were some senior officials with ethical and other kinds of 
performance issues that had been raised and that had not been 
checked upon or had gone unchecked. Can you elaborate a little 
bit on that and what has been done to try to alleviate that 
issue?
    Ms. Anderson. Yes, sir. Thank you for the question. I am 
not sure that we identified any ethical issues per se from 
amongst those that you are referring to. But certainly, 
cultural challenges have been something that we have 
encountered and are working to overcome. I think that, again, 
it is a function of putting together a large group of people 
very quickly that all have--they all come from different 
places, have different life experiences, and we are squashing 
them together and asking them to work together as a team. 
Because of those different life experiences, different work 
experiences, they have different outlooks on where we need to 
go and how we need to get there. Sometimes some of the nice 
things fall by the wayside in the rush to do that.
    So what we are doing is everything that we can to create a 
cohesive culture to bring everyone into the team as an engaged 
contributing member of the team and to address the concerns 
they have with regard to consistency, transparency, and 
fairness.
    We have done a number of things in that regard. I have 
monthly all-hands meetings, town halls if you will, both 
electronic or over the telephone with the field folks and in 
person with our headquarters folks. We have reinvigorated or 
reinstituted our newsletter. We are developing a share page, an 
on-line page where we can share information with each other. We 
have an open-door policy. We have a series of emails. We are 
sharing information about the status of things.
    So we are doing everything that we can to be as transparent 
as makes sense as we can, to be as consistent, as fair, and to 
let all the members of our team know what we are doing, why we 
are doing it, the direction that we are going, and to solicit 
their active involvement engagement in the process.
    Mr. Meehan. Well, thank you for the work that you are doing 
in that.
    Mr. Lungren. The gentleman's time is expired. The Chairman 
now recognizes the gentlelady from California, Ms. Richardson, 
for 5 minutes.
    Ms. Richardson. Thank you, Mr. Chairman. According to the 
notes that I have here, DHS began inspections of Tier 1 
facilities in February 2010. By September 2011, you had 
performed only nine authorized inspections, and as of January 
23 DHS had only completed 53. Are those correct numbers?
    Mr. Beers. Fifty-five now, ma'am.
    Ms. Richardson. Okay, 55 out of how many that need to be 
done?
    Mr. Beers. The overall number of site security plans that 
would ultimately need to be done are----
    Ms. Richardson. Your mic is not on.
    Mr. Beers. Excuse me. The overall number that would need to 
be done is about 4,500. The Tier 1s are about 110 to 111.
    Ms. Richardson. So of the 55, did those all come out of 
Tier 1?
    Mr. Beers. Yes.
    Ms. Richardson. In light of that, how are you planning on 
being able to complete all these if we have only done 55 and 
4,500 need to be done?
    Mr. Beers. The current plan is that we will finish the site 
security plan reviews for the Tier I facilities in the next 
several months and then move on to the Tier 2 facilities in the 
remainder of fiscal year 2012.
    Ms. Richardson. So about what time do you think you will 
start Tier 2?
    Mr. Beers. Sometime this summer, roughly.
    Ms. Richardson. Will the Tier 1 facilities be required to 
submit new, I think they are called SSPs, even though the 
inspections are just being completed now?
    Mr. Beers. The plan is that the plans that we have now will 
be reviewed. If they are authorized, then we would go out with 
an authorization inspection to make sure that the plan as 
submitted represents a reasonable approach to the facts on the 
ground. The inspectors will do that. If the inspectors then 
feel that that is true, then the plans would be approved.
    So what we are talking about here is, as the site security 
plans are authorized, then we have authorization inspectors 
where our inspectors go out and look at each of those sites. So 
that is the next of the last step.
    Ms. Richardson. I am sorry, sir, I have only got 2 minutes 
and 16 seconds.
    It is my understanding under CFATS that facilities resubmit 
their site security plan every 2 years for Tier 1 or Tier 2 
facilities; is that correct?
    Ms. Anderson. Yes ma'am, the regulation does suggest that, 
but it also offers some flexibility in how we implement that.
    Ms. Richardson. So then my question is, since we are late 
in conducting these, are you still going to be requiring these 
companies to submit them on the 2-year cycle or are you going 
to be making an adjustment?
    Ms. Anderson. Yes, we are right now focusing as a matter of 
priority in clearing the queue of site security plans we 
already have. At this point we do not anticipate in the near 
term requesting resubmissions of SSPs that we have already 
authorized.
    Ms. Richardson. For their first 2-year submission?
    Ms. Anderson. Yes ma'am, that is accurate.
    Ms. Richardson. Okay. The information memorandum also 
raises concerns that the content and conduct of a compliance 
inspection has not been defined. It is quite possible that the 
compliance inspection will yield different results than the 
authorization inspection. This potentially would allow for 
disparity in results. Have you implemented some changes to 
address this, and if so what?
    Mr. Beers. So we have a process underway to ensure that, to 
the extent possible, that doesn't happen. But let me ask 
Director Anderson.
    Ms. Anderson. Thank you for the question. In fact, while it 
is true we have not yet completed our policies and procedures 
in terms of the way forward for a compliance inspection, what 
we have done is we have held off on conducting further 
authorization inspections pending that information, so that we 
can make sure that our authorization inspections are consistent 
and appropriate as they relate to our compliance inspections, 
so we want to move together.
    Ms. Richardson. All right. I have got 10 seconds now left. 
According to the memorandum, it states that you have 
approximately 108 inspectors and those inspectors can only 
inspect approximately 10 to 15 percent of the facilities; is 
that correct?
    Ms. Anderson. We are currently evaluating our workforce in 
terms of what it takes to do an inspection. When we have fully 
conceptualized what an inspection is and what it takes to do 
that, then we will be projecting our capabilities with our 
existing and any projected workforce.
    Ms. Richardson. Mr. Chairman, my time is expired, but I 
have more questions. So before we release the panel, if you 
could come back to me.
    Mr. Lungren. Yes.
    Ms. Richardson. Thank you, sir.
    Mr. Lungren. Mr. Marino is recognized for 5 minutes.
    Mr. Marino. Thank you, Chairman. Thank you, folks, for 
being here.
    I am not quite sure who to direct this question to, but I 
am going to start with Mr. Beers and then perhaps both or one 
of the other two can add something to this. The flaws in the 
program, according to some information that you submitted to us 
in preparation for today, which I commend you on the way it was 
put together, did not appear overnight. How did it happen that 
the information in the leaked memo made it to the media before 
being shared with Congress or this committee?
    Mr. Beers. Sir, what happened, with the arrival of the 
report from Director Anderson and Deputy Director Wulf, was 
that we had not done a thorough review to ensure that there 
weren't more issues and questions and work proposals associated 
with that, and we were caught in a process before we were able 
to come to you and discuss this.
    Mr. Marino. How many individuals had access to this 
information?
    Mr. Beers. To this information?
    Mr. Marino. Yeah, to the report that was leaked.
    Mr. Beers. I can tell you that within the Office of the 
Under Secretary, I believe that number is three: myself, my 
deputy, and the chief of staff.
    I would have to ask Ms. Anderson how many people had access 
in her office. My understanding is that only two people in the 
Office of the Assistant Secretary had it, but I am not sure 
about that. Penny may be able to shed more light on that.
    Mr. Marino. Please.
    Ms. Anderson. Thank you for the question, sir. There were 
in fact seven hard copies made of the final report, two 
belonging to Deputy Director Wulf and myself, and the remainder 
moving forward to our leadership. There were other individuals 
that were involved in the transfer of those documents, but only 
seven hard copies were made.
    Mr. Marino. So are you saying that only seven individuals 
had access to that, or did they pass that on to someone else, 
the seven hard copies?
    Ms. Anderson. I can't speak--sir, I can't speak to whether 
or not other folks who received copies shared them.
    Mr. Marino. So we are looking anywhere from 5 to maybe 13 
or 14 people had access to this. Were any of these people 
interviewed subsequent to the release in the newspaper?
    Mr. Beers. There is an on-going review of that, sir.
    Mr. Marino. Okay. Then I will not delve into questioning 
any further on this. But perhaps sometime we can get more of an 
in-depth explanation. Being from law enforcement, I understand 
that clearly.
    Ms. Anderson, I probably at least inferred a response 
incorrectly. One of my colleagues asked where we were headed 
with the process, and you referred to there were cultural 
challenges. Can you explain to me what you meant by cultural 
challenges, and did it have anything to do with the leak of the 
memo to the media?
    Ms. Anderson. Sir, thank you for the question. When I 
answered the question about where we were headed, I believe I 
was answering a question that was specifically directed towards 
our cultural, and I believe the word ``ethical'' was used, or 
``issues.''
    Mr. Marino. Yes.
    Ms. Anderson. So we are headed in a lot of directions 
depending on the challenge.
    Mr. Marino. Okay. Let me narrow my question more so. Were 
you talking about there is a challenge, cultural challenge as 
far as information being leaked or what information can be 
shared or what information to be contained? Because in my 
experience, at least in the 8, 9 years I have been with the 
Federal Government as U.S. attorney, now in Congress, we all 
pretty much take an oath, and there is an understanding of what 
information stays within an agency. Actually I am sure you 
agree with me that no one other than designated individuals 
should be speaking with the media.
    Now, obviously, someone out there wants to make a name for 
themselves or at least read an article or hear of an article 
that they were associated with. But please, can you elaborate 
on that?
    Ms. Anderson. Yes, sir. Well, I share your disappointment 
in the leak of the report. I can't speak to the motivations of 
the person who leaked it, because at this point we don't know 
who did leak it.
    Mr. Marino. Well, we pretty much know what the motivations 
are when something like this occurs. I am not holding you folks 
personally responsible. I am concerned about, as you say, the 
cultural aspect of this.
    What training has to take place before someone gets the 
point that this should not be done?
    Ms. Anderson. Well, I don't believe that the cultural 
challenges that I identified in the memorandum can be 
attributed to the motivations of the person leaking a report.
    Mr. Marino. I see my time has run out. Thank you. I yield.
    Mr. Lungren. We will do a quick second round here since we 
have only got four of us here. I yield myself the first 5 
minutes. This is both to Ms. Anderson and Mr. Wulf, because, 
Mr. Wulf, you got the pass here today so we are going to hear 
from you a little bit.
    In the memorandum there is a section which talks about 
inadequate training capability and the clause, ``due to 
restrictions placed upon our hiring,'' the division has not 
been able to hire personnel with the necessary level of 
knowledge, skills, and abilities needed to appropriately 
achieve our mission. One example is training.
    What restrictions placed upon hiring are you referring to?
    Mr. Wulf. That passage of the report referred to a policy, 
and the Under Secretary may be in a better position to speak at 
greater length about it, but a policy that is no longer in 
existence within NPPD that I believe was--that I believe was in 
place to try to centralize the training function within the 
directorate. So that was a policy that at the time precluded 
our division from hiring, into the division specifically, 
individuals with training expertise, curriculum development, 
and that sort of expertise. That policy is no longer in 
existence and we are moving forward to hire folks with the 
appropriate expertise.
    Mr. Lungren. So are you talking about you weren't able to 
hire people who actually knew how to train people; is that what 
you are saying?
    Mr. Wulf. We did not have in our training section 
individuals who had experience in the training discipline, that 
is accurate. We had folks----
    Mr. Lungren. And that has been corrected?
    Mr. Wulf. That policy is no longer a policy, and I am told 
it was a Departmental policy, not an NPPD policy.
    Mr. Lungren. Mr. Beers, according to our appropriation 
staff, you had a $25 million budget carry-over for this, and 
even with your fiscal year 2013 cut of $14 million, that is 
still $11 million that needs to be spent.
    Yet in the memo there is the citation of budget constraints 
as an obstacle to hiring and training personnel. What are those 
budget constraints?
    Mr. Beers. Sir, the budget constraints to hiring and 
training personnel are in part what Mr. Wulf was alluding to, 
that we couldn't use the money because the policy which was a 
centralizing policy for DHS, didn't allow that to happen. Some 
of the other carry-overs are a result of the program wasn't 
moving, as evidenced by the slowness of the authorization site 
security plans, as rapidly as we had anticipated when we 
requested the money.
    But let me turn to Director Anderson to elaborate further.
    Ms. Anderson. I concur.
    Mr. Lungren. So you had a $25 million budget carryover, a 
cut of $14 million, that is still $11 million. So you are not 
saying there are constraints expending those funds for this 
purpose; is that right?
    Mr. Beers. At this time I don't believe we have an issue.
    Mr. Lungren. All right. Mr. Beers, ISCD's internal 
memorandum implies that some of the challenges involved human 
capital management procurement and program administration that 
are outside of ISCD's control; rather, they could result from 
factors imposed by such things as NPPD and DHS hirings. We 
talked about procurement and budgetary policies and procedures 
and practices.
    To what extent are the management problems outlined in the 
internal memorandum attributed to barriers associated with the 
policies, procedures, and practices other than what you have 
already said about the hiring?
    Mr. Beers. Sir, with respect to the procurement in the 
administrative issues, those are areas where the alignment 
between ISCD and the Office of Infrastructure Protection and 
the Office of the Under Secretary needed to be better aligned 
with one another. The information flow needed to get from the 
bottom to the top so that we were aware of those problems and 
could fix them. This is, I think from my perspective, the most 
disappointing thing about this discovery, which was epitomized 
by the failure of the office to report the tiering problem that 
we described to you before.
    I have a consistent policy that I have told people that I 
want to hear bad news first from the people who work from me 
and not from people outside. I was extraordinarily disappointed 
by this, and have used it as a teaching moment both with 
respect to ISCD and IT, but with respect to the entirety of the 
NPPD. It wasn't that I hadn't said it before, but if this kind 
of a problem existed, then I needed to reiterate in the 
strongest possible language that this kind of behavior was 
unacceptable and didn't do justice to the people who worked for 
me and didn't allow us to fix the problems that they had.
    Mr. Lungren. I appreciate that. Let's hope we don't have 
too many more teaching moments.
    Ms. Clarke.
    Ms. Clarke. Thank you, Mr. Chairman. I want to go back to a 
little bit of what Congressman Marino was trying to get at. I 
want to ask a couple of questions about the status of the 
investigation regarding who leaked the memo to the news media. 
Who is conducting the investigation, and can you explain the 
process? Is it within DHS?
    Mr. Beers. The Office of Compliance and Security, which is 
an office within NPPD run by a certified law enforcement 
officer, is conducting the investigation. It was begun in the 
days after the leak. The process there is to go around and 
determine, first of all, who had possession of the report at 
one point in time.
    As Director Anderson has indicated, the two of them 
prepared the report. I don't believe there was anybody below 
them who ever had access to the report, but I will let them 
speak to that. It went up to me and to my deputy and chief of 
staff, so that is where the report appears to have been from 
its final drafting until I received it and it was leaked to the 
press.
    So it was to determine who the people who had custody of it 
were, and interview all of them, and look for corroborating 
information that might suggest who was responsible for that. 
These are never, ever easy kinds of investigations, but because 
of the nature of the disclosure--well, not classified 
information in the sense of our classification system, it was 
extraordinarily sensitive information and we would like to find 
out who was responsible.
    Ms. Clarke. So the process began shortly after the leak, 
you stated?
    Mr. Beers. Yes, ma'am.
    Ms. Clarke. And it is on-going?
    Mr. Beers. It is on-going. It is not one interview 
necessarily, it may be reinterviews of the same person over and 
over again in order to try to get stories straight.
    Ms. Clarke. Got it. Thank you very much. I yield back the 
balance of my time, Mr. Chairman.
    Mr. Lungren. The gentlelady yields back and the Chairman 
recognizes Ms. Richardson for a second round.
    Ms. Richardson. Thank you, Mr. Chairman.
    So if I understand you correctly, you have completed 55 of 
Tier 1. You expect to be done with Tier 1 at some point in the 
next couple of months, and you will start Tier 2. When do you 
expect to complete Tier 2?
    Mr. Beers. The expectation is sometime in fiscal year 2013. 
But let me ask Director Anderson if she can be more specific 
than that.
    Ms. Anderson. Thank you, sir. Thank you for the question.
    I think when we talk about completion, we have to talk 
about what we mean by completion in the context of the process. 
What we have completed so far is we have authorized or 
conditionally authorized 55 site security plans. Of those 55, 
10 have had authorization inspections conducted, the remaining 
45 inspections are in the queue to be conducted. We expect very 
soon to have completed the reviews of the actionable Tier 1s. I 
say ``actionable'' because we have some Tier 1 facilities that 
are not being actively reviewed because they have had a 
redetermination request that we received from the facility or 
for reasons like that. So we haven't continued to review the 
SSP because they have asked us to reevaluate their tiering.
    We have already begun reviewing the Tier 2 site security 
plans and expect to have completed the reviews in the coming 
year, no later than the end of 2013, but hopefully well before.
    Ms. Richardson. Okay. But the actual inspections have not--
would not take place of Tier 2 probably in this year.
    Ms. Anderson. No, I do not believe we will have begun the 
reauthorization inspections of Tier 2 in fiscal year 2012.
    Ms. Richardson. Okay. Because I have a Tier 2 facility that 
is in dire need, and I will forward the information, but we 
have been patiently waiting and I am very concerned as this 
process continues.
    My next question has do with your labor workforce. 
According to the notes from our prior briefing that we have 
had, there has been a high reliance of contractors in this 
particular department. The question is whether there has been 
an overreliance on these external folks.
    To what degree do we think that it is appropriate for them 
to be performing the critical core functions such as training 
and development, SSP reviews and technical writing? Would you 
agree there still is a--what is the reliance, the percentage in 
your workforce, of contractors versus internal employees?
    Mr. Beers. Let me start the answer to that question because 
this is a problem or an issue that is in the nature of the 
organization of the Department of Homeland Security. Well, 
there are seven components which came as legacy organizations 
to the Department. The headquarters elements of the Department 
did not pre-exist in most cases, the stand-up of the 
Department. So the initial stand-up of the Department was very 
contractor-heavy. As NPPD is part of that headquarters element 
so, too, were we contractor-heavy.
    When I was briefed initially, the workforce of NPPD was 
over 60 percent contractors. We have now gotten down to about 
40 percent contractors in the last several years. So it is an 
issue. But we also have a balanced workforce initiative which 
requires all of our contractor hires to be reviewed not just by 
us, but the Office of General Counsel, to make sure that they 
are not performing inherently Government work. So that is the 
framework that we are in.
    Let me let Director Anderson speak to the rest of it.
    Ms. Anderson. Thank you, sir. In fact, I think the Under 
Secretary captured my thoughts exactly. When we talk about the 
use of contractors, although we certainly are evaluating 
whether or not any are doing inherently Governmental work, my 
greatest concern as expressed in the memorandum to the Under 
Secretary was the need for us to stabilize the program and to 
create a sustainable program. With contractors coming and 
going, it is very difficult to do that.
    Ms. Richardson. So in light of the limited amount of 
inspections that you have been able to complete, and since 
currently you have approximately 108 inspectors, if you are to 
do new hires is it the intention to do those from contractors 
or to do them from Federal positions, or do you intend upon 
increasing them at all?
    Ms. Anderson. Excuse me, increasing the number of 
inspectors?
    Ms. Richardson. Yes.
    Ms. Anderson. As I mentioned during a previous question, we 
are currently evaluating what we will be able to accomplish in 
terms of our compliance activities with our existing workforce 
and projecting what additional resources--what we would be able 
to accomplish with additional resources.
    Ms. Richardson. Mr. Chairman, could I ask a follow-up 
question because she didn't answer my question?
    My question was, I asked you that previous question, but my 
question now is: Once you do that review, if it calls for you 
needing to hire more, is it your intention to hire those from 
contractors or to hire them--do internal training and to hire 
in Government positions? What is your intention?
    Ms. Anderson. Well, insofar as we have not yet developed a 
plan for additional inspector positions, I can't say 
categorically that a decision has been made to move in a 
certain direction, though I suppose it has been my anticipation 
that new inspector positions would be Federal employees.
    Ms. Richardson. Where is the bulk of your contractor 
positions of 40 percent? That is my last question, Mr. 
Chairman.
    Mr. Beers. That is general to NPPD, that is general to 
NPPD, not--I don't know the specifics with her individual work.
    Ms. Richardson. If you could supply it to the committee--
because I know the Chairman wants to get on with the second 
panel--of the workers that you have, of now the 40 percent, 
where are they located within the Department?
    Mr. Lungren. Okay, I believe the gentlelady from New York 
wants to recapture the time that she gave back.
    Ms. Clarke. Just a minute of it, Mr. Chairman. I appreciate 
your indulgence. My question is directed to Ms. Anderson and 
Mr. Wulf. We had a lot of discussion about what went wrong. I 
want to focus in on the employees for a minute, because 
certainly with the investigations going on, with all that has 
been uncovered, there has to be some level of disruption, some 
level of not knowing where they stand.
    What is the relationship now with the employees? How are 
the employees getting through this? What types of things have 
been put in place to give some level of reassurance to people 
that--you know, that first all of they are valued; but second 
of all, that things will work out in the end? Have there been 
conversations with their union? If you would share that with 
us. Thank you.
    Ms. Anderson. Yes, ma'am. Thank you for the question. I 
actually am really happy you asked a question about the 
workforce, because there seems to be a perception that there is 
some question about the capabilities of the ISCD team. While it 
is true that I have identified instances where we don't have a 
good person-position fit, I can honestly say I have never 
worked with a more talented, hardworking group of folks. I 
think that they are the key to our success, and I am very 
concerned about the impact of recent activities on their morale 
and on the confidence that they have in our program and in our 
way forward.
    So you are correct in suggesting that there is a certain 
amount of angst and there have been some dips in morale since 
this, and certainly it has been a distraction from our mission 
activities.
    We are doing as much as we can to reassure them. We are 
being as transparent as we can with them at every stage of the 
process. When the Fox News article was leaked, came out as a 
result of the leak, I sat down with all of my folks and talked 
through it and talked about it and linked it back to previous 
discussions we had had about our challenges. I have been very 
open about that.
    We have again set up routine communications with our folks. 
We have shared with them the action plan and we have involved 
them in the implementation of the action plan. We have engaged 
them at every level and to every extent we can. Certainly our 
engagement has involved the union. We have met with Mr. Wright 
and we have, to the extent that we can, involved the inspectors 
in all of these discussions and have been sharing this 
information with them, reassuring them that they are an 
important part of our team, they are the key to the success of 
this program, and that we need to move forward with them, and 
we are taking every step we can to involve them in that process 
and to be transparent about it.
    Mr. Lungren. Okay, the gentlelady yields back.
    I want to thank the witnesses for their valuable testimony 
on this first panel. Members may have some additional questions 
for the witnesses and we would ask that you respond to these in 
a timely fashion in writing.
    With that, I would be pleased to dismiss this panel and we 
will move on to Panel II. Thank you very much.
    Mr. Beers. Thank you, sir.
    Mr. Lungren. We have a distinguished panel of three 
witnesses for our second panel.
    Mr. Bill Allmond is the vice president of Government and 
Public Relations for the Society of Chemical Manufacturers and 
Affiliates, a position he has held since 2007. The Society is 
the United States' leading trade association representing 
specialty batch chemical manufacturing. Prior to joining the 
Society, Mr. Allmond served for 10 years as director of 
Regulatory and Public Affairs at the National Association of 
Chemical Distributors.
    Mr. Timothy Scott, chief security officer and corporate 
director of Emergency Services and Security for the Dow 
Chemical Company, a company he has served with since 1979. In 
his current role, Mr. Scott leads Dow's global emergency 
services and security operational organizations at over 200 
locations around the world.
    Mr. David Wright is the president of the American 
Federation of Government Employees Local 918. In his career as 
a Federal protected service officer 1986. Since that time, he 
has been promoted to the rank of sergeant and inspector, and 
has served as president of local 918 since 2006.
    We thank all of you for being here. We, of course, will 
include your written testimonies in their entirety in the 
record. We would ask that you confine your statements to a 
summary of 5 minutes.
    We will proceed from my left to my right with Mr. Allmond 
first.

