[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]





        DEPARTMENT OF HOMELAND SECURITY APPROPRIATIONS FOR 2013

_______________________________________________________________________

                                HEARINGS

                                BEFORE A

                           SUBCOMMITTEE OF THE

                       COMMITTEE ON APPROPRIATIONS

                         HOUSE OF REPRESENTATIVES

                      ONE HUNDRED TWELFTH CONGRESS
                             SECOND SESSION
                                ________
                    SUBCOMMITTEE ON HOMELAND SECURITY
                  ROBERT B. ADERHOLT, Alabama, Chairman
 JOHN R. CARTER, Texas               DAVID E. PRICE, North Carolina
 JOHN ABNEY CULBERSON, Texas         LUCILLE ROYBAL-ALLARD, California
 RODNEY P. FRELINGHUYSEN, New Jersey NITA M. LOWEY, New York
 TOM LATHAM, Iowa                    JOHN W. OLVER, Massachusetts
 ANDER CRENSHAW, Florida             
 CHARLES W. DENT, Pennsylvania      

 NOTE: Under Committee Rules, Mr. Rogers, as Chairman of the Full 
Committee, and Mr. Dicks, as Ranking Minority Member of the Full 
Committee, are authorized to sit as Members of all Subcommittees.
               Ben Nicholson, Jeff Ashford, Kris Mallard,
            Kathy Kraninger, Cornell Teague, and Hilary May,
                            Staff Assistants
                                ________

                                 PART 5

                     DEPARTMENT OF HOMELAND SECURITY
                                                                   Page
  Chemical Facility Anti-Terrorism Standards (CFATS)--July 26, 
2012..............................................................    1
  Chemical Facility Anti-Terrorism Standards (CFATS)--September 
20, 2012..........................................................   59



[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]



                                ________

         Printed for the use of the Committee on Appropriations
                                ________

                     U.S. GOVERNMENT PRINTING OFFICE

 77-757                     WASHINGTON : 2013



                                  COMMITTEE ON APPROPRIATIONS

                    HAROLD ROGERS, Kentucky, Chairman

 C. W. BILL YOUNG, Florida \1\         NORMAN D. DICKS, Washington
 JERRY LEWIS, California \1\           MARCY KAPTUR, Ohio
 FRANK R. WOLF, Virginia               PETER J. VISCLOSKY, Indiana
 JACK KINGSTON, Georgia                NITA M. LOWEY, New York
 RODNEY P. FRELINGHUYSEN, New Jersey   JOSE E. SERRANO, New York
 TOM LATHAM, Iowa                      ROSA L. DeLAURO, Connecticut
 ROBERT B. ADERHOLT, Alabama           JAMES P. MORAN, Virginia
 JO ANN EMERSON, Missouri              JOHN W. OLVER, Massachusetts
 KAY GRANGER, Texas                    ED PASTOR, Arizona
 MICHAEL K. SIMPSON, Idaho             DAVID E. PRICE, North Carolina
 JOHN ABNEY CULBERSON, Texas           MAURICE D. HINCHEY, New York
 ANDER CRENSHAW, Florida               LUCILLE ROYBAL-ALLARD, California
 DENNY REHBERG, Montana                SAM FARR, California
 JOHN R. CARTER, Texas                 JESSE L. JACKSON, Jr., Illinois
 RODNEY ALEXANDER, Louisiana           CHAKA FATTAH, Pennsylvania
 KEN CALVERT, California               STEVEN R. ROTHMAN, New Jersey
 JO BONNER, Alabama                    SANFORD D. BISHOP, Jr., Georgia
 STEVEN C. LaTOURETTE, Ohio            BARBARA LEE, California
 TOM COLE, Oklahoma                    ADAM B. SCHIFF, California
 JEFF FLAKE, Arizona                   MICHAEL M. HONDA, California
 MARIO DIAZ-BALART, Florida            BETTY McCOLLUM, Minnesota
 CHARLES W. DENT, Pennsylvania         
 STEVE AUSTRIA, Ohio                   
 CYNTHIA M. LUMMIS, Wyoming            
 TOM GRAVES, Georgia                   
 KEVIN YODER, Kansas                   
 STEVE WOMACK, Arkansas                
 ALAN NUNNELEE, Mississippi            
   
 ----------
 \1\ Chairman Emeritus    

               William B. Inglee, Clerk and Staff Director

                                  (ii)

 
        DEPARTMENT OF HOMELAND SECURITY APPROPRIATIONS FOR 2013

                              ----------                              

                                           Thursday, July 26, 2012.