STATEMENT OF WILLIAM E. ALLMOND IV, VICE PRESIDENT, GOVERNMENT 
  AND PUBLIC RELATIONS, SOCIETY OF CHEMICAL MANUFACTURERS AND 
                           AFFILIATES

    Mr. Allmond. Good afternoon, Chairman Lungren, Ranking 
Member Clarke, and Members of the subcommittee. My name is Bill 
Allmond and I am the Vice President of Government and Public 
Relations at the Society of Chemical Manufacturers and 
Affiliates. I am pleased to provide this testimony regarding 
the problems of and the progress made by the chemical facility 
anti-terrorism standards.
    Nearly 6 years ago, Congress enacted a comprehensive 
chemical security program known as CFATS. Thanks to this 
bipartisan effort, the Department of Homeland Security and 
regulated facilities are well down the road in implementing 
this important program. To a great extent DHS' rules implement 
the mandate issued by Congress in 2006. Regrettably, however, 
DHS has stumbled in implementing those rules by failing to put 
in place, among other things, basic management practices or 
effective leadership.
    The 2011 internal memorandum from the Infrastructure 
Security Compliance Division is sobering. It demonstrates that 
a Government agency without proper management can take an 
effective regulatory framework and then mess it up. However, as 
this subcommittee assesses the Department's failures with the 
CFATS program, we must bear in mind that it is processes and 
personnel that need addressing, not the program itself.
    SOCMA regards the CFATS program thus far as a success, 
despite the internal management challenges. We emphasize four 
key facts. First, this demanding program is now requiring over 
4,000 chemical facilities Nation-wide to develop and deploy 
security enhancements. Covered facilities have invested 
billions of dollars in security upgrades to meet CFATS' 
requirements. SOCMA's members alone, a majority of which are 
small manufacturers with under 40 million in annual sales, have 
invested an estimated 515 million in security measures. 
Hundreds of other regulated facilities that had not already 
done so have made proactive investments in security measures in 
anticipation of their CFATS compliance obligations.
    Second, and equally important, CFATS has led over 2,000 
facilities to voluntarily take steps to reduce their risk 
profile, that they no longer warrant regulation. Thus, as 
predicted, CFATS is driving facilities to reduce inherent 
hazards where, in their expert judgment, doing so is in fact 
safer, does not transfer risk to some other point in the supply 
chain, and makes economic sense.
    Third, Congress wisely drafted the CFATS statues to impose 
security performance standards that are more demanding of 
higher-risk facilities and less demanding of lower-risk 
facilities. This performance-based approach protects facilities 
against attack without impairing the industry's ability to 
remain innovative and to maintain some of the Nation's highest-
paying manufacturing jobs.
    Finally, the standards have teeth. The Secretary has the 
ability to levy significant fines on a facility for 
noncompliance and can even shut down a facility. Both the laws 
and the rules are fundamentally sound and do not require 
replacement. The regulatory program they created is not 
inherently impossible for a Government agency to implement, but 
it does require knowledgeable people to review SSPs and inspect 
facilities, and also the courage to make decisions based on 
judgment.
    Unfortunately, the memorandum indicated that ISCD staff 
largely does not have adequate skills in part because higher 
levels of DHS prevented ISCD from being able to hire 
sufficiently expert personnel. Staff have also been discouraged 
from using their judgment.
    On the other hand, no one should dispute the fact that 
despite the challenges of CFATS implementation, the two main 
alternatives would be far worse. SOCMA neither wants an absence 
of chemical security regulations nor a prescriptive program 
that would drive chemical operations overseas due to burdens 
such as mandatory incorporation of inherently safer technology.
    The internal problems holding CFATS' implementation are 
serious but not insurmountable. SOCMA is confident that the new 
leadership of Penny Anderson and David Wulf is committed to 
improving the Nation's and the program's implementation. Thanks 
to the internal assessment, they have a greater understanding 
of the challenges facing them in a robust action plan.
    The following are SOCMA's recommendations for placing fast 
implementation back on track.
    One, Congress should encourage ISCD to collaborate more 
with industry where the greatest security expertise relies. 
ISCD can and should be more transparent about its operations. 
Also, simplifying personal surety and Federal background check 
and credentialing programs needs to be a top priority. Also, 
mandating inherently safer technology into the CFATS program is 
the last thing ISCD should or even could try to implement. 
Also, ISCD needs to retrain and, as necessary, replace much of 
the staff.
    Last, Congress needs to provide certainty for the regulator 
and regulated alike by approving a multi-year CFATS 
reauthorization. It may appear counterintuitive to advocate for 
a long-term authorization of a program troubled by agency 
mismanagement. But the key to fixing CFATS is a vigorous 
oversight, not budget cuts or a complete reset.
    We appreciate this opportunity to testify today and look 
forward to your questions.
    [The statement of Mr. Allmond follows:]
              Prepared Statement of William E. Allmond, IV
                             March 6, 2012
    Good morning Chairman Lungren, Ranking Member Clarke, and Members 
of the subcommittee. My name is Bill Allmond and I am the Vice 
President of Government & Public Relations at the Society of Chemical 
Manufacturers and Affiliates (SOCMA) in Washington, DC. I am pleased to 
provide this testimony regarding progress made by the Chemical Facility 
Anti-Terrorism Standards.
    Five-and-a-half years ago, and working in a bipartisan manner, 
Congress enacted a comprehensive chemical security regulatory program, 
the Chemical Facility Anti-terrorism Standards (CFATS). Thanks to this 
bipartisan effort, the U.S. Department of Homeland Security (DHS) and 
regulated facilities are well down the road in implementing this 
important program.
    Regrettably, DHS has stumbled in its implementation of the program 
by failing to put in place, among other things, basic management 
practices or effective leadership, both at the Division level and at 
high levels. The 2011 internal memorandum ``Challenges Facing ISCD, and 
the Path Forward'' issued by Penny J. Anderson and David M. Wulf of the 
Infrastructure Security Compliance Division (ISCD) regarding the 
process of implementation is sobering. It demonstrates the fact that a 
Government agency without proper management can take a credible program 
legislated by Congress and then mess it up. However, as this 
subcommittee and others assess the Department's failures with the CFATS 
program, we should be reminded that it is the process or personnel that 
needs addressing, not the program itself.
    Today we will explain why we remain supporters of the CFATS 
program--despite DHS's management failings--highlight achievements as a 
result of the program, and recommend solutions moving forward. At the 
outset, though, we emphasize these key facts:
   This demanding program is now requiring over almost 5,000 
        chemical facilities Nation-wide to develop and deploy 
        meaningful security enhancements.
   Equally important, it has led over 2,000 facilities to 
        voluntarily take steps reduce their risk profile sufficiently 
        that they no longer warrant regulation under the program.
   This performance-based regulation protects facilities 
        against attack without impairing the industry's ability to 
        remain innovative and to maintain some of the Nation's highest-
        paying manufacturing jobs.
   Finally, the standards have teeth. The Secretary of the 
        Department of Homeland Security has the authority to levy 
        significant fines on a facility for non-compliance, and can 
        even shut down a facility.
i. socma is the only u.s. trade association dedicated solely to serving 
 the needs of the specialty, batch, and custom chemical manufacturing 
                                industry
A. SOCMA
    For 91 years, the Society of Chemical Manufacturers and Affiliates 
has been and continues to be the leading trade association representing 
the batch, custom, and specialty chemical industry. SOCMA's nearly 230 
member companies employ more than 100,000 workers across the country 
and produce some 50,000 products--valued at $60 billion annually--that 
make our standard of living possible. From pharmaceuticals to 
cosmetics, soaps to plastics, and all manner of industrial and 
construction products, SOCMA members make materials that save lives, 
make our food supply safe and abundant, and enable the manufacture of 
literally thousands of other products. Over 80% of SOCMA's active 
members are small businesses.
    ChemStewards is SOCMA's flagship environmental, health, safety, 
and security (EHS&S) continuous performance improvement program. It was 
created to meet the unique needs of the batch, custom, and specialty 
chemical industry, and reflects the industry's commitment to reducing 
the environmental footprint left by members' facilities. As a mandatory 
requirement for SOCMA members engaged in the manufacturing or handling 
of synthetic and organic chemicals, ChemStewards is helping 
participants reach for superior EHS&S performance.
B. SOCMA's Security Achievements to Date
    Maintaining the security of our facilities has always been a 
priority for SOCMA members, and was so before September 11. After the 
tragic events of 9/11, SOCMA members did not wait for new Government 
regulations before researching, investing in, and implementing 
additional and far-reaching facility security measures to address these 
new threats. Under the ChemStewards initiative, SOCMA members were 
required to conduct security vulnerability assessments (SVAs) and to 
implement security measures.
    SOCMA designed an SVA methodology specifically for batch, custom, 
and specialty chemical facilities that was approved by the Center for 
Chemical Process Safety (CCPS) as meeting its requirements for an 
effective methodology. SOCMA members have spent billions of dollars and 
have devoted countless man-hours to secure their facilities and 
operations. These investments will naturally continue for the 
foreseeable future.
    Many (though by no means all) SOCMA member company facilities are 
encompassed by the CFATS program. These facilities have completed their 
Site Security Plans (SSPs) and will eventually be inspected by DHS to 
verify the adequacy of those plans and their conformance to them. SOCMA 
has tried to actively engage with DHS to accelerate and continuously 
improve the implementation of the CFATS program, exploring new 
approaches to personnel surety and Alternative Security Programs.
    Some of our member companies' other facilities comply with the 
Coast Guard's facility security requirements under the Maritime 
Transportation Security Act (MTSA).
    Looking well beyond regulatory requirements, our members have also 
partnered with DHS on many important voluntary security initiatives and 
programs through the years, including the Risk Assessment Methodology 
for Critical Asset Protection (RAMCAP), the Buffer Zone Protection 
Plans, and the Homeland Security Information Network (HSIN). SOCMA is a 
founding member of the Chemical Sector Coordinating Council, which has 
served as a model for how critical infrastructure sectors should work 
together and with DHS.
    SOCMA also works jointly with DHS in organizing and financing an 
annual Chemical Sector Security Summit and Expo, a hugely successful, 
free event that brings together Government representatives, chemical 
security experts, and industry professionals to share knowledge and 
best practices to regulated and non-regulated facilities alike.
    Through the Sector Council and other avenues, we and our members 
have developed close and open working relationships with DHS and other 
Federal agencies, and with State and local governments, to exchange 
information and coordinate roles in maintaining the security of our 
critical chemical facility infrastructure. In particular, we have 
sought to engage continuously and constructively with ISCD, even though 
we could never gain much understanding of its internal operations. As 
the Anderson/Wulf memorandum reveals, we understood it far less well 
than we imagined.
  ii. despite departmental mismanagement, cfats is reducing risk and 
                            ``must evolve''
    SOCMA wishes to emphasize that we regard the program thus far as a 
success, even if its implementation is moving much more slowly than we 
all would prefer. The CFATS statute was wisely drafted to be 
comprehensive, appropriately performance-based, and flexibly structured 
to impose security performance standards that are relatively more 
demanding of higher-risk facilities and less demanding of lower-risk 
plants. To a great extent, DHS's rules implement the statutory mandate 
issued by Congress in 2006.
    Both the law and the rules are fundamentally sound and do not 
require replacement. The regulatory program they created is not 
inherently impossible for a Government agency to implement, but it does 
require: (i) Knowledgeable people to review SSPs and inspect plants, 
and (ii) the courage to make decisions based on judgment. 
Unfortunately, the memorandum indicated that DHS's ISCD staff largely 
do not have adequate expertise or training, in part because higher 
levels of the Department prevented them from being able to hire 
sufficiently expert personnel.
    Since the program was launched in 2007, over 2,000 facilities have 
changed processes or inventories in ways that have enabled them to 
screen out of the program. Thus, as predicted, CFATS is driving 
facilities to reduce inherent hazards, where in their expert judgment 
doing so is in fact safer, does not transfer risk to some other point 
in the supply chain, and makes economic sense. Hundreds of other 
regulated facilities who had not already done so have already made 
significant proactive investments in security measures in anticipation 
of compliance with the full implementation of CFATS. As a result of 
CFATS, our Nation is more secure from terrorist chemical attacks and 
other threats than it was before the program's inception.
    Furthermore, due to the outstanding cooperation of the chemical 
sector, there has been 100% compliance with the requirements to submit 
Top-Screens, SVAs, and SSPs--DHS has not yet had to institute a single 
administrative penalty action to enforce compliance.
    It is important to note that the memorandum that we all have now 
reviewed was not intended to highlight these achievements under CFATS; 
it was only meant to be an internal tool for ISCD's leadership to 
assess and subsequently respond to the immediate challenges to the 
program's implementation. The memo overwhelmingly and repeatedly points 
to process deficiency as a cause of DHS's failure to properly implement 
CFATS. In fact, DHS specifically states on page 10 of its memo that, 
``even with sufficient planning and vision it is a given that the 
implementation of a new program will naturally result in some mistakes 
and course corrections. The program must evolve.''
    SOCMA also supports the CFATS program because our members have 
invested significant amounts of financial and human capital in it over 
the past several years. The memo details the many things not being done 
by DHS. However, the industry has done a lot. Covered facilities have 
invested billions of dollars in security upgrades to meet CFATS's 
requirements. SOCMA's members alone, a majority of which are small 
manufacturers with under $40 million in annual sales, have invested an 
estimated $515 million in security measures since the inception of the 
program. CFATS has provided to significant additional security to a 
critical segment of our Nation's infrastructure, as well as the general 
public--although, it is admittedly difficult to assign a monetary value 
to this increased security for purposes of justifying the program's 
annual cost to taxpayers.
    Facilities with high-risk chemicals are safer today both because of 
CFATS and the efforts taken by industry by their own initiative. After 
9/11, and prior to DHS's issuance of the risk-based standards, many 
companies already began proactively instituting security measures at 
their high-risk facilities. However, there were no uniform standards 
for measuring and implementing these security improvements across 
industry. CFATS has standardized the security process, but has allowed 
the voluntary assurance of chemical security to continue through DHS's 
Voluntary Chemical Assessment Tool (VCAT). The Chemical Sector Specific 
Agency developed VCAT to assist additional facilities that fall outside 
CFATS to assess their own risks and to implement voluntary security 
measures as desired. SOCMA has endorsed VCAT through our ChemStewards 
EHS&S management program, in which participation is mandatory for all 
active members.
    No one should dispute that, despite the challenges to its 
implementation, the two main alternatives to CFATS--no chemical 
security regulations at all, or a prescriptive program that places such 
burdens on industry as mandatory incorporation of inherently safer 
technology (IST) and would subsequently threaten to drive chemical 
operations overseas where security standards are weaker--would both be 
far worse. Since the program's inception, no terrorist attacks have 
taken place in the United States that involved chemicals or that would 
otherwise indicate that CFATS has failed its purpose.
      iii. cfats implementation challenges are not insurmountable
    The internal problems holding back CFATS implementation are serious 
and significant but not insurmountable. SOCMA is confident that the new 
leadership of Penny Anderson and David Wulf is committed to improving 
its programmatic implementation. Thanks to the internal assessment, 
they a greater understanding of the challenges facing them and a robust 
action plan.
    SOCMA is also committed to working with the Department to improve 
its implementation, where appropriate. The industry has nothing to gain 
from this crisis. And we have been concerned about the slow pace of 
implementation for years. First, delays create uncertainty. Regulated 
businesses do not like to hang in suspense for years wondering if their 
major capital commitments were sufficient. Second, delay only invites 
negative stories in the press, like the ones we are now starting to 
see, questioning the security of chemical plants--when we know that 
these facilities have done what they have been asked or required to do 
at this stage. Delays can also make companies believe their Government 
is not really serious about the security of chemical facilities. It is 
hard to believe DHS is serious, when commitments made about approving 
SSPs and completing pre-authorizing inspections are repeatedly broken. 
Such failures cause security professionals to lose credibility with 
their superiors who authorize compliance costs, as these managers 
conclude that their security staff are simply ``crying wolf'' about 
their regulatory obligations. DHS mismanagement has, in some cases, 
stopped the forward momentum that security managers had with their own 
senior management in convincing them of the need for certain cost 
decisions, placing forward progress in a holding pattern.
    The following are SOCMA's recommendations for placing CFATS 
implementation back on track:
A. Congress Should Encourage ISCD to Embrace Greater Collaboration with 
        Industry to Enhance Public-Private Partnership
    The CFATS framework is sound; however, DHS's implementation has 
been flawed. This is largely because DHS has drifted away from the 
spirit of the public-private partnership on chemical security that it 
has so often hailed as a keystone of the CFATS program. Congress should 
encourage ISCD to work collaboratively with the regulated community to 
solve the technical, training, and tool-related issues currently 
presenting challenges to the implementation of CFATS.
    Industry can provide much assistance moving forward, including ways 
for DHS to minimize the future cost and complexity of the CFATS 
program. For example, the Chemical Sector Coordinating Council (CSCC), 
the industry advisory body that interacts with DHS on security issues, 
over a year ago presented DHS with a viable and immediately 
implementable personnel surety proposal that addresses the many 
shortfalls of the Department's own proposed program. DHS's current 
proposal, which is under review by the Office of Management and Budget, 
places unreasonable reporting and information-gathering burdens on 
regulated sites, does not leverage the use of existing Federal 
credentials that already screen candidates against the very same 
background check requirements as proposed in the pilot, is overly 
prescriptive and does not reflect the flexible framework of the CFATS 
standards themselves.
B. More Operational Transparency Is Warranted
    ISCD can safely be much more transparent about its operations. 
While some classified information and chemical-terrorism vulnerability 
information (CVI) should not be disseminated, there is no reason why 
ISCD cannot communicate the progress of its operations more clearly and 
regularly to both Congress and the public. The tremendous change that 
the new ISCD leadership wants to drive will never occur unless ISCD 
reports regularly to Congress. More sustained oversight will enable 
Congress to hold DHS accountable going forward, so the mistakes of the 
past are not repeated or perpetuated.
C. Simplifying Personnel Surety and Federal Background Check/
        Credentialing Programs
    Congress should assure itself both that the CFATS program continues 
to be effective and that DHS and other agencies minimize duplication 
and unnecessary regulatory burdens. A prime example is the personnel 
surety program that DHS is developing under CFATS. Risk-Based 
Performance Standard No. 12 requires facilities to implement security 
measures designed to: (i) Verify and validate identity; (ii) check 
criminal history; (iii) verify and validate legal authorization to 
work; and (vi) identify people with terrorist ties. The facility is 
responsible for the first three tasks and for determining what criminal 
background findings would be disqualifying. Evaluating terrorist ties 
requires Federal Government involvement however, in the form of 
evaluating names against the National Terrorist Screening Database 
(TSDB) maintained by the FBI.
    DHS has announced its intent to establish a web-based application 
that would require facility owners and operators to submit personally-
identifying information about current and prospective employees, as 
well as contractor and visitor personnel seeking access to a plant.\1\ 
Our industry has expressed serious reservations about this proposal, in 
part because of the heavy presence of contractors at chemical sites, 
especially during plant-wide maintenance ``turnarounds.'' In 
particular, we have strongly urged DHS to rely on the half-dozen or so 
other Federally-issued credentials that involve a TSDB check. Unions 
have also expressed concern about DHS's proposal.
---------------------------------------------------------------------------
    \1\ See 76 Fed. Reg. 34729 (June 14, 2011).
---------------------------------------------------------------------------
    DHS has been open to discussing alternative approaches, and the 
industry has proposed both interim and long-term alternatives that 
could involve reliance on existing Federal vetting programs (e.g., the 
Transportation Worker Identification Credential or TWIC), mechanisms by 
which contractor and visitor employers could submit information 
regarding their own employees, and ultimately a universal Federal 
security credential that would supersede all others.
    While we have had productive discussions with the Office of 
Infrastructure Protection on our proposals, any alternative has had to 
struggle against: (i) The desires of some within DHS to make CFATS a 
system for tracking who has ever had access to which chemical facility, 
and (ii) resistance within TSA to allowing TWICs to be made available 
to persons working in non-maritime settings. We realize that these 
issues fall into the jurisdictions of multiple Congressional 
committees. Especially for that reason, we urge this subcommittee and 
others with jurisdiction to work together, and with DHS and other 
agencies, to minimize the burdens of assuring personnel surety under 
the CFATS program and, more generally, to rationalize the current crazy 
quilt of security credentialing programs. Resolving this challenge 
expeditiously would free up ISCD resources to focus on the more 
pressing tasks of approving SSPs and initiating compliance inspections.
D. Mandating Inherently Safer Technology into CFATS Program Is the Last 
        Thing ISCD Should--Or Even Could--Implement
    As the memorandum clearly points out, ISCD staff are substantially 
lacking in knowledge and expertise even about security, much less 
chemical process safety. They have shown great reluctance to make 
decisions on relatively simple issues like physical security. It is 
obvious to SOCMA that they are even more unqualified to make much more 
sophisticated and decisions about process safety. Congress should thus 
not devote any further time to discussing the discredited concept of 
mandatory IST.
    An IST mandate such as that contained in last year's House bill 
would have created a new CFATS statute to require Tier 1 and 2 
facilities to implement ``methods to reduce the consequences of a 
terrorist attack''--i.e., IST--whenever DHS made specified findings 
about risk reduction and technical and economic feasibility. However 
commonsense such a mandate might appear on the surface, it is 
fundamentally a bad idea in the security context. Inherent safety is a 
superficially simple but truthfully very complex concept, and one that 
is inherently unsuited to regulation. It could also wreak economic 
havoc on regulated facilities, notwithstanding the findings DHS would 
have to make.
    First and foremost, it is important to clarify a common 
misunderstanding about inherent safety. Quite simply, IST is a process-
related engineering concept, not a security one. It is premised on the 
belief that, if a particular chemical process hazard can be reduced, 
the overall risk associated with that process will also be reduced. In 
its simplicity, it is an elegant concept, but the reality is almost 
never that simple. A reduction in hazard will reduce overall risk if, 
and only if, (i) that hazard is not displaced to another time or 
location and (ii) it does not result in the creation of some new 
hazard.
    Inherent safety is only successful if the sum total of all risks 
associated with a process life cycle is reduced. This is rarely a 
simple calculation, and to some extent it is an irreducibly subjective 
one (for example, a substitute chemical that may reduce explosion risks 
may also pose chronic health risks). The calculation becomes even more 
difficult when it is being done not solely for reasons of process 
safety (where accident probabilities can be estimated with some degree 
of confidence) but also for reasons of security (where the probability 
of terrorist attack is highly uncertain but certainly low). Finally, 
there is no agreed-upon methodology to measure whether one process is 
inherently safer than another process. For all these reasons, the 
world's foremost experts in IST and chemical engineering have 
consistently recommended against regulating inherent safety for 
security purposes.
E. ISCD Needs to Retrain and Potentially Replace Much of Its Staff
    Furthermore, it is evident from the memorandum that ISCD needs to 
retrain and may need to replace much of its staff. ISCD's Penny 
Anderson and David Wulf are exceptions, however. They are not 
responsible for the situation they inherited. Writing the kind of 
memorandum they authored shows that they are experienced, capable 
Government managers who know what needs to be done. They are going to 
need a lot of help, however, including continued Congressional 
oversight to make sure they are getting the cooperation they need from 
DHS management and from the union.
    For others within ISCD, though, the memorandum makes clear that too 
few experienced staff bear the bulk of the responsibility for the 
administration of CFATS, and far more do not know how to conduct their 
work or even have properly defined position responsibilities; others 
simply have an unrealistic view of their jobs.
    Congress should examine DHS's hiring guidelines and practices to 
eliminate the identified obstacles to the recruitment and retention of 
qualified staff for the CFATS program. Replacing and retraining staff 
may result in immediate costs to the Department in the short term, but 
would lead to long-term savings through the reduction of ISCD's 
reliance on contractors, which the memorandum found cost a great deal 
more than Federal employees. Additionally, relying on contractors who 
typically have high job turnover precipitates the need for constant 
retraining. Institutional knowledge is lost when key activities are 
conducted primarily with contract support.
F. Congress Needs to Provide Certainty for Regulator and Regulated 
        Alike By Approving a Multi-year CFATS Reauthorization
    The memorandum identifies the failure to achieve long-term or 
permanent authorization of CFATS as one of the greatest challenges to 
the program's future success. It may appear counterintuitive to 
advocate for long-term authorization of a troubled program, but the key 
to fixing CFATS is vigorous oversight, not budgetary uncertainty or 
budget cuts. SOCMA continues to support a long-term extension of the 
standards to allow DHS and the regulated community to come fully into 
compliance.
                             iv. conclusion
    Moving forward, if DHS is to suitably engage industry and be 
accountable for its progress, Congress conducts regular oversight, and 
the program is provided regulatory certainty, SOCMA believes that CFATS 
can successfully be implemented without the need for additional 
legislation.
    We appreciate this opportunity to testify before you today. I look 
forward to your questions.

    Mr. Lungren. Thank you for testifying.
    Mr. Scott.