           CHEMICAL FACILITY ANTI-TERRORISM STANDARDS (CFATS)

                               WITNESSES

STEVE CALDWELL, DIRECTOR, HOMELAND SECURITY AND JUSTICE ISSUES, 
    GOVERNMENT ACCOUNTABILITY OFFICE
SUZANNE SPAULDING, DEPUTY UNDER SECRETARY, NATIONAL PROTECTION AND 
    PROGRAMS DIRECTORATE, DEPARTMENT OF HOMELAND SECURITY
DAVID WULF, DIRECTOR, OFFICE OF INFRASTRUCTURE PROTECTION, DHS

              Opening Statement: Chairman Robert Aderholt

    Mr. Aderholt. The hearing will come to order. The hearing 
today is on the Department of Homeland Security's Chemical 
Facility Anti-Terrorism Standards Program, better known as 
CFATS. To better understand the difficulties that this program 
has experienced we welcome the NPPD Deputy Under Secretary 
Suzanne Spaulding, and Steven Caldwell from the Government 
Accountability Office. I think the microphone is working now.
    Today, as we are all unfortunately aware, the Chemical 
Facility Anti-Terrorism Standards, which as I mentioned is 
commonly known as CFATS, has struggled. This was highlighted in 
a very disturbing internal report that was leaked to the media 
this past December concerning the management of the CFATS 
program.
    Since the program was created in fiscal year 2007, industry 
stakeholders have made many improvements at their sites and 
spent hundreds of millions of dollars complying with the CFATS 
policy. However, after five years it is clear that the 
Department of Homeland Security has absolutely failed to fully 
develop an efficient and effective program.
    The internal memo specifically notes that the lack of a 
well developed direction and plan led to, and I quote this, 
``the hiring of inappropriate people; the expenditure of 
significant funds for what has since been determined to be 
unnecessary expenses and several false starts in the direction 
of the program.'' The memo further concludes that these and 
other gaps, ``now pose a risk to the program.''
    The Department of Homeland Security must address each of 
the issues that were brought to light in the memo and provide 
industry with the direction they need to move forward and the 
taxpayers with a viable program. Today we want to hear from the 
GAO on the difficulties that are hindering the program, how 
they are addressing these issues, and how the program is being 
restructured.
    In short we want to know what we would gain from nearly 
half a billion dollars appropriated for the CFATS program and 
how we are going to fix this broken program, a program that was 
intended to fill the vital mission of preventing hazardous 
chemicals from falling into the wrong hands.
    Let me make it clear up front to those with the Department 
of Homeland Security in attendance today: this subcommittee 
cannot tolerate waste, fraud, and abuse. Especially when we are 
dealing with vital security programs and our vital budget is 
hemorrhaging red ink.
    Lastly I want to express my concern with the lack of 
outreach that the NPPD has had toward this subcommittee. Last 
Friday the CFATS program withdrew the personal surety programs 
information collection requests from review at OMB. Even though 
this committee, and other congressional committees of 
jurisdiction, has been very outspoken on this issue, the 
department failed to notify the committee or formally explain 
the reasons for the withdrawal. This lack of information 
sharing is unfortunate and counterproductive to effective 
oversight. Secretary Spaulding, could you commit today that 
this behavior will not continue? That you personally will 
ensure that the NPPD will work with Congress so we can move 
forward in a positive manner, working together towards a common 
goal, toward fiscal responsibility and an effective program?
    Given the breadth of these topics, we will clearly have an 
interesting discussion today. We are unsure exactly what the 
vote schedule is going to be this morning but we are going to 
proceed under normal order. So Under Secretary Spaulding and 
Mr. Caldwell, if you could summarize your testimony for a few 
minutes, and then you can submit any kind of statement that you 
want for the record. That will also give us time for answers 
and questions.
    But before we begin I would like to recognize the ranking 
member of this subcommittee, Mr. Price, for his opening 
remarks.
    [The information follows:]


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


    
                Opening Statement: Ranking Member Price

    Mr. Price. Thank you, Mr. Chairman. And I want to add my 
welcome to Deputy Under Secretary Suzanne Spaulding from the 
National Protection and Programs Directorate; and Assistant 
Director Steven Caldwell from the GAO. Thank you for being 
here. You are here to discuss the status of the Chemical 
Facility Anti-Terrorism Security Standards, commonly referred 
to as CFATS.
    The Department of Homeland Security is required to identify 
and assess high risk chemical facilities and to ensure their 
security. The department has required chemical facilities to 
complete a so-called top screen for potential dangerous 
materials to identify vulnerabilities and to develop a site 
security plan. To date more than 40,000 top screens have been 
submitted by chemical facilities. From this pool over 7,000 
facilities were initially designated as high risk and were 
required to submit security vulnerability assessments to NPPD, 
although this number has decreased somewhat over time. Earlier 
this year CFATS covered just under 4,500 high risk facilities 
nationwide, which are further stratified into four risk tiers.
    We all acknowledge that a lot of work has taken place to 
date to identify and classify the high risk chemical 
facilities. But NPPD has still a long way to go. Numerous 
concerns have been raised about the speed at which the security 
vulnerability assessments have been reviewed and the site 
security plans approved. For example, less than one year ago 
NPPD had only conducted one security vulnerability assessments. 
While that figure has now grown to 63, it may be years before 
all of the security assessments are finalized. And, as of 
today, no site security plan has been approved, almost five 
years after Congress implemented this statutory requirement. 
According to recent GAO data it may date up to ten years before 
all site security plans are approved. That is simply not an 
acceptable time frame.
    Although NPPD is years away from completing its work, 
unfortunately this subcommittee recommended a cut of over $29 
million to infrastructure security compliance's fiscal year 
2013 request because of a lack of progress in the Chemical 
Facility Anti-Terrorism Standards program. Now it is true, this 
program has accumulated high unobligated balances from prior 
years. But while I share the chairman's concern over the high 
unobligated balances, I believe this subcommittee's cuts go too 
far and in fact are quite counterproductive. They will affect 
NPPD's ability to do the very things we are asking you to do, 
being able to move ahead on CFATS and on the management 
concerns identified by the agency's internal review and follow 
on action plans.
    Ms. Spaulding, it was imperative to develop and implement 
an action plan to correct these management problems. Six months 
after your plan was completed only about half of the 94 action 
items have been closed, the rest have outstanding actions. Mr. 
Caldwell, since the chairman and I requested GAO to look into 
these issues further, I look forward to your update on where 
NPPD stands on these corrective actions and what further 
recommendations you have planned to address these concerns.
    Finally, we have also heard numerous concerns about the 
vetting of chemical security personnel, which the House 
Appropriations bill does address as you know. Just this week 
this committee learned that NPPD was dropping the personnel 
surety component. Putting the merits of this decision aside, I 
am concerned that the committee did not know about this, and 
was not notified of this change by the department. 
Unfortunately this lack of notification is not the first time. 
There is a disturbing trend of leaving appropriators in the 
dark and this hinders our ability to provide adequate funding 
to carry out key missions. So Ms. Spaulding I am going to want 
you to explain the recent decision and lay out the path forward 
on personal surety.
    Deputy Under Secretary Spaulding, Assistant Director 
Caldwell, we look forward to your testimony. I think we would 
all agree that this nation needs a robust chemical security 
program and we are hopeful you can shed light on the challenges 
that currently face this effort.
    [The information follows:]


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


    
    Mr. Aderholt. Thank you. Thank you, Mr. Price. Let me 
begin, Mr. Caldwell, if you would give your opening statement 
we would appreciate it.