   STATEMENT OF TIMOTHY J. SCOTT, CHIEF SECURITY OFFICER AND 
   CORPORATE DIRECTOR, EMERGENCY SERVICES AND SECURITY, DOW 
                            CHEMICAL

    Mr. Scott. Chairman Lungren, Ranking Member Clarke, and 
Members of the subcommittee, my name is Tim Scott and I am the 
chief security officer for the Dow Chemical Company. I am 
speaking today on behalf of Dow and the American Chemistry 
Council, the Nation's largest chemical industry trade 
representative.
    I will focus on four points today. First, there are clearly 
concerns on all sides about the lack of significant progress on 
the implementation of the chemical facility and anti-terrorism 
standards. We see these as management issues and not as issues 
with the CFATS concept.
    Second, ACC member companies implemented the Responsible 
Care Code for Security in 2002 and have voluntarily and 
significantly improved the industry security over the past 
decade, spending nearly $10 billion on security enhancements.
    Third, CFATS has achieved some progress toward improving 
the security of our Nation's chemical sector. The CFATS concept 
and the design are good.
    Fourth, we now have an excellent opportunity to correct the 
course and complete the critical task before us.
    Active significant progress on CFATS, along with the 
apparent internal issues at DHS are disheartening, but not a 
cause for altering our course and nullifying the efforts and 
progress that have been made. The open and collaborative 
partnership that made CFATS successful in the beginning clearly 
has declined, and the lack of mission clarity and leadership is 
apparent. This is not a condemnation of everyone and everything 
in DHS; this is a breakdown in management, communication, and 
collaboration, making a relatively straightforward program 
overly complex and burdensome.
    This is a wake-up call, not a death knell. We now have the 
catalyst for change and an excellent opportunity to correct the 
course and achieve success. The concept and basic design of 
CFATS are solid. CFATS has potential and has sparked some 
improvements in security. It can be developed in an efficient 
and productive process to improve the security of our Nation's 
critical chemical industry.
    Industry has dedicated billions of dollars and thousands of 
hours working with DHS at every level. Dow alone has spent 
about $250 million on security. We have completed vulnerability 
assessments, audits, and, as needed, security upgrades at 
facilities worldwide, not just those regulated under CFATS in 
the United States.
    From the beginning and to this day, Dow has taken a 
leadership position on the security issue, and Dow is the only 
chemical company to achieve Safety Act designation from DHS for 
both our site security and our distribution system security 
processes.
    The CFATS concept is good, risk-based, and focused on the 
right priorities. The CFATS design is good, allowing regulated 
companies to apply customized security systems and processes to 
each unique site and situation to comply with DHS' established 
performance standard and subject to DHS approval.
    The issues with CFATS are in the details, and those can be 
fixed if we work as a collaborative team with a common goal. We 
need to fix what is wrong, not start over from square one, and 
we don't need to make the process more complex.
    There are many effective and efficient operations to 
achieve the successful implementation of CFATS and the ultimate 
goal of reducing the vulnerability of the chemical industry, 
our communities, and our country. We can get site security 
plans approved. We can get the highest-risk sites audited, we 
can get agreements and plans in place to reduce vulnerabilities 
and comply with the risk-based performance standards. We can 
make this happen within a very reasonable period of time.
    Included with my written statement are potential solutions 
to some issues of most concern--the personnel surety process, 
site security plan approval, transparency on the risk 
assessment process, and reasonable alternatives that would 
expedite the process.
    This will be a difficult task, but not an impossible 
mission. CFATS can work as conceived. Implementation will take 
leadership, communication, and collaboration well beyond what 
we have seen recently. DHS, industry, and this subcommittee can 
make this work.
    ACC is consistently taking a proactive approach to 
security, and we have worked in good faith with DHS from the 
beginning. Our members have aggressively stepped out to make 
significant investments in security. Industry does not want to 
waste this effort by starting over. ACC is ready and willing to 
take on the challenge as an equal stakeholder to finish the 
task and fully implement CFATS. We need DHS on the team to meet 
this challenge with the common mission and goal. ACC asks that 
you separately address the internal issues in DHS and that you 
reauthorize the CFATS legislation so that we can continue the 
efforts that are already underway. Thank you.
    [The statement of Mr. Scott follows:]
                 Prepared Statement of Timothy J. Scott
                             March 6, 2012
    Chairman Lundgren, Ranking Member Clarke and Members of the 
subcommittee, my name is Tim Scott and I'm the chief security officer 
of The Dow Chemical Company. I'm speaking today on behalf of Dow and 
the American Chemistry Council, the Nation's largest chemical industry 
trade representative.
    I'll focus on 4 points today:
    First--there clearly are concerns on all sides about the lack of 
progress on the implementation of the CFATS program. This poses a 
growing concern to both industry and this subcommittee, but we see 
these as management issues--not issues with the CFATS concept.
    Second--the members of the American Chemistry Council implemented 
the Responsible Care Security Code in 2002 and have voluntarily and 
significantly improved the security of its member facilities over the 
past decade. Since the Security Code's inception ACC members have spent 
nearly $10 billion on security enhancements. We have worked with DHS 
from the beginning to make CFATS successful.
    Third--in spite of the apparent issues the Chemical Facilities 
Anti-Terrorism Standards have made some progress toward improving the 
security of our Nation's chemical sector since the implementation of 
the program--the concept and design of CFATS are good.
    And fourth--we now have an excellent opportunity to correct the 
course and complete the critical task before us.
    The concerns associated with the implementation of the Chemical 
Facilities Anti-Terrorism Standards (CFATS)--along with the apparent 
internal issues at DHS--are disheartening, but not a cause for altering 
our course and nullifying the effort and progress that have been made. 
What started as a strong and successful public-private partnership with 
robust communication and collaboration that made the initial CFATS 
initiative successful clearly has declined. With that decline came the 
stagnation of the program and progress. This is not a condemnation of 
everyone and everything in DHS--there are many good people in DHS doing 
their best and doing a good job--this is a breakdown in management, 
communication, and collaboration making a relatively straightforward 
program overly complex and burdensome.
    This is a wake-up call--not a death knell. We now have the catalyst 
for change and an excellent opportunity to correct the course and 
complete the task at hand.
    The concept and basic design of CFATS are solid. CFATS has 
potential, has already sparked some improvements in chemical security 
and can be developed further into an efficient, productive process to 
improve the security of our Nation's critical chemical industry. 
Industry has dedicated billions of dollars on security since the 
implementation of CFATS. We've spent thousands of hours working with 
DHS at every level.
    I would like to point out what Dow Chemical alone has done in terms 
of capital investments and security upgrades in an effort to lead the 
industry in compliance with the CFATS program. Dow has spent 
approximately $250 million on security systems to ensure our facilities 
are as safe and secure as they can reasonably be and we have completed 
vulnerability assessments, audits, and as-needed security upgrades at 
our facilities worldwide--not just those regulated under CFATS in the 
United States. We did this in part because we have a duty to our 
shareholders, employees, and communities but also because we find the 
CFATS program a good model--in harmony with the Responsible Care 
Security Code--to secure our facilities. It's my understanding that Dow 
is the only chemical company to achieve SAFETY Act designation from DHS 
for both our site security and our distribution system security 
processes.
    The concept is good--risk-based and focused on the right 
priorities. The design of the CFATS program is good--allowing the 
regulated companies to apply customized security systems and processes 
to each unique site and situation in compliance with the DHS-
established risk-based performance standards and DHS approvals. What's 
wrong or misguided with CFATS are in the details and those can be fixed 
if we work as a collaborative team with a common goal. We need to fix 
what's wrong, but not start over from square one.
    There are many effective and efficient options that can achieve the 
successful implementation of CFATS as well as the ultimate goal of 
reducing the vulnerability and mitigating the risk of the chemical 
industry, our communities and our country. Working together we CAN get 
site security plans approved. We CAN get the highest-risk sites 
audited. We CAN get agreements and plans in place designed to reduce 
vulnerabilities and comply with the risk-based performance standards. 
And this CAN happen within a very reasonable period of time. I've 
included with my written statement examples of potential solutions to 
many of the issues that in our opinion are the areas of most 
significant concern--the proposed personnel surety process, site 
security plan approval, transparency on the risk assessment process, 
and reasonable alternatives for site security plans and inspections 
that would expedite the process.
    Attached to this written statement are examples of potential 
solutions to some issues of most concern--the personnel surety process, 
site security plan approval, transparency of on the risk assessment 
process, and reasonable alternatives that would expedite the process 
overall.
    This will be a difficult task, but not an impossible mission. CFATS 
can work as conceived--implementation will take leadership, 
communication, and collaboration well beyond what we've seen recently. 
We--DHS, the industry and this subcommittee--can make this work.
    ACC has historically and consistently taken a proactive approach to 
security--establishing the Responsible Care Security Code in 2002 and 
supporting legislation to address and improve security across the 
chemical sector as a whole--and have worked in good faith with DHS. Our 
members have aggressively stepped out to make significant investments 
in site security. Industry does not want to waste this effort by 
starting over.
    ACC is ready and willing to take on the challenge as an equal 
stakeholder to finish the task and fully implement CFATS. We need DHS 
on the team to meet this challenge with a common mission and goal as 
they were when we started this journey and our early successes were 
achieved.
    ACC asks that you separately address any internal issues in DHS and 
that you reauthorize the CFATS legislation so we can continue the 
efforts that are already well under way to secure our Nation's chemical 
sector.
                               Attachment
    Dear Members.--The following are specific recommendations for your 
consideration that are intended to help improve the implementation of 
CFATS. With the guidance and oversight of Congress, many of these 
improvements could be achieved through administrative changes by DHS.
Personnel Surety
    DHS has been unable to implement a workable personnel surety 
program for CFATS facilities to properly vet thousands of employees and 
contractors against the Terrorist Screening Database. DHS can address 
this issue in two ways.
    (1) Begin accepting information of non-vetted employees at CFATS 
        facilities for TSDB screening.
    (2) Leverage the existing Transportation Worker Identification 
        Credential (TWIC) program by fully recognizing TWIC card 
        holders as satisfying the TSDB screening requirement.
    CFATS facilities can validate TWICs using existing tools such as 
the TSA's Cancelled Card List without the need to collect, protect, and 
transmit sensitive workers' personal information to DHS. While we 
recognize some shortcomings in the TWIC program, TSA continues to make 
improvements that will further strengthen the program. There are 
currently more than 1 million TWIC card holders. Most of them also work 
at CFATS sites. By simply leveraging the TWIC program fully, DHS could 
vastly improve personnel surety at CFATS facilities and greatly reduce 
the burden to the regulated community.
    As a long-term goal, DHS should consider creating an enhanced 
vetting and credentialing program that incorporates the lessons from 
the TWIC program and has broader application across the critical 
infrastructure sectors.
Site Security Plan (SSP) Process
    DHS should engage members of the CFATS regulated community and 
their trade group representatives at the earliest stages and throughout 
the process to improve/revamp the SSP portion of CSAT. As identified in 
the ``Memo'', this has been one of the biggest road blocks in DHS's 
ability to efficiently analyze and approve site security plans. 
However, this will be a long-term effort to ensure it is done properly 
and will likely take several months to complete.
    As an interim measure, ACC recommends that DHS work with the 
regulated community to accelerate the development of Alternate Security 
Programs (ASPs). ASPs can be developed in a relative short time frame, 
providing a standardized and consistent approach for plan submissions 
and approvals. ACC began such an initiative with DHS in November 2011 
and plan to have the first ASP Guidance Document ready for use by this 
spring.
CFATS Program Transparency
    DHS should improve the transparency of the CFATS program by 
offering confidential sharing (in a classified setting if necessary) of 
pertinent facility-specific DHS risk information with the owner/
operator. Facility owners/operators want to make fully-informed 
decisions about managing their risks and implementing security 
measures. Currently the facility is unaware of how CFATS risk-tiering 
decisions are made by DHS and how changes by the facility could reduce 
their risk and lower their CFATS profile. By making this process more 
transparent, it would vastly improve the security awareness of the 
facility and could identify potential tiering errors or anomalies 
before they arise.
Alternative Inspection Program for Tier 3-4
    DHS should consider an alternative self-inspection program for 
lower tier facilities (Tiers 3 & 4) using accredited third-party 
auditors. This alternative inspection program could be monitored with 
statistical sampling (audit schedule) by DHS CFATS inspectors to verify 
compliance. This would help streamline the program by lessening the 
burden on the DHS inspection cadre and allow DHS to focus resources and 
attention on higher-risk facilities (Tiers 1 & 2). Existing private-
sector programs could be leveraged under this concept including the 
Responsible Care Security Code Program, which is mandatory for 
membership in ACC and requires third-party certification by an 
accredited third-party auditor.

    Mr. Lungren. Thank you very much, Mr. Scott.
    Now Mr. Wright is recognized for your statement.

STATEMENT OF DAVID L. WRIGHT, PRESIDENT, AMERICAN FEDERATION OF 
                 GOVERNMENT EMPLOYEES LOCAL 918

    Mr. Wright. Chairman Lungren, Ranking Member Clarke, and 
Members of subcommittee. My name is David Wright. I am 
president of AFG Local 918, the NPPD Union. I am also an 
inspector with the Federal Protective Service, a component of 
NPPD. I am here today to express our commitment to this 
critical Homeland Security mission and to work with NPPD, as I 
have repeatedly expressed to senior agency leaders.
    I have not been given the opportunity to review the 
internal report written by Director Anderson that generated 
this hearing. My knowledge of the contents of the internal 
report is mostly limited to what I have read in the Fox News 
articles of December 2011. My perception is that these are the 
types of issues that can be addressed in a good labor-
management relationship. Policies and procedures can only be 
addressed effectively by taking into account the perspective of 
the field-level workforce that accomplishes the work on a daily 
basis.
    AFGE Local 918 labor-management relationship with NPPD is 
mostly cooperative and effective, in direct conflict with what 
has been reported in the media as a result of the leaked 
internal report. The conflict ranges from outright exaggeration 
of the vehicle mileage log issues, to the implied agency 
inability to implement policy and procedure due to a Union 
workforce.
    I have consistently pledged the Union's cooperation of many 
NPPD National-level meetings, to include one meeting with 
Director Anderson in September 2011. At all meetings I have 
indicated the Union's readiness to remove any perceived Union 
roadblocks in support of the CFATS program.
    On January 9, 2012, after the negative news article, I met 
with Director Anderson in the presence of Assistant Secretary 
Todd Keil and senior Union leadership. Once again I reiterated 
that successful accomplishment of the CFATS mission is the 
Union's first priority, and that while we would expect an 
opportunity to get meaningful input, there would be no Union 
roadblock to implementation of critical Homeland Security 
policies and procedures. I strongly reject the assertion that 
the workforce is unqualified. Most have extensive background in 
law enforcement, military, regulatory authority, and academics.
    The chemical security workforce is dedicated, and all came 
on board with the promise of building a new agency dedicated to 
closing a potential gap in the Nation's Homeland Security 
network, the storage of mass amounts of hazardous chemicals at 
chemical facilities.
    In closing I have been asked by the workforce to advise you 
and the American public that the NPPD chemical security 
inspector workforce is qualified, willing, ready, and able to 
accomplish the critical task of assessing security at the 
Nation's chemical facilities. AFGE Local 918 has repeatedly 
declared its cooperation to the agency in moving forward before 
and after the internal report. We are now making that 
commitment to you. It is incumbent on Congress and DHS 
leadership to mark that path forward.
    I thank this subcommittee for the attention to this 
critical Homeland Security issue and I am available for 
questions.
    [The statement of Mr. Wright follows:]
                 Prepared Statement of David L. Wright
                             March 6, 2012
    Chairman Lungren, Ranking Member Clarke and Members of the 
subcommittee: My name is David Wright. I am the president of Local 918, 
the National Protection and Programs Directorate Union affiliated with 
the American Federation of Government Employees (AFGE). I am also an 
inspector with the Federal Protective Service (FPS) within National 
Protection and Programs Directorate (NPPD). In March 2011, AFGE was 
named as the exclusive bargaining unit representative of the Chemical 
Security Inspectors (CSI's) as result of Federal Labor Relations 
Authority certification. AFGE then delegated the responsibility to 
represent the CSI's to Local 918. Up until that point, AFGE Local 918 
had represented FPS employees since April 2006.
    I am here today to express AFGE Local 918's commitment to the 
mission and to work with NPPD--as I have repeatedly committed to Under 
Secretary Beers and agency leaders. I appreciate the opportunity to 
speak to the subcommittee on this critical homeland security issue.
    As of today, I have not been given the opportunity to review the 
internal report written by Director Penny Anderson that--at least in 
part--generated this hearing. My definite knowledge of the contents of 
the internal report is limited to what I have read in the FoxNews 
articles in December, 2011. From what I have been able to glean from 
the articles, the issues are precisely the types of issues than can be 
addressed effectively in a good labor/management relationship. The 
agency's policies and procedures can only be addressed thoroughly by 
taking into account the perspective of the field level workforce that 
accomplishes the work on a daily basis. In my Federal experience as a 
subordinate employee, as a mid-level manager and as a union official--
it is my firm opinion that to ensure that the workforce is forthcoming 
and thorough in their input, they must be consulted by the agency and 
unafraid of retaliation.
    A working example of Union participation in agency process is AFGE 
Local 918's report to appropriate authorities of the failed FPS Risk 
Assessment Management Program (RAMP). The failure of the RAMP Program 
has since been well-documented by the Government Accountability Office 
(GAO). One clear indication from GAO reports is that FPS failed to 
meaningfully consult with the field level FPS Inspectors who would 
accomplish the bulk of the work--a consultation that could have saved 
millions of dollars on an ill-conceived, poorly designed, and 
ultimately non-functional computer program. Without the workforce 
disclosures and protection of members by the Union, the expenditures on 
the RAMP Program would likely have been on-going.
    Other accomplishments resultant of the good labor/management 
relationship at NPPD and FPS are recent policy/procedure changes that 
were vital to accomplishment of the FPS Mission--a National firearms 
policy and a National law enforcement jurisdiction/authority policy. 
The FPS draft firearms policy was presented to the Union at the 
``predecisional stage'' at the FPS Policy Review Committee level--at 
the same time as agency senior official's opportunity to comment. The 
Union's questions were answered and the policymaking process went 
forward without delay on the Union's part. Answers to complex questions 
surrounding FPS authority and jurisdiction and policy are vital to the 
street-level workforce that operates daily with a variety of 
jurisdictional gray areas. The Union gathered the input and provided to 
agency. The agency attorneys considered the workforce input and drafted 
a policy easily interpreted by managers and individual law enforcement 
officers. That policy was implemented without Union delay.
    While there is some contention at the ISCD/IP level, the AFGE Local 
918 labor/management relationship with NPPD officials is overall 
cooperative and effective--in direct conflict with what has been 
reported in the media as result of Director Anderson's leaked 
``internal report''. The conflict ranges from outright exaggeration of 
bargaining issues (vehicle mileage log issues) to the implied agency 
inability to implement critical policy and procedure due to a Union 
workforce.
    The effective NPPD labor/management relationship is evidenced by 
the union contract, my weekly contacts with NPPD Employee and Labor 
Relations and my attendance at quarterly Labor/Management Forums. I 
have pledged cooperation at National-level meetings with (then) Acting 
IP Director Rick Driggers (May 3, 2011), ISCD/IP Director Penny 
Anderson (September 30, 2011) and Under Secretary Beers (November 29, 
2011). Each time, I have indicated the Union's readiness to remedy any 
perceived Union roadblocks in support of the CFATS Program. After the 
leaked report, I met with Director Anderson, Deputy Director Wulf, and 
(then)-Assistant Secretary Todd Keil on January 19, 2012 in the 
presence of senior Union leadership and NPPD Human Capital officials. 
It was reiterated that successful accomplishment of the CFATS Mission 
is our first priority--and that while we would expect an opportunity to 
give meaningful input--there would be no Union roadblock to expediting 
implementation of critical homeland security policies and procedures. I 
have indicated numerous times that the labor contract contains the 
following provision that allows for expedited implementation of 
mission-critical policies and procedures:

         ``article 9--impact bargaining and mid-term bargaining
    ``D. POST-IMPLEMENTATION BARGAINING. The Parties agree that 
effective management of the Agency and its resources is a mutual 
concern. The Parties also agree that on certain limited occasions, 
there may be a need for expedited implementation of new policies or 
practices affecting conditions of employment. The provisions of this 
Article apply to such situations. It is understood, however, that 
nothing in this Article precludes the Agency and the Union from 
engaging in post implementation bargaining if mutually agreeable.''

    Given the union contract in place, the union has limiting time 
frames that ensure negotiations and implementation in a relatively 
short time. The issue of delays in workplace bargaining must also be 
considered in the context of the agency bureaucracy and lack of 
timeliness. A very recent example was an issue presented to the Union 
last week. What would normally have been deemed as a ``negotiable 
change in working conditions''--the cessation of the ISCD Hazardous 
Materials certification and medical monitoring of employees--was 
presented to the Union. In my limited research, I determined that the 
actual ISCD Hazardous Materials certification program has been 
technically and functionally dormant--if not dead--since at least mid-
2011. This matter is an indication of the slow bureaucratic pace that 
is frustratingly normal in agency business.
    The present CSI workforce had accomplished much groundwork to 
assess the security of the Nation's chemical facilities prior to 
Director Penny Anderson's arrival in July 2011. That groundwork and 
industry outreach by the inspector workforce has resulted in acceptance 
by private industry and hundreds of chemical facilities reducing 
storage of dangerous chemicals that could be used in a criminal or 
terrorist attack. Elimination of this agency at this point would result 
in about 100 ``boots on the ground'', front-line inspectors being 
placed out of work around the Nation. Many of the inspectors and 
managers are former FPS inspectors who were lured away from their 
Federal law enforcement careers. Many CSI's have experience in private 
industry and are highly educated. All applied to NPPD/ISCD with the 
promise of building a new homeland security agency dedicated to closing 
a potentially devastating gap in the Nation's security network--the 
storage of mass amounts of hazardous chemicals at the Nation's chemical 
facilities.
    Despite the insults and negative insinuations by the media reliant 
on the Director Anderson's seemingly anti-employee internal report, 
despite the on-going laborious attempts to redefine the work process--
and despite overwhelming Human Capital issues--each bargaining unit 
employee is dedicated to assessing and ultimately regulating security 
of hazardous chemical storage at these facilities.
    In closing, I have been asked by the workforce to advise you and 
the American public that the NPPD/ISCD/IP Chemical Security Inspector 
workforce is qualified, willing, ready, and able to accomplish the 
critical task of assessing security at the Nation's chemical 
facilities. AFGE Local 918 has repeatedly declared its cooperation to 
the agency in moving forward. We are now making that commitment to 
you--it is incumbent on Congress and DHS leadership to mark that path 
forward.
    I thank the subcommittee for the attention to this critical 
Homeland Security issue.

    Mr. Lungren. Thank all the panel members for their 
discussion. We will go into a first round of questioning.
    To start off, Mr. Wright, I know you haven't seen the 
entire report or the memorandum, but you have been responding 
with respect to the reports you have seen and the discussions 
that you have had.
    What impact, if any, has this memo or the leaked part of 
the memo or the way it is being described in the press had on 
the morale of your members? Do they still have a desire to work 
for this program? Do they still think this program worthy? Do 
they still think this program is workable?
    Mr. Wright. Above all, they think it is worthy and they are 
ready to move forward. With that being said, there was an 
aspect of insult to that report. There was an aspect of calling 
into question capabilities, education, training, and so forth. 
So there was and still is an aspect of being disrespected.
    Mr. Lungren. Mr. Scott and Mr. Allmond, since the leaked 
memo came out, how has DHS engaged you on the issues that were 
outlined in the leaked memo? Has there been any suggestion of 
how you work together to solve any of the issues detailed in 
the memo, or is that viewed more as the Department's internal 
problems that has not affected the relationship of the industry 
with the Department?
    Mr. Allmond. Mr. Chairman, DHS discusses these types of 
issues with the industry through the Chemical Sector 
Coordinating Council that Mr. Scott has been involved in, and 
so have I. We haven't had too many discussions as of yet, but 
we have had some preliminary discussions about some of the 
things that have been holding up the program that we have 
identified for well over a year now.
    Mr. Lungren. Mr. Scott, you said that this report or that 
which came out of this report is a wake-up call, not a death 
knell for the program. It is my hope that that is the case. 
Could you outline why the program, as articulated or as 
legislatively drawn, and the response by the private sector to 
that, is both worthy of being maintained, and what are the 
essential advantages of it, as you see it in the context of, as 
you say, the industry having spent billions of dollars in terms 
of security?
    Mr. Scott. Well, the primary reason we agree that CFATS is 
a good approach is the risk-based approach that it takes. It is 
really focused on the risk of each individual site, different 
scenarios at each sites. So it takes the risk into question, 
and then you apply the appropriate risk rating and tier level 
to the site. So that is a strong positive. We want to make sure 
that we are focusing on risk and that we are really focusing on 
reducing the risk.
    The second piece of the puzzle is that it gives you--CFATS 
gives you a broad array of opportunities to reduce that risk. 
It doesn't dictate any one method or means of reducing risk. So 
each site, and every site is very different, in each situation, 
whether it is a theft scenario or an attack scenario, the site 
has the opportunity to pick the right answer, the right 
solution to reduce the risk at that site, what makes sense at 
that site. So the risk-based approach and the opportunity to 
apply a customized security package at the site is really the 
value, and that is why you can see real improvement already in 
many of the sites when they start to focus on the risk and 
focus on the opportunities to reduce that risk. That is why you 
have seen some success already. Even though the CFATS is not 
fully implemented we have seen some remarkable success.
    The issues that we are facing right now are the management 
issues of how to measure success and get approval of the site 
security plans and get the final inspections in place; it is 
not the process that has the problem.
    Mr. Lungren. Mr. Allmond, you indicated that you support 
Mr. Scott, a permanent or 7-year, whatever we want to call that 
extension of the authorization, or as we would say up here, 
permanent authorization. You indicated that without that there 
is uncertainty. Some observers on the outside might say that is 
overstated.
    Why would your members not continue to go forward with the 
capital investment necessary for securing their own assets? I 
know how I would respond to that question, but I would like to 
know how you would respond to that question.
    Mr. Allmond. Well, Mr. Chairman, regulations in general 
disproportionately impact small businesses, and when there is 
the delay in the implementation of regulations, that compounds 
the impact. The delays most likely have seized up compliance 
costs that were budgeted. When companies sit down and do their 
own annual budgets, there may be some compliance costs that 
were built in that were not spent. It could have been spent on 
things like manufacturing, innovation, R&D, more jobs. So in 
some respects, that money was not spent and it should have 
been.
    Mr. Lungren. I think you indicated in your written 
testimony that 80 percent of your members are small businesses?
    Mr. Allmond. That is correct.
    Mr. Lungren. All right. Ms. Clarke.
    Ms. Clarke. Thank you, Mr. Chairman, and I thank the 
witnesses for providing their insights as well.
    My first question goes to Mr. Wright. Many of the problems 
identified in the ISCD memorandum appear to be related to 
hiring and developing staff to implement the program, including 
the lack of policies and procedures to guide staff efforts to 
do their jobs.
    Please discuss whether you believe problems related to 
hiring and developing staff and a lack of related policies and 
procedures are a challenge to implementing the CFATS program, 
and if so why? Then give us your experience with how the 
employees were hired for the CFATS program; what is the history 
from your point of view?
    Mr. Wright. I think I will start with the second part of 
your question first. I probably have been around longer than 
any of the NPPD leadership at the inception of the CFATS 
program in hiring the inspectors. We were originally detailed 
from the FPS workforce. So I did attend that initial class, 1 
day of a week-long course for the initial group of inspectors. 
I think that was the initial, what can now be looked at as a 
setback, because the focus was ultimately compliance and 
ultimately law enforcement. FPS inspectors were lured away from 
their Federal law enforcement careers with the promise, with 
the lure of building a new agency regulating chemical 
facilities. Unfortunately for those inspectors, the program was 
apparently misguided or labeled as misguided and changes 
occurred along the way.
    Many FPS inspectors came back, and the ones that could 
tolerate the loss of their Federal law enforcement career 
stayed. Then there is the aspect of the management culture. It 
just seems to have changed several times over the years. The 
focus seems to have changed is what I am told.
    Ms. Clarke. So in your opinion, to what extent do the 
staffing challenges and lack of program guidance impede 
progress in implementing CFATS, if at all?
    Mr. Wright. I can only go back to what I have seen in the 
Fox News article. Apparently Director Anderson thinks that the 
mission is impeded by law enforcement officers that, ``want to 
carry a badge and gun.'' It goes back to a cultural issue. It 
goes back to the authorization, and let's do form a culture, an 
NPPD culture, as opposed to the different cultures that have 
occurred throughout the time period by bringing--by losing the 
focus on the law enforcement and the compliance originally, and 
seeking to refocus seemingly every year.
    Ms. Clarke. So I see in the memo that there are 
insinuations that the Union is causing friction in the 
workplace. Would you give us the viewpoint of the employees in 
the Union on this matter of workplace conditions or 
relationships with management? Also, in the effort to give 
feedback to DHS management, would you characterize those 
efforts of employees as possibly putting themselves in the 
position of being subjected to retaliation or intimidation?
    Mr. Wright. The Union culture within ISCD is new. We have 
been in place since March 2011. So I was absolutely blindsided 
by the allegations in the news article. I have worked with 
Secretary Beers' senior management for years now. That myth of 
working with the unions, of the Union creating roadblocks to 
implementing policies and procedures is exactly that, it is a 
myth.
    Ms. Clarke. Thank you.
    Mr. Lungren. It is my pleasure to recognize Mr. Richmond 
for 5 minutes.
    Mr. Richmond. Thank you, Mr. Chairman, and I will not use 
my entire 5 minutes. I guess my question is for Mr. Scott. I 
will just say that we have a Dow facility in my new Second 
Congressional District which will actually be the largest home 
to petrochemical facilities in places that will fall under 
CFATS in the country. So my concern and my goal is to make sure 
that it is as efficient and as least burdensome to the 
businesses that are there.
    I know that at least in your recommendations, you mentioned 
one way to become more efficient very quickly is to leverage 
the existing relationship between CFATS by recognizing the TWIC 
card. Is that one of the recommendations?
    Mr. Scott. My personal opinion is that that would make the 
personnel surety program a lot easier to manage, if the people 
at the sites that you are talking about in your area are both 
MTSA-covered sites. You will see at both of those sites 
security upgrades to meet the DHS compliance requirement, so 
that is what we like to do. But at those two sites you have a 
TWIC card required for entry. When somebody comes to the gate 
to come to work to get a Dow badge, it is very easy to look at 
the TWIC card to know they have already been vetted by the 
Federal Government and meet all the requirements that are 
currently involved with the CFATS personnel surety requirement.
    Mr. Richmond. With just Dow, how many of your facilities 
are covered by CFATS and also by MTSA?
    Mr. Scott. I am not sure I can answer that. I think it is 
about 3 dozen. In the United States we have about 3 dozen sites 
covered by one or the other. All of the sites are covered by 
the ACC response security code.
    Mr. Richmond. I thank you, and I yield back, Mr. Chairman.
    Mr. Lungren. Ms. Richardson is recognized for 5 minutes.
    Ms. Richardson. Thank you, Mr. Chairman.
    My first question is for Mr. Scott. Mr. Scott, have you 
presented these recommendations that are in your testimony to 
DHS?
    Mr. Scott. Some of the recommendations have been discussed 
with DHS through the Sector Council, through individual 
companies, through the ACC, the various associations. I can't 
say that we have talked about each and every one of the 
recommendations, but most of those have been in some 
discussions, yes.
    Ms. Richardson. Are you aware of any responses that might 
have been received from DHS?
    Mr. Scott. DHS has always been willing to sit down and talk 
with us. I think we are having on-going discussions with----
    Ms. Richardson. My question is: Have there been any 
specific responses to the recommendations that you provided, to 
your knowledge?
    Mr. Scott. Not at this time, no.
    Ms. Richardson. Is Dow or ACC a part of an official 
advisory group within DHS, especially in light of this 
memorandum that was leaked, where you provide feedback to them 
or are working with them on this process?
    Mr. Scott. I am not working directly with DHS on that 
response. No.
    Ms. Richardson. Does ACC to your knowledge have any 
advisory role or working with this Department?
    Mr. Scott. The ACC has offered input on several of the 
recommendations. I don't know that they are having any direct 
response to those recommendations as yet.
    Ms. Richardson. So if I am hearing what you are saying, 
there is no formal body, advisory body to your knowledge, that 
you guys are participating in on a regular basis?
    Mr. Scott. Not on a regular basis, no.
    Ms. Richardson. Mr. Wright, I would have the same question 
for you. Is there a regular advisory group that is working with 
the Department to provide feedback on an on-going basis?
    Mr. Wright. Not to my knowledge.
    Ms. Richardson. Okay. And for you, sir, how about you?
    Mr. Allmond. Well, there is the Chemical Sector 
Coordinating Council, but it is not a Government advisory 
board. It is an industry advisory, and that is where we do have 
periodic discussions about various chemical security issues 
with the Department.
    Ms. Richardson. So is it a formal process of a regular 
meeting that happens like once a year?
    Mr. Allmond. It is probably more like four or five times a 
year. It is an industry-led group that discusses chemical 
security. Sometimes we do involve DHS as guests to our meeting, 
but we do exchange information.
    Ms. Richardson. So it is your meeting, not theirs?
    Mr. Allmond. Right.
    Ms. Richardson. Also in your testimony, you have referenced 
that you have supplied DHS with a proposal and some things they 
could consider. Have you gotten any responses to your 
proposals?
    Mr. Allmond. There have been discussion about the personnel 
surety issue that Mr. Scott talked about, the TWIC card and 
whatnot. We have had some back-and-forth on that with the 
Department for many months now. We hope to have some resolution 
on that. That is one of the areas in the performance standards 
that is holding up the implementation, quite frankly.
    Ms. Richardson. Okay. And Mr. Wright, I just wanted to 
encourage you as a part of the Union that you support, I hope 
that you will share with them the comments from Mr. Allmond in 
his testimony where he said, in particular, we have strongly 
urged DHS to rely upon half a dozen or so Federally-issued 
credentials that involve the TSDB check. Unions have also 
expressed a concern with DHS about the proposal, so they have 
supported you in that. They have also noted, additionally, 
relying upon contractors who typically have high job turnover 
persist--whatever. I am struggling on that word today. A little 
late last night. The need for constant retraining, 
institutional knowledge is the key to activities and conducted 
primarily with contract support. So they are really providing I 
think a lot of support, unlike what unfortunately you have to 
testify about. Your folks here have strongly commended the work 
that your folks have done, so it is important to share that 
with them.
    Mr. Wright. Yes, thank you.
    Ms. Richardson. Mr. Wright, finally my question is for you. 
Have you found there to be a transparent and open process of 
knowledge amongst the workforce of positions that are open and 
available, since some of them are contracted positions 
currently?
    Mr. Wright. I don't have much experience with contractors. 
I am concerned with the statements made here by Director 
Anderson about the openness and transparency of the action 
plan, because it has not been brought to me. I have not been 
notified. I do know that there are town hall meetings. I will 
also say that my workforce is at this point, I think, 
intimidated and unwilling to share that information with the 
Union. Also, Director Anderson is unwilling to share that plan 
directly with me, despite my efforts.
    Ms. Richardson. Well hopefully through this committee 
looking at this closer, we can improve upon that.
    Thank you all for your testimony. ``Precipitates,'' there 
we go; got it, third try. Thank you, Mr. Chairman.
    Mr. Lungren. I thank the gentlelady for yielding back. I 
thank the witnesses for their testimony and the Members for 
their questions.
    The Members of the committee may have some additional 
questions for the witnesses and we would ask you to respond to 
these in writing in a timely fashion. The hearing record will 
be held open for 10 days.
    With that, this subcommittee stands adjourned.
    [Whereupon, at 4:32 p.m., the subcommittee was adjourned.]