               Opening Statement: Director Steve Caldwell

    Mr. Caldwell. Thank you. I will be very brief. I know that 
we have votes coming up for the members here. So Chairman 
Aderholt, and Mr. Price. I thank you for holding this hearing. 
I would like to submit my document, my statement for the 
record. We have worked very closely with NPPD to try to better 
understand what the challenges are that it faces and what plans 
they have for resolving those, and we will continue to work 
with them and the committee on this issue. Thank you sir. I am 
ready for questions, if there is time later.
    [The information follows:]


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


    
          Opening Statement: Deputy Under Secretary Spaulding

    Mr. Aderholt. Secretary Spaulding.
    Ms. Spaulding. I very much appreciate the opportunity to 
appear here today to discuss the Department of Homeland 
Security's efforts to regulate the security of high risk 
chemical facilities under the Chemical Facility Anti-Terrorism 
Standards, or CFATS. I would also like to thank GAO for its 
efforts in reviewing the progress that we have made in 
implementing the action plan developed by our CFATS leadership 
to address the challenges that GAO identified last fall.
    The department concurs with the single recommendation made 
by GAO, that we develop performance measures where appropriate 
and practical and that can help us assess the impact of the 
action plan on the overall implementation of the CFATS program. 
We included the GAO's recommendation as the 95th item on our 
action plan. I understand that GAO is now beginning a broader 
audit of the CFATS program and we stand ready to support that 
effort.
    Let me state at the outset that CFATS has made America 
safer. Since the inception of CFATS more than 1,800 facilities 
completely removed their chemicals of interest, and more than 
900 other facilities have reduced their holdings of chemicals 
of interest below the high risk threshold. In addition, for the 
first time we now have information about chemical holdings of 
more than 41,000 facilities across the nation. Seven thousand 
eight hundred facilities determined to be potentially high risk 
have now assessed their vulnerabilities to terrorist attack and 
more than 3,500 have developed and submitted for DHS review 
detailed security plans based on performance-based standards 
that were developed under this program enacted by Congress. 
This amounts to real progress toward a safer America.
    My testimony today addresses the current status of the 
program, with a particular focus on the implementation of the 
action plan. Although the numbers alone do not tell the story 
of our progress, I am pleased to inform you that the department 
has completed 59 of the 95 action items included in the action 
plan. This is significantly higher than the number reported by 
the GAO in its testimony because, of course, the department has 
continued to work on completing the action items following the 
conclusion of the GAO audit last month.
    For accountability, planning, and tracking purposes the 
CFATS leadership team has established milestones for the 
completion of each action item and timelines for each task 
within that item. Some of the original completion dates for a 
few of the items have been modified as we have moved through 
implementation. I can say with confidence that substantial 
progress has been made on each and every action item.
    As of July 20, CFATS covers 4,425 high risk facilities, 
nearly 3,700 of which have received final high risk tier 
determinations. And I want to note here that, although we use 
the term final, it is important to remember that tiering is a 
dynamic process. DHS will continue to issue final tier 
notifications and where appropriate revise those tier 
determinations as facilities make changes to their operations 
that affect their risk levels and as DHS continues to refine 
and improve its risk assessment methodology.
    I would like to share with the subcommittee some of the 
highlights and successes that are a direct result of the 
implementation of the action plan and other recent initiatives 
by the division that manages CFATS, the Infrastructure Security 
Compliance Division or ISCD. We have improved the security plan 
review process, which has significantly increased the pace of 
those reviews. We have refined the inspector tools and training 
and last week we restarted authorization inspections. We also 
continue to work with industry on industry's development of 
alternative security programs and it is my understanding that 
the American Chemistry Association will soon be sharing its 
template with its members. In addition, ISCD has nearly 
completed its internal review of tiering methodology and we are 
about to kick off the external peer review.
    The CFATS leadership has made tremendous progress also in 
improving internal communications and organizational culture. 
We continue to work with industry and our federal, state, and 
local partners to meet our challenges, implement this program, 
and help prevent terrorists from exploiting our nation's 
chemical assets in order to harm our citizens and our country. 
We recognize and are grateful for the significant work of this 
subcommittee to reauthorize the CFATS program and we urge 
Congress to establish a permanent authority for the CFATS 
program in federal law.
    Mr. Chairman, as we have previously discussed, David Wulf, 
who has served as ISCD Deputy Director, permanently assumed the 
role of ISCD Director on July 23. Director Wulf has worked 
closely with our former Director Penny Anderson during her 
tenure and he will provide valuable continuity in leadership. 
His experience, expertise, and judgment have been instrumental 
in the program's progress to date, and Director Wulf has my 
full confidence in moving CFATS forward.
    Before I close I want to apologize to the committee for not 
getting the notification up to you before withdrawing our ICR 
on personnel surety. It was certainly our intention to notify 
you in a timely way. We wanted to move quickly in order to have 
this done before the hearing so that we could discuss it. We 
look forward to moving forward quickly on refiling our personal 
surety information collection request (ICR) after having the 
kind of candid and granular discussions with both the Hill and 
with our stakeholders across the board that the previous 
process did not really permit it to do. Withdrawal is, in our 
view, the most expeditious way to get to a personnel surety 
program, which we all can support.
    In closing, Mr. Chairman, I want to emphasize that ISCD, 
NPPD, and the department are moving forward quickly and 
strategically to address the challenges before us. We firmly 
believe that CFATS is making the nation safer and we are 
dedicated to its success. As we implement CFATS we will 
continue to work with stakeholders to get the job done, meet 
the challenges, and execute a program to help prevent 
terrorists from exploiting chemicals or chemical facilities.
    Thank you for holding this important hearing and I look 
forward to your questions.
    [The information follows:]