                            A P P E N D I X

                              ----------                              

    Questions Submitted by Chairman Daniel E. Lungren to Rand Beers
    Question 1a. NPPD recently provided the subcommittee with an 
internal memorandum entitled ``Challenges Facing ISCD, and the Path 
Forward'' which identified challenges facing ISCD as it continues 
implementing the CFATS program, including those related to human 
capital management, strategic planning, procurement, and basic program 
administration.
    What factors prompted the Under Secretary to request that ISCD 
develop this memorandum, and when was it written?
    Question 1b. Describe any efforts to confirm the existence of 
management problems discussed in the memorandum and to determine if the 
underlying cause (or causes) for these problems was accurately 
identified.
    Answer. The Department of Homeland Security, the National 
Protection and Programs Directorate (NPPD), and the Infrastructure 
Security Compliance Division (ISCD) have accomplished much over the 
past few years to establish and implement the Chemical Facility Anti-
Terrorism Standards (CFATS) program, but this unprecedented regulatory 
program still has challenges to address. Upon the arrival of ISCD's new 
Director and Deputy Director, Under Secretary Beers asked them to 
provide their views on the CFATS program for his consideration. Candid, 
honest assessments and critiques are valuable tools in evaluating 
progress and determining where improvement is needed. Furthermore, 
course corrections are to be expected in a nascent and unprecedented 
program like CFATS, and on-going decisions will be necessary. The 
internal memorandum in question was delivered in November 2011.
    We are addressing certain programmatic and management challenges 
through a comprehensive Action Plan. NPPD's senior leadership is 
briefed on a regular basis on the progress made to address the items in 
the Action Plan. The Department looks forward to working with Congress 
to ensure continued success in the CFATS program.
    Question 2a. In response to the ISCD internal memorandum, ISCD 
created an action plan with numerous action items intended to address 
management challenges identified in the memo.
    Has ISCD evaluated the level of effort needed to complete each 
action item, including establishing milestones and time lines for the 
items? How has management prioritized the completion of the action 
items?
    Answer. Yes, the Infrastructure Security Compliance Division (ISCD) 
has evaluated the level of effort required for each action item. Each 
action item has been assigned to a member within ISCD's leadership team 
for coordination. As part of this coordination, each item has been 
assigned milestones and a tentative time frame for completion.
    While the action plan does not formally prioritize the action 
items, each item has milestones and a target completion date based on 
ISCD's Director's guidance and the top three priorities and top three 
challenges identified in the internal memorandum.
    Question 2b. How is progress on the action plan being documented, 
measured, and communicated to leadership within NPPD and its Office of 
Infrastructure Protection?
    Answer. Progress on the ISCD action plan is being documented and 
managed by a designated action plan administrator in a master project 
plan. The action plan administrator receives weekly updates on each 
item from the coordinators. The action plan progress and highlights are 
briefed weekly to ISCD, the Office of Infrastructure Protection, and 
National Protection and Programs Directorate (NPPD) leadership.
    Question 2c. Is NPPD confident that the action items identified 
will address the root cause of the various problems? If so why? If not, 
why not?
    Answer. Yes, NPPD is confident that the action plan will address 
the root causes of the challenges identified. The action plan has been 
reviewed by NPPD and its implementation status is briefed weekly to 
NPPD leadership in order to ensure that progress is being made. In 
addition, at the recommendation of the Government Accountability Office 
(GAO), we will develop metrics to assess the impact of Action Plan 
progress, including impact on the overall implementation of the CFATS 
program.
    Question 3. CFATS was initially authorized in October 2006 under 
the Homeland Security Act of 2007. Since that time, what has the 
program achieved, and do you believe this level of progress is 
sufficient given the amount of time that has elapsed?
    According to DHS and CFATS Leadership, inspectors have been 
conducting assistance visits to tiered facilities. What did these 
assistance visits entail, and how, if at all, did they help improve 
security at facilities?
    Were results of these visits consistently documented?
    Finally, how did these visits differ from the actual inspections 
that will eventually be conducted under the CFATS program?
    Answer. The Chemical Facility Anti-Terrorism Standards (CFATS) 
program, as authorized in the Homeland Security Appropriation Act of 
2007 (Pub. L. No. 109-295), has significantly reduced, directly or 
indirectly, the overall security risk associated with the chemical 
sector in several ways:
   Development of a list of chemicals of interest (COI) with 
        screening threshold quantities (STQ), as specified in Appendix 
        A to CFATS, which the Department of Homeland Security (DHS) 
        uses to help identify potentially high-risk chemical facilities 
        with minimal burden on the chemical industry. Without this COI 
        list, it is unlikely that many of the more than 2,700 
        facilities that have voluntarily removed or significantly 
        reduced the on-site quantity of COI related to their potential 
        security risks would have done so.
   Development of an on-line assessment tool (the ``Top-
        Screen'') through which potentially high-risk chemical 
        facilities possessing COI at or above the applicable STQ submit 
        information to the Department to facilitate preliminary 
        identification of facilities presenting a high-security risk.
   Establishment and maintenance of an up-to-date comprehensive 
        database, based on Top-Screen submissions, with information on 
        the chemical holdings and basic risk profile of more than 
        40,000 chemical facilities across the country.
   Analysis of these Top-Screen submissions, resulting in the 
        initial identification of more than 7,000 preliminary high-risk 
        facilities.
   Development of an on-line Security Vulnerability Assessment 
        (SVA) tool, through which preliminary high-risk facilities have 
        developed, and provided to the Department, additional, more-
        detailed information about their chemicals, their specific 
        circumstances and their potential vulnerabilities, which DHS 
        uses to make a final determination regarding the facilities' 
        risk status.
   Completion of the review to date of more than 7,000 SVAs, 
        resulting in the issuance of final high-risk determinations for 
        more than 3,700 facilities and assignment of those facilities 
        to appropriate risk-based tiers.
   Development of an on-line Site Security Plan (SSP) tool for 
        use by final high-risk chemical facilities in the development 
        and submission of SSPs or Alternative Security Programs (ASPs) 
        for DHS's review and approval or disapproval. This SSP tool 
        collects information on how each facility will meet the 
        applicable risk-based performance standards (RBPSs) under 
        CFATS. The tool is designed to take into account the 
        complicated nature of chemical-facility security and allows 
        facilities to describe both facility-wide and asset-specific 
        security measures. This tool has helped facilities make 
        appropriate and sound decisions in developing security plans 
        that fit the unique characteristics of each facility and best 
        account for the facility's assets and vulnerabilities.
   Publication of a RBPS Guidance document to assist CFATS-
        covered facilities develop adequate SSPs. The RBPS Guidance 
        document provides guidance on what types and combinations of 
        security measures and processes may be appropriate for a 
        facility, based on its unique circumstances, and addresses 
        specific items a facility may wish to consider when selecting 
        security measures and procedures (such as physical and 
        environmental considerations, command-and-control 
        considerations, and the use of layered security) to satisfy the 
        RBPS. This document can also be of value to facilities not 
        regulated under CFATS since it provides guidance on effective 
        security measures that such unregulated facilities could 
        implement voluntarily.
   Enhancement of the National ability to prepare for and 
        respond to potential threats directed at or involving aspects 
        of many types of chemical facilities (including facilities not 
        traditionally considered part of the chemical industry), based 
        on the information provided through Top-Screen and SVA 
        submissions. This has contributed greatly to the development of 
        a more comprehensive, Nation-wide picture of chemical security 
        risks and concerns. CFATS and the data the Department has 
        collected have given the Federal Government a far better 
        understanding of what dangerous chemicals are available 
        commercially, who has them, how they are handled and secured, 
        as well as which facilities present the highest risks.
   Establishment of a sensitive but unclassified information-
        protection regime, called Chemical-terrorism Vulnerability 
        Information (CVI), to help protect certain sensitive security 
        information developed and/or provided to the Department in 
        compliance with CFATS.
   Completion of more than 1,000 Compliance Assistance Visits 
        (CAVs), and participation in more than 3,000 informal 
        introductory meetings with owners and/or operators of CFATS-
        regulated facilities, which have helped to ensure that the 
        regulated community is aware of CFATS requirements and of 
        chemical security risks.
   Development of working relationships with State and local 
        officials through outreach efforts beyond the regulated 
        community. Those relationships are enhancing the overall level 
        of preparedness of the Nation for preventing or responding to 
        potential terrorist attacks involving high-risk chemical 
        facilities or chemicals from those facilities and will pay 
        positive dividends in the event of a chemical security 
        incident. To this end, the Infrastructure Security Compliance 
        Division (ISCD) has participated in more than 2,500 meetings 
        involving Federal, State, and local partners, including more 
        than 100 Local Emergency Planning Committee meetings.
   Increase in security awareness and education through 
        outreach activities, as well as the CFATS website and Help 
        Desk, which has received over 79,000 requests.
   Establishment of an anonymous CFATS Tip-Line, which has 
        received over 100 calls and supports the reporting of 
        suspicious activities and the identification of facilities or 
        individuals who potentially are not complying with CFATS 
        requirements.
   Collaboration within DHS and with other Federal agencies in 
        the area of chemical security, including routine engagement 
        among the National Protection and Programs Directorate's 
        subcomponents and with the U.S. Coast Guard; the Transportation 
        Security Administration; the Department of Justice's Federal 
        Bureau of Investigation; and Bureau of Alcohol, Tobacco, 
        Firearms, and Explosives, the Nuclear Regulatory Commission, 
        and the Environmental Protection Agency. This collaboration 
        allows for the identification of potential security gaps and 
        the sharing of lessons learned, all of which makes the overall 
        homeland security effort more efficient and effective.
    As the above activities demonstrate, in a relatively short period 
of time CFATS has helped the Nation better understand the complex 
security issues associated with the chemical industry, allowed the 
Federal Government to identify high-risk chemical facilities throughout 
the Nation, provided tools to allow high-risk facilities assess their 
vulnerabilities and develop plans to reduce their risks, spurred the 
voluntary elimination or reduction of chemicals of interest at 
facilities throughout the country, facilitated the selection and 
implementation of security measures and procedures to reduce security 
risks, and enhanced Nation-wide preparedness through increased 
understanding and collaboration.
    In the preliminary stages of implementing the CFATS regulation, the 
inspector cadre focused much of its effort on providing outreach and on 
assisting chemical facilities in understanding the requirements of this 
nascent and unprecedented program. One method for providing such 
assistance involves CAVs to facilities. During these CAVs, inspectors 
provided information and assisted many facilities in registering to use 
the on-line Chemical Security Assessment Tool (CSAT), in understanding 
how to use and complete the CSAT Top Screen and Security Vulnerability 
Assessment tools, and in understanding how to prepare and submit (or 
revise) SSPs or ASPs. These outreach and assistance efforts were and 
are essential to the effective implementation of the CFATS program. In 
fact, the assistance provided by the inspectors has contributed 
substantially to the submissions by chemical facilities, which to date 
includes over 40,000 Top Screens, over 7,000 SVAs, and over 3,600 SSPs.
    ISCD conducts CAVs at covered facilities that claim (e.g., through 
requests for redetermination) to have eliminated or reduced their 
chemical holdings or to have implemented other material changes to 
their site or operations. These visits enable ISCD to verify the claims 
made by the facilities and assist ISCD in determining whether they are 
entitled to a change in their risk-based tiering determination.
    In addition, CFATS inspectors have also conducted and may continue 
to conduct what have been previously referred to as Preliminary 
Authorization Inspections (PAIs), which are visits to CFATS-covered 
facilities that have submitted SSPs but that have not yet received 
Letters of Authorization for their SSPs. To avoid confusion with CFATS 
authorization inspections and compliance inspections, ISCD now refers 
to these inspector activities as CAVs. The main purposes of these pre-
authorization visits are: To help ISCD gain a better understanding of 
the processes, risks, vulnerabilities, response capabilities, security 
measures and practices, and other factors at a covered facility that 
are relevant to ISCD's review of the facility's SSP; and to help 
facilities more fully develop and explain the security measures in 
their SSPs.
    Chemical Security Inspectors document CAVs using established 
templates and standards for reporting. These files are reviewed by the 
inspector chain of command, analyzed by ISCD headquarters, and posted 
in the facility's case files. Additional documentation is required for 
all CAVs related to requests for redetermination.
    CAVs differ from actual inspections because the main purposes of 
the former are to assist facilities in the completion of their required 
documentation (Top Screen, SVA, and/or SSP); verify claimed changes at 
a facility in connection with requests for redetermination; help ISCD 
gain a better understanding of the processes, risks, vulnerabilities, 
response capabilities, security measures and practices, and other 
factors at a covered facility that are relevant to ISCD's review of the 
facility's SSP; and to help facilities more fully develop and explain 
the security measures in their SSPs.
    In contrast to CAVs, inspections are conducted only after a 
facility's SSP or ASP has been authorized or approved. Authorization 
inspections are conducted by ISCD inspectors after the facility 
receives a Letter of Authorization in order to verify that the 
descriptions of measures in the facility's authorized SSP or ASP are 
accurate and complete, and that the equipment, processes, and 
procedures described in the SSP or ASP appear to be appropriate to meet 
applicable CFATS risk-based performance standards. The authorization 
inspection results, as well as other relevant available information, 
are evaluated by ISCD to determine whether or not DHS should issue a 
Letter of Approval for the facility's SSP or ASP. Following DHS's 
issuance of a Letter of Approval, ISCD will conduct compliance 
inspections on a periodic and as-needed basis to verify that facilities 
are complying with their approved SSPs or ASPs.
    Question 4. DHS reports that, since the CFATS program's inception, 
more than 1,670 facilities have completely removed their Chemicals of 
Interest (COI). What assurance does DHS have that these facilities have 
removed their COI?
    Answer. Under the Chemical Facility Anti-Terrorism Standards 
(CFATS), chemical facilities that possess any of the chemicals of 
interest (COI) listed in Appendix A at or above the corresponding 
screening threshold quantity (STQ) must complete and submit a Top-
Screen. If DHS determines that the facility is high-risk and the 
facility subsequently makes a material modification to its operations 
or site, the facility must complete a revised Top-Screen within 60 days 
of the material modification. A material modification may involve, for 
example, the complete removal of all COI from the facility or a 
substantial reduction of COI holdings. In addition to submitting a 
material modification Top-Screen, the facility has the option of 
formally requesting that ISCD reevaluate the facility's tiering 
designation by submitting a Request for Redetermination.
    Following the submission of a material modification Top-Screen and/
or a Request for Redetermination, the Infrastructure Security 
Compliance Division (ISCD) will request that the facility provide 
specific documentation showing the removal or reduction of COI or other 
material change in operations, such as shipping information, receiving 
locations, documentation related to changes in processes, invoices, 
bills of lading, sale documentation, etc. ISCD may also request that 
the facility engage in a compliance assistance visit with ISCD 
inspectors so they can observe and gather pertinent information to 
verify the removal or reduction of COI.
    As of February 3, 2012, more than 1,800 facilities have reported 
that they have completely removed all of the COI that they held, and 
more than 900 facilities have reported that they no longer possess the 
quantity of COI that requires submission of a Top-Screen.
    Question 5a. According to the ISCD Memo, as it relates to the Site 
Security Plan (SSP) review process, the process is ``overly complicated 
and inefficient, leading to substantial delays in completing reviews.''