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


                    Opening Statement: Director Wulf

    Mr. Aderholt. Thank you, Secretary Spaulding. As you may 
know, as I mentioned, votes were we thought were going to be 
called. And since open testimony has began we have been called 
for about 20 votes on the floor. But before we adjourn here, 
what I would like to do is to recognize Mr. Dave Wulf. If you 
could just take maybe two minutes to briefly overview some of 
your comments so that we can do that before we adjourn for the 
time being?
    Mr. Wulf. Thank you, Mr. Chairman. I would also like to 
thank the members of the committee for the opportunity to be 
here today. As Deputy Under Secretary Spaulding noted, we have 
made significant progress in the months since the development 
of our action plan.
    You know, working closely with the Office of Infrastructure 
Protection and NPPD and through a great deal of hard work on 
the part of the talented men and women of ISCD, we have 
completed work on 59 of the 95 items outlined in our action 
plan. Among other things, we have developed improved policies, 
procedures and training to conduct inspections in a consistent 
and effective fashion, and last week we did recommence the 
conduct of authorization inspections. We have developed and 
have begun implementing a sustainable and efficient SSP [site 
security plan] review process that will streamline our ability 
to authorize and approve site security plans. We are moving to 
stabilize our leadership cadre by hiring permanent supervisors. 
And we continue to foster transparency and open communication 
throughout our organization.
    We really are at a critical juncture in the implementation 
of CFATS. With the development of our SSP review process, 
completion of the work of our inspector tools working group, 
the conduct of our ongoing inspector training, and the 
recommencement of authorization inspections, we are poised to 
make great progress in the coming months. Along with the rest 
of the team at ISCD, I am excited and very optimistic about the 
future of the CFATS program.
    We continue to engage our industry stakeholders in 
meaningful dialogue. And I very much appreciate industry's 
continued support for the CFATS program. We do look forward to 
a full and productive dialogue on the issue of personnel surety 
as we all strive to prevent terrorists from gaining access to 
our nation's highest risk chemical infrastructure while 
ensuring the chemical facilities are able to continue 
conducting business without the imposition of unnecessary 
burdens
    I am also grateful to the American Federation of Government 
Employees [AFGE], which represents the bargaining unit 
employees of our field force. In partnership with ISCD, AFGE 
has done much to help us expedite our adoption of improved 
procedures as we have moved aggressively to develop our 
inspection processes and to recommence inspections. As Deputy 
Under Secretary Spaulding noted, we also appreciate the work 
done by the Government Accountability Office and we will move 
forward to adopt the recommendation GAO has made for additional 
performance measures, tying our action plan to the progress we 
anticipate making across the CFATS program.
    I am honored to have been asked to serve as the Director of 
ISCD and I look forward to continuing to lead the talented men 
and women of the division. The level of experience and 
professionalism that is present across our division is truly 
humbling. Our team has brought to ISCD a wealth of experience 
from careers in industry, law enforcement, military service, 
and a host of other disciplines. And I believe we have made 
much progress in coming together as a regulatory compliance 
organization that is committed 100 percent to the critical 
mission of securing our nation's highest risk chemical 
infrastructure.
    Thank you again for the opportunity to be here today, and I 
welcome any questions you may have.
    Mr. Aderholt. Thank you, Mr. Wulf. And as I mentioned, the 
votes have been called, and from the looks of it, we are going 
to be on the floor for approximately two hours. We are going to 
suspend the hearing as a result of the votes. But I do thank 
the witnesses for their attendance and look forward as we 
continue to have this hearing at a later date. Thank you very 
much.
                                      Thursday, September 20, 2012.