    To what extent has DHS engaged members of the CFATS-regulated 
community, to improve/revamp the SSP portion of CFATS?
    Question 5b. Has DHS considered working with the regulated 
community to accelerate the development of Alternate Security Programs 
(ASPs)? ASPs can be developed in a relatively short time frame, 
providing a standardized and consistent approach for plan submissions 
and approvals.
    Answer. The Infrastructure Security Compliance Division (ISCD) has 
established an interim Site Security Plan (SSP) review process that 
includes the development and refinement of, and training in, review 
procedures; a multi-layered approach that still allows for expeditious 
review and that ensures consistency in application of standards; and a 
quality assurance procedure for reviewing and reporting on the 
effectiveness, efficiency, and consistency of reviews.
    ISCD is in the process of further refining a long-term review 
process. As part of the long-term review, ISCD is working to leverage 
lessons observed in the interim review process and to include a 
strategic outreach to the regulated community.
    The strategic outreach will build upon existing efforts to engage 
the Chemical Facility Anti-Terrorism Standards (CFATS)-regulated 
community to assist with their understanding of the regulation and the 
CFATS process. This has included ISCD's completion of more than 1,000 
Compliance Assistance Visits and participation in more than 3,000 
informal introductory meetings with owners and/or operators of CFATS-
regulated facilities. ISCD's outreach efforts have gone beyond solely 
involving the representatives of CFATS-regulated facilities, and 
additionally, have fostered solid working relationships with industry 
trade associations, such as the American Chemistry Council (ACC) and 
the Agricultural Retailers Association, for example, to discuss 
specific concerns related to their organizations' constituents. ISCD is 
currently participating in a working group with the ACC to consider 
potential improvements to the SSP tool and to assist ACC in its efforts 
to develop an Alternative Security Program (ASP) template that could 
provide sufficiently detailed information to better enable the 
Department of Homeland Security to review facility ASP submissions. The 
option of submitting ASPs in lieu of SSPs has been emphasized to the 
associations and has been incorporated into standard outreach materials 
for the larger regulated community at conferences, meetings, and 
presentations.
    Question 6a. DHS provided briefings and other information to this 
subcommittee noting that one of the factors prompting the review by 
ISCD officials was that DHS discovered flaws in its methodology for 
identifying the risk level of chemical facilities, whereby facilities 
are assigned to specific tiers based on the potential consequences. As 
a result of this flaw, some facilities were misclassified.
    What was the impact of misclassifying facilities?
    Question 6b. What actions were taken to correct this problem?
    Answer. As briefed to the committee, 501 facility tiering decisions 
were potentially affected by a data error in a computer program that 
helps identify high-risk chemical facilities. Of the 501 facilities, 35 
facilities had already been determined to no longer be high-risk prior 
to the re-evaluation process, for reasons unrelated to the tiering 
issue. Upon further review of the remaining 466 facilities, using the 
corrected data, the Department of Homeland Security (DHS) determined 
that 99 facilities were no longer considered high-risk; 148 facilities' 
overall tier levels should be lowered; 178 facilities should retain 
their facility tier levels, although other aspects of their final tier 
determinations should be revised; and that 41 facilities' final tiering 
results were still subject to pending review of their SVAs or Requests 
for Redetermination. DHS notified all of the potentially affected 
facilities of the results of this review in June 2011.
    Question 6c. What assurance does NPPD have that, moving forward, 
the methodology used to develop tiered lists is sound and that 
facilities are properly classified? Was the methodology peer-reviewed?
    Answer. The National Protection and Programs Directorate (NPPD) and 
the Infrastructure Security Compliance Division (ISCD) have committed 
to doing a thorough review of the CFATS risk-based tiering process and 
to promptly developing appropriate responses to any significant new 
tiering issues. In order to carry out this commitment, ISCD has 
developed a three-phase approach including:
   Thoroughly documenting all ISCD processes and procedures 
        relating to the tiering methodology;
   Conducting an internal DHS review of the complete tiering 
        process;
     As part of that effort, a working group composed of NPPD 
            experts was formed and is nearing completion of an internal 
            assessment of the CFATS risk-tiering methodology.
   Conducting an external peer review of the risk-based tiering 
        methodology.
     As part of the internal review, an analysis has been 
            developed that identifies options and various approaches 
            for ISCD to consider in initiating an external review.
     This peer review would provide a forum for external 
            experts to assess the methodologies supporting CFATS.
    Yes, a formal peer review of the modified Risk Analysis and 
Management for Critical Asset Protection (RAMCAP) methodology used 
within the CFATS risk engines was conducted in 2007. DHS is in the 
process of developing a new peer review of the CFATS risk-tiering 
methodology, which is part of the ISCD Action Plan.
    NPPD is committed to doing a thorough review of the CFATS risk-
based tiering process--past and present. In order to do this, NPPD has 
developed a three-phased approach to review its tiering methodology, 
including: Thoroughly documenting all processes and procedures relating 
to the tiering methodology; conducting an internal DHS review of the 
complete tiering process (which is nearing completion); and conducting 
a new external peer review of the risk-based tiering methodology. The 
peer review will provide a forum for external experts to assess the 
tiering methodologies supporting CFATS. ISCD has completed an analysis 
of various approaches for conducting the external review and is 
currently in the process of finalizing the acquisition documentation 
for this effort. DHS expects to launch the external peer review later 
this summer. The Department will keep this committee informed of the 
progress on this important effort.
    Question 6d. What assurance does NPPD have that, moving forward, 
the methodology used to develop tiered lists is sound and that 
facilities are properly classified?
    Answer. Response was not received at the time of publication.
    Question 7. Has DHS conducted an examination of all the algorithms 
in the process? If so, were they peer-reviewed and by whom?
    Answer. As part of the Department of Homeland Security's (DHS) 
internal review of the complete tiering process, a working group 
composed of National Protection and Programs Directorate experts was 
formed and is nearing completion of an internal assessment of the 
Chemical Facility Anti-Terrorism Standards risk-tiering methodology, 
including review of the algorithms.
    DHS is also finalizing a proposal for an external peer review of 
the tiering methodology.
    Question 8. In the Chemicals of Interest Appendix, will there be a 
feedback process and engagement with stakeholders to help determine 
threshold amounts?
    Answer. If the Chemicals of Interest Appendix is revised in the 
future, DHS intends to engage, as appropriate, with interested 
stakeholders through the rulemaking process.
    Question 9. How many regulated companies have come forward to 
question their tier rankings in light of the issues with the formula? 
Has any company filed a lawsuit related to this issue?
    Answer. The Infrastructure Security Compliance Division (ISCD) is 
not aware of any formal requests by any facility to review its tier 
level as a result of the issue with the corrections made in 2010 to one 
computer program that helps DHS identify high-risk chemical facilities. 
ISCD is not aware of any lawsuits related to this issue.
    Question 10a. ISCD's memo cites numerous examples of potential 
waste, fraud, and abuse associated with the use of consumable supplies, 
travel cards, and the procurement of goods needed to carry out 
inspection responsibilities under the CFATS program.
    What is NPPD doing to investigate these issues?
    Question 10b. Has NPPD engaged the DHS Office of the Inspector 
General or any other investigative body to examine these issues or any 
issues associated with the ISCD memorandum? If not, why not?
    Answer. In September 2010, Todd Keil, then-Assistant Secretary for 
Infrastructure Protection (IP), established the Infrastructure Security 
Compliance Division (ISCD) Task Force and Charter. The Task Force was 
directed to review practices and policies related to the salaries and 
benefits of ISCD's chemical inspectors, procurement protocols, fleet 
management, and acquisition of equipment.
    This Task Force review identified potential issues with ISCD's 
resource management and internal management controls and processes. The 
National Protection and Programs Directorate's (NPPD) leadership asked 
NPPD's Office of Compliance and Security (OCS) to coordinate an 
inspection of ISCD. OCS performed its inspection activities between 
April and October 2011. OCS completed its report in October 2011.
    Currently, both the Government Accountability Office and the 
Department of Homeland Security's Office of the Inspector General are 
conducting their own examinations of ISCD.
    With regard to consumable supplies and travel cards specifically, 
the internal ISCD memorandum states that the absence of sufficient 
procedures and oversight led to an environment where fraud, waste, and 
abuse could occur. However, no such incidents have been identified.
    Question 11a. There have been narratives from State and local 
fusion center representatives that they are unable to obtain 
information from site security plans to use in vulnerability 
assessment. The reason they were given is that it is classified 
regulatory information not meant to be shared.
    What is the source of this policy? The CFATS statutory language as 
drafted in Section 550(c) of Public Law 109-293 does not preclude this 
type of information sharing, in fact it encourages it.
    Question 11b. Can you look into this issue and provide me with a 
written explanation? If there is confusion about policy on the ground, 
we like to get constituents the right information and support.
    Answer. Chemical-terrorism Vulnerability Information (CVI) is a 
category of sensitive, unclassified information established under 
Section 550(c) of the Department of Homeland Security (DHS) 
Appropriations Act of 2007 (Pub. L. 109-295) and the Chemical Facility 
Anti-Terrorism Standards (CFATS) regulation to protect certain 
information developed or submitted as part of the CFATS process. Thus, 
CVI is not ``classified'' information as defined by Executive Order 
13526. Except in exigent or emergency circumstances, only CVI 
Authorized Users who have a ``need-to-know'' may have access to CVI. 
Site Security Plans (SSPs) and other specified categories of CFATS-
related information are CVI and must be marked, handled, and stored in 
accordance with the CVI provisions of the CFATS regulation. Please note 
that although an SSP is a CVI document under CFATS, not all of the 
information contained in an SSP is CVI. Specific information that a 
facility develops for other, non-CFATS purposes often is not CVI even 
though it may later be incorporated in an SSP.
    The Infrastructure Security Compliance Division (ISCD) has, upon 
request, shared CVI regarding specific high-risk facilities with CVI-
authorized users who have a need to know that information, including 
non-Federal public officials at fusion centers and other State 
stakeholders, such as State Homeland Security Advisors. In addition, 
individuals within State and local fusion centers and other public 
officials may directly contact CFATS-covered facilities within their 
jurisdiction to obtain relevant information, including CVI, provided 
that the individual seeking that information is a CVI Authorized User 
with a need-to-know. It is through direct communication between State 
and local fusion centers and CFATS-covered facilities that most 
meaningful information exchanges typically occur.
    To aid State and local stakeholders with preparing to access CVI, 
DHS provides on-line CVI training for individuals to become CVI 
Authorized Users. The training can be found at: http://www.dhs.gov/
files/programs/gc_1181835547413.shtm. In addition, DHS has prepared a 
CVI Procedural Manual, with additional information about sharing of 
CVI, which is available at www.dhs.gov/chemicalsecurity.
    Question 12a. As part of the subcommittee's oversight role of this 
program, there is an interest in the progress of the hiring and 
evaluation of those charged with implementing the CFATS program. Of the 
current policy- and inspector-level employees currently working on the 
CFATS program, how many are qualified, properly trained and ready to 
carry out their job duties today?
    How many will need to be re-trained?
    Question 12b. How many will need to be terminated or moved to other 
divisions?
    Answer. Infrastructure Security Compliance Division (ISCD) staff, 
including inspectors, have been hired and trained to ensure they have 
the requisite expertise in physical security, investigations, incident 
management, chemistry, and other relevant fields necessary to properly 
perform the duties that they have been charged with to date. ISCD 
leadership has the utmost confidence in these professionals' abilities 
to conduct these operations. ISCD expects additional training will be 
provided to the inspector cadre as advancements in these procedures 
occur or as new procedures are developed.
    ISCD stood up a working group in September 2011 to review the 
current processes, procedures, and equipment utilized by the inspector 
cadre and to update or develop additional materials and tools to assist 
the inspector cadre in performing future authorization inspections as 
well as compliance inspections, which occur after approval of Site 
Security Plans or Alternative Security Programs. ISCD has updated the 
inspection procedures and is completing the process of providing 
additional training to the entire inspector cadre.
    At this time, it is not possible to say whether any employees 
should be terminated or moved to other divisions. The establishment of 
specific program needs and the development of the long-term process for 
fulfilling identified program requirements is an on-going and dynamic 
one. As the Chemical Facility Anti-Terrorism Standards program 
continues to mature, ISCD will ensure that all of the positions it 
needs are staffed with individuals who possess the appropriate 
knowledge, skills, and abilities necessary to perform at the 
appropriate level.
    Question 13. How many CFATS employees have a chemistry or physical 
sciences background? How many current inspectors have a chemical 
facility inspection background?
    Are job descriptions being designed with these qualifications in 
mind?
    Answer. Currently, the Infrastructure Security Compliance Division 
(ISCD) employs the following number of staff with a chemistry or 
physical sciences background: Five chemical engineers, one chemist, 
three general engineers, and seven information technology management 
specialists. In addition, ISCD currently has vacant positions for four 
chemical engineers, one general engineer, and two information 
technology management specialists.
    The Chemical Facility Anti-Terrorism Standards (CFATS) program is 
one of the first Federal regulatory programs to focus specifically on 
the security risks associated with chemical facilities. Since the 
program's inception, the inspector cadre has undergone training and 
participated in activities to build their expertise in chemical 
facility inspections.
    ISCD is in the process of conducting a top-to-bottom review of the 
Division's staffing to develop a Human Resources Plan that will further 
define and document the roles, responsibilities, required skills, and 
reporting relationships of its staff. Once the Human Resources Plan is 
developed, ISCD will fully assess the Human Resources needs to include 
the creation of job descriptions and determining the proper grade 
levels.
    Question 14a. What is the status of the inspector training program?
    How close is an inspector training program to being put in place?
    Question 14b. Are you working to leverage the knowledge base of 
other components and agencies that have functioning inspection 
programs, such as the Coast Guard or the Department of Energy?
    Question 14c. Would you be willing to leverage industry expertise 
in developing a training program?
    Answer. The Infrastructure Security Compliance Division (ISCD) 
stood up a working group in September 2011 to review the current 
procedures and to consider revising or providing additional training to 
assist the inspector cadre in performing future authorization 
inspections and to help them to conduct compliance inspections, which 
will begin after the Department of Homeland Security issues Letters of 
Approval for covered facilities' Site Security Plans or Alternative 
Security Programs. Throughout the development of the Chemical Facility 
Anti-Terrorism Standards (CFATS) program, ISCD has worked with industry 
and with Federal, State, and local partners to obtain and apply lessons 
learned and best practices. The ISCD working group is leveraging these 
relationships as it works to further develop and refine its inspection 
procedures and training. ISCD has updated the inspection procedures and 
is completing the process of providing additional training to the 
entire inspector cadre.
    Question 15a. Additionally, there is information related to the 
memo and administration of the program that is germane to the 
subcommittee's work. I have highlighted some outstanding subcommittee 
requests made to your staff for which we have not received a response:
    In January, committee (bipartisan) staff requested and the 
subcommittee has yet to receive a time line of political and career 
individuals in charge of CFATS since its inception. This request was 
repeated by members in a February briefing.
    Why has this information not been sent?
    There has been a high amount of turnover at all levels in this 
program. What impact has it had on implementation and continuity of 
operations?
    Answer. The following tables provide the names and tenures of 
leaders within the Office of Infrastructure Protection, including the 
Assistant Secretary, Deputy Assistant Secretary, Infrastructure 
Security Compliance Division (ISCD) Director, and ISCD Deputy Director, 
who have had responsibility for carrying out the requirements of 
Section 550 of the Department of Homeland Security Appropriations Act 
of 2007 (Pub. L. No. 109-295).

------------------------------------------------------------------------
          Assistant Secretary                         Dates
------------------------------------------------------------------------
Caitlin Durkovich......................  May 2012--Present.
William Flynn (Acting).................  February 2012--May 2012.
Todd M. Keil...........................  December 2009--February 2012.
William Flynn (Acting).................  September 2009--December 2009.
James L. Snyder........................  January 2009--September 2009.
Robert Stephan.........................  April 2005--January 2009.
------------------------------------------------------------------------


------------------------------------------------------------------------
       Deputy Assistant Secretary                     Dates
------------------------------------------------------------------------
William Flynn..........................  November 2010-Present
                                         (Concurrently served as Acting
                                          Assistant Secretary in
                                          February 2012--May 2012).
Sue Armstrong..........................  November 2010-October 2011
                                         (Detailed to the Federal
                                          Protective Service (FPS) in
                                          October 2011 and reassigned to
                                          FPS in May 2012).
Sue Armstrong (Acting).................  September 2009-November 2010.
Vacant.................................  January 2009-September 2009.
James L. Snyder (Acting)...............  November 2008-January 2009.
Kevin Reardon..........................  December 2007-November 2008.
Vacant.................................  March 2007-December 2007.
Tom DiNanno............................  July 2004-March 2007.
------------------------------------------------------------------------


------------------------------------------------------------------------
             ISCD Director                            Dates
------------------------------------------------------------------------
David Wulf.............................  July 2012-Present.
Penny Anderson.........................  July 2011-July 2012.
Rick Driggers (Acting).................  December 2010-July 2011.
Dennis Deziel (Acting).................  September 2009-December 2010.
Sue Armstrong..........................  July 2009-September 2009.
Sue Armstrong (Acting).................  November 2008-July 2009.
James Snyder...........................  November 2008-November 2008.
Sue Armstrong (Acting).................  July 2008-November 2008.
Larry Stanton (Acting).................  March 2007-July 7, 2008.
Deputy Assistant Secretary Tom DiNanno   October 2006-March 2007.
 (serving as chair of Chemical Security
 Working Group).
------------------------------------------------------------------------


------------------------------------------------------------------------
          ISCD Deputy Director                        Dates
------------------------------------------------------------------------
Rick Driggers (Acting).................  July 2012-Present.
David Wulf.............................  July 2011-July 2012.
VACANT.................................  April 2011-July 2011.
James ``Chris'' Anderson (Acting)......  December 2010-April 2011.
Todd Klessman (Acting).................  August 2010-December 2010.
Wade Townsend (Acting).................  June 2010-August 2010.
Todd Klessman (Acting).................  September 2009-June 2010.
Dennis Deziel (Acting).................  November 2008-September 2009.
Sue Armstrong..........................  November 2008-November 2008.
------------------------------------------------------------------------

    Personnel turnover at the management levels of the program has 
inevitably had some impact on implementation of CFATS, although 
continuity of the program has been substantially maintained. In order 
to minimize such impacts from past and potential future turnover, ISCD 
has, among other actions, ensured that decisions, processes, and 
procedures are thoroughly documented. These actions include, but are 
not limited to, establishing an interim Site Security Plan review 
process, forming an Inspection Tools Working Group, and implementing 
the ISCD Action Plan.
    Question 15b. In January, committee (bipartisan) staff also 
requested a time line of how and when issues with CFATS were reported 
up the chain of command. That has not been received.
    When did Secretary Napolitano learn of the issues and has she 
passed any direction down to Under Secretary Beers?
    How much communication within DHS Headquarters and the Secretary's 
Office has there been about the memo?
    Answer. Secretary Napolitano became aware of the existence of the 
November 2011 internal memorandum shortly after it was submitted by 
ISCD leadership to the National Protection and Programs Directorate. 
She instructed Under Secretary Beers, Deputy Under Secretary Spaulding, 
and the ISCD leadership to move expeditiously to implement the action 
plan, continue to encourage employees to come forward with any 
concerns, and to keep her updated on progress and any problems.
    Under Secretary Beers updates the Secretary and her immediate staff 
on the Action Plan regularly. The Under Secretary meets almost daily 
with the Secretary and uses those opportunities to communicate progress 
on implementation of the Action Plan, major milestones, and issues that 
warrant senior leadership attention. The Deputy Under Secretary and the 
Assistant Secretary for Infrastructure Protection also provide periodic 
updates to the Department of Homeland Security's senior-most 
counselors.
  Questions Submitted by Ranking Member Yvette D. Clarke to Rand Beers
    Question 1. H.R. 5695, as passed by the Homeland Security Committee 
in 2006 required the Secretary and Inspector General of DHS to submit 
reports to Congress. These reports were to address progress in 
achieving compliance, assess the effectiveness of facility security 
plans, draw lessons learned, and make recommendations to improve 
programs, plans, and procedures. Had these kinds of normal, authorized, 
requirements been included in a comprehensive authorization of CFATS, 
the first report to Congress would likely have been due some 5 years 
ago, with subsequent reports due annually thereafter. Unfortunately, 
the majority at the time set aside H.R. 5695 and enacted the CFATS 
program as a rider on the DHS appropriations act without appropriate 
oversight provisions. Would you agree that if Congress had included 
basic accountability provisions in the CFATS program from the outset, 
many of challenges of program implementation would have come to light 
years ago rather than as the result of an internal memorandum leaked to 
the news media?
    Answer. The Department of Homeland Security believes that 
appropriate Congressional oversight can improve accountability and 
enhance the effectiveness of Executive Branch activities. As might be 
expected in managing a groundbreaking program, the Infrastructure 
Security Compliance Division (ISCD) has indeed encountered difficulties 
in its implementation of the Chemical Facility Anti-Terrorism Standards 
program. We believe the program has helped the Nation better understand 
the complex security issues associated with the chemical industry, 
allowed the Federal Government to identify high-risk chemical 
facilities throughout the Nation, provided tools to allow high-risk 
facilities to assess their vulnerabilities and develop plans to reduce 
their risks, spurred the voluntary elimination or reduction of 
chemicals of interest at facilities throughout the country, facilitated 
the selection and implementation of security measures and procedures to 
reduce security risks, and enhanced Nation-wide preparedness through 
increased understanding and collaboration.
    Question 2. What are your plans for well-structured and regular 
reports to Congress on the progress of the CFATS program, and what are 
your recommendations for the inclusion of these kinds of reports in any 
future authorization by Congress?
    Answer. The Department of Homeland Security (DHS) understands the 
need for Congress to receive regular updates on the progress of the 
Chemical Facility Anti-Terrorism Standards (CFATS) program. However, 
DHS believes that briefings and other communications--in lieu of formal 
reports to Congress--are the most efficient and timely methods of 
updating Congress on the progress of the CFATS program. DHS has 
provided and will continue to provide many such briefings whether or 
not required by legislation.
  Questions Submitted by Ranking Member Yvette D. Clarke to Penny J. 
                                Anderson
    Question 1a. Please provide details on the plans for the CSI 
workforce, including:
    Creation of new job descriptions.
    Question 1b. Pay-grade levels of new hires based on any revamped 
job description.
    Question 1c. Whether the new plan will include career ladders. With 
the need to review so many facilities, how will the performance 
measurements/evaluations for inspectors be determined?
    Question 1d. How will the need for overtime be addressed?
    Question 1e. Will NPPD/ISCD be reducing CSI pay-grades from GS13 to 
GS11 and GS12?
    Question 1f. Will AUO (Administratively Uncontrollable Overtime) of 
the CSI's be restricted?
    Answer. The Infrastructure Security Compliance Division (ISCD) is 
in the process of conducting a top-to-bottom review of the Division's 
staffing to develop a Human Resources Plan that will further define and 
document the roles, responsibilities, required skills, and reporting 
relationships of its staff. Once the Human Resources Plan is developed 
it will fully assess the Human Resources needs to include the creation 
of job descriptions and determining the proper grade levels. Individual 
performance management plans and the application of overtime policies, 
including those regarding Administratively Uncontrollable Overtime, 
will continue to comply with National Protection and Programs 
Directorate, Department of Homeland Security, and Office of Personnel 
Management regulations and guidelines.
    Question 2. With all the CFATS implementation issues in front of 
you, how are you doing on the ammonium nitrate regulations and what is 
your time line?
    Answer. The Notice of Proposed Rulemaking for the Ammonium Nitrate 
Security Program was published in the Federal Register on August 3, 
2011, and the public was given 120 days to provide comment(s) 
concerning the proposed rule. Additionally, the Department of Homeland 
Security (DHS) held 12 public meetings during the 120-day comment 
period to brief the public on the proposed rule, listen to their 
concerns, and gather comments provided during those forums. The 
Department is currently evaluating the public comments and is 
determining what responses will be appropriate to include in the final 
rule for the Ammonium Nitrate Security Program. The Department expects 
to develop a final rule in a time frame that ensures that it can 
consider and respond appropriately to the concerns raised during the 
public comment period while complying with all applicable Federal 
rulemaking requirements and procedures.
    Question 3. We know the ammonium nitrate industry has expressed 
concern over the proposal to regulate mixtures at the 30 percent level 
and that a meeting has been requested to better understand the thinking 
of DHS in this regard. Can you tell me when you are going to meet with 
industry representatives on this issue?
    Answer. Members of the public, including many members of industry, 
submitted many written comments discussing mixture percentages during 
the 120-day comment period for the Ammonium Nitrate Security Program 
from August 2011 to December 2011. During the public comment period, 
the Department of Homeland Security (DHS) also hosted a series of 12 
public meetings in areas of high ammonium nitrate usage around the 
country in order to provide the public in-person overviews of the 
proposed regulations and to solicit additional public feedback. At many 
of these meetings, attendees, including industry representatives, 
provided opinions and statements concerning mixture percentages. DHS is 
currently reviewing all of the comments and will consider that input 
when drafting responses to the comments and developing a final rule.
 Questions Submitted by Ranking Member Yvette D. Clarke to Timothy J. 
                                 Scott
    Question 1. Please clarify the number of Dow Chemical facilities 
that are required to submit a vulnerability assessment and site 
security plan to DHS under the Chemical Facility Anti-Terrorism 
Standards (excluding those facilities subject only to the top screen 
process but not actually assigned a risk tier).
    Answer. Dow has 19 facilities (including sites acquired by 
acquisition from Union Carbide Company and Rohm & Haas Corporation) 
currently regulated, tiered, and required to submit a vulnerability 
assessment and site security plan under CFATS.
    Question 2. Likewise please separately provide the number of Dow 
Chemical facilities that are subject to security requirements of the 
Maritime Transportation Security Act, and the number of Dow Chemical 
facilities, if any, that are subject to the security jurisdiction of 
the Nuclear Regulatory Commission.
    Answer. Dow has 8 facilities (including sites acquired by 
acquisition from Union Carbide Company and Rohm & Haas Corporation) 
subject to security requirements under the Maritime Transportation 
Security Act, and one small research lab regulated under the Nuclear 
Regulatory Commission.
    Question 3. In your July 24, 2007 testimony before this committee 
you included an illustration, ``An Integrated Approach to Chemical 
Industry Security,'' which included security options for extremely 
hazardous chemicals that included: Reduce inventory; reduce pressures; 
lower temperature; make and use in process without storage; and use 
alternates where process allows. Does Dow Chemical incorporate any or 
all of these approaches into its vulnerability assessments and security 
plans?
    Answer. Dow conducts its vulnerability assessments with teams 
consisting of both security and process safety specialists. All risk 
and vulnerability reduction options are considered during these risk-
based assessments, and the option best-suited to the specific scenario 
and the specific site is implemented. Dow has examples of the 
implementation of each available option--inventory, pressure or 
temperature reduction; in-process consumption; and product 
substitution; as well as process safety implementation in new plant 
design.
  Questions Submitted by Chairman Daniel E. Lungren to David L. Wright
    Question 1a. Initially, the ISCD memo was not released to 
stakeholders in industry, the union, nor some Department employees. 
Since, it has been released via different sources. Mr. Wright, did the 
Department give you a reason for not providing you with the ISCD memo 
to prepare for the hearing?
    Answer. I do recall specifically asking the Department for a copy 
of the ISCD memo in the context of preparing for the hearing. My prior 
requests had been refused due to the confidential/harsh nature of the 
report and the on-going investigation into the media leak. I had no 
reason to believe that I would be able to obtain the report from the 
Department.
    Question 1b. Since much of it impacts the inspector cadre you 
represent, were you given any access to it prior to the hearing? If 
not, were you told why not?
    Answer. I was not given access to the ISCD memo prior to the 
hearing. Reason given was the confidential nature of the report and the 
fact that the media leak was under investigation by DHS.
    Question 1c. Have there been any meetings with the employees you 
represent to discuss the contents of the memo?
    Answer. I have had two Union teleconferences with the inspector 
cadre prior to the hearing--one within a few days after the FoxNews 
report and one within days of being notified about my requested 
Congressional testimony. During the first teleconference the discussion 
centered on what we could glean from the news story and the resulting 
feelings of insult and degradation.
    The second Union teleconference centered on my expected testimony--
I was encouraged to portray to Congress the willingness and ability of 
the CFATS inspector workforce to accomplish the mission. This 
teleconference also centered on the CFATS inspector's disappointment in 
the performance of NPPD managers at the previous hearing at House 
Energy and Commerce Committee.
    I also participated (listened in) on an agency ``all-hands'' 
employee teleconference with NPPD Deputy Secretary Suzanne Spaulding 
and ISCD Director Penny Anderson that occurred within days of the 
FoxNews story during which the workforce was encouraged to proceed with 
the mission regardless of media coverage.
    A second all-hands teleconference with Director Anderson (which I 
was unable to attend) apparently focused on some clarification by her 
regarding personal insult perceived by the CFATS inspectors--of which 
she apparently clarified that no insult or degradation was intended.
    Question 2a. There are areas of the ISCD memo, which you have not 
been allowed to view in its totality, that allude to inspectors wanting 
to carry firearms and be addressed as ``commander''.
    Question 2b. Do you have any knowledge of either of those 
assertions being true?
    Answer. As I testified to at the hearing, the NPPD CFATS inspector 
force was originally staffed by law enforcement officer detailees from 
the Federal Protective Service Hazmat Technician force. I distinctly 
recall because I was interested in the position and because of the 
competitive aspects of the detailee selection process. FPS law 
enforcement officers applied for the detail after being advised that 
the positions could become permanent and that ultimately--NPPD ISCD 
officials would attempt to gain law enforcement authority for the 
Chemical Security Inspector workforce. As I recall, the ``plan'' at the 
outset was to institute a law enforcement workforce that could respond 
to failed chemical facility security plans that resulted in shutdown of 
facilities--or actual breaches of security.
    The title ``commander'' is presently in use and appears to be an 
official job title based on correspondence issued to me in the past. 
The use of the term likely originated in the context of a law 
enforcement ``chain of command''.
    Since the Chemical Security Inspectors have joined the Union on 
March 2011--none have approached the Union regarding with what many 
consider to be a breach of commitment by the agency--the effort to 
institute a law enforcement workforce and opportunity to continue the 
Federal law enforcement career from which they departed. That promise 
faded long ago and no one is pursuing the issue to my knowledge.
    Since the hearing, I have learned that the agency initiative to 
gain law enforcement authority was being pursued by ISCD management as 
late as November 2010.
    Question 3. In your written testimony to the subcommittee you noted 
that there are time constraints in the union contract that would 
prevent any long-term or burdensome negotiations. However, in the 
leaked memo ISCD Director Penny Anderson said that there is a mileage 
dispute described as starting July 2011 and is allegedly on-going. Can 
you explain this situation?
    Answer. Citing ``effective management of the agency and its 
resources'', Article 9F of the Union Contract allows for ``expedited 
implementation of policies and procedures affecting conditions of 
employment''.
    The ``mileage dispute'' consisted of the agency notifying the Union 
about the way that Government Owned Vehicle (GOV) mileage and other GOV 
issues were to be documented in a vehicle mileage log. Originally, it 
was the Union's contention that reporting of GOV miles driven and fuel 
usage documented at time of purchase (Government fuel card required 
mileage input at fuel pump) were sufficient for documentation of miles 
driven--and that the additional documentation would be duplicative and 
administratively burdensome, i.e. if an inspector spent 30 minutes or 
more per day detailing mileage and fueling on a website with 
insufficient internet connection in a vehicle, there is at least a 
duplication of effort and potential for wasting time and effort. We 
were also concerned that the potential waste of time could reflect on 
the supervisor's perception of inspector performance.
    To further complicate matters, when asked about the new 
requirements, agency cited an NPPD Policy. When Union asked to review 
the policy--because we had never seen it--we were provided a copy and 
it turned out to be a ``draft policy'' not ready for implementation. 
Subsequently, agency provided a DHS Policy that did not require the 
specificity of the new NPPD form. At each of these points, I became 
increasingly aware that the agency was misleading me in performance of 
my lawful responsibility to represent the members of this newly 
organized portion of the FLRA-certified bargaining unit.
    The Union issue was never the authority of the agency to implement 
such mileage log requirements. The issue was the apparent agency 
attempts to circumvent simple bargaining of ``impact and 
implementation'' on the workforce. The misleading nature (whether 
deliberate or not) of the agency's interaction with me developed into 
mistrust. I suggested to the agency--as a vehicle mileage log for GOV's 
was not a HUGE issue--that they implement the mileage log requirements 
and we could discuss at a later time--post-decisional bargaining as 
allowed by Union contract and they agreed. At that point, we'd had 
about four teleconferences lasting about 15-20 minutes each between 
four or five personnel.
    The agency then neglected to implement and discuss the policy. We 
filed an Unfair Labor Practice (ULP) for failure to bargain in late 
August/early September. To my recollection there was no further 
discussion of the issue for the remainder of the year. In January, the 
FLRA informally cited that Union had offered and should pursue post-
decisional bargaining and that the ULP would ultimately be dismissed by 
the FLRA Regional Director. The ULP was dropped in January 2012. Post-
decisional bargaining was pursued and ultimately dropped due to lack of 
input by Union rank and file.
    Question 4. Do you believe that your interactions with CFATS 
leadership have been obstructive in any way?
    Answer. No. To the contrary, I have advised all levels within NPPD 
of our willingness to work together. When I met with ISCD Director 
Anderson and Deputy David Wulf in September 2011, they cited the 
temporary nature of the agency's Authorization, the concern that 
significant progress of the agency had to be made and uncertainty as to 
how to deal with the Union. I obligated to them on that day--that if 
they did find the Union contract as burdensome in any way, a simple 
communication with me would lead to elimination of any time line 
issues. For example, Article 9A 1 of the contract requires notification 
of changes in working conditions to be accomplished 30 days in advance 
and gives 14 days for Union to respond. This requirement could--and 
would--be waived in the interest of mission accomplishment at this 
critical stage in the agency's development. We also discussed the 
vehicle mileage log ULP and I advised hem that the ULP was a simple 
issue that could be remedied by forthrightness on the part of the 
agency as to the seemingly overreaching requirements.
    At that time, Director Anderson expressed confidence in the efforts 
to develop a good labor/management relationship. I am disappointed to 
know--months later--that the internal report was likely being developed 
and drafted as we were speaking that day--and that my comments and 
efforts (at least to my knowledge) were not included as part of that 
narrative--in what I now see as an effort to paint the picture of a bad 
labor/management relationship.
    Question 5. Mr. Wright, your union represents personnel in other 
areas of DHS, Federal Protective service, for example. How have your 
dealings with CFATS Leadership been different from your work with other 
DHS components?
    Answer. I have represented the Federal Protective Service personnel 
since 2006. My relationship with FPS has always been a mutually 
respectful and mostly beneficial relationship.
    In the FPS years at ICE, the labor/management relationship with ICE 
was somewhat contentious and stifled by the nature of the differing 
missions, i.e. priority of Immigration and Customs Enforcement duties 
versus the lower priority of FPS' mission--protection of Federal 
facilities.
    Upon the FPS transition to NPPD, Under Secretary Beers' recognition 
of the importance of labor relations with an FPS unionized workforce 
was realized--not only for the benefit of the workforce--but for the 
benefit of the agency through increased employee input. At this point--
at least in the context of a working relationship with FPS and senior 
NPPD officials, issues are discussed and remedied in an efficient, 
usually informal manner.
    Despite my outreach and my purposeful negating/relaxation of Union 
contract provisions, the labor/management relationship with ISCD 
remains ``cool'' after the first year of our representation in this 
FLRA-certified bargaining unit.
    Despite that cooled ISCD labor/management relationship, AFGE Local 
918 remains committed to the successful accomplishment of the ISCD 
mission at this critical stage in its history.
    As with our history at FPS, ICE, and NPPD, AFGE Local 918 intends 
to fully disclose any and all information regarding hindrance of ISCD 
mission accomplishment to Congress.

                                 