               CHEMICAL FACILITY ANTI-TERRORISM STANDARDS

                               WITNESSES

STEVE CALDWELL, DIRECTOR, HOMELAND SECURITY & JUSTICE ISSUES, 
    GOVERNMENT ACCOUNTABILITY OFFICE
SUZANNE SPAULDING, DEPUTY UNDER SECRETARY, NATIONAL PROTECTION AND 
    PROGRAMS DIRECTORATE, DEPARTMENT OF HOMELAND SECURITY
DAVID WULF, DIRECTOR, OFFICE OF INFRASTRUCTURE PROTECTION, DHS

              Opening Statement: Chairman Robert Aderholt

    Mr. Aderholt. Good morning. The hearing is called to order. 
Today we reconvene from our hearing back in July that was 
interrupted shortly after we began the hearing.
    And of course, we will be discussing the Department of 
Homeland Security's Chemical Security Anti-Terrorism Standards 
program, which is known as CFATS. We welcome back NPPD Under 
Secretary Suzanne Spaulding; Director David Wulf; and Mr. 
Stephen Caldwell from the GAO.
    Your statements, of course, have been previously given, so 
we can proceed into the questioning portion of the hearing. So, 
before we begin, I would like to recognize the ranking member 
of the subcommittee, Mr. Price, for any comments that he would 
like to make.
    [The information follows:]


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


    
    Mr. Price. Thank you, Mr. Chairman.
    I do not have an opening statement and am very happy to 
proceed with the questions.
    Mr. Aderholt. Thank you, Mr. Price.
    Mr. Caldwell, you note in your remarks earlier in your 
written statement the fact that there is a need for performance 
measures. My question to you would be whether GAO has worked 
with NPPD on the issue? And has NPPD been receptive to the idea 
of performance metrics.
    [Opening statement of Stephen Caldwell follows:]


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


    Mr. Caldwell. Certainly when we did that earlier work, we 
started talking about performance measures. We did talk to the 
NPPD folks and they were receptive to that. I think we didn't 
want to be to prescriptive as to what those measures would be 
since it is their program and they know it better. So I think 
the phraseology we used for that recommendation was more 
practical. Some of the things in the action plan I don't think 
they needed, a performance metric for every single one of those 
things, some of them are just compliance issues, such as fleet 
management or overtime, things they need to manage better. But 
particularly were items related to the core mission of actually 
doing inspections in the plan and then when you start to 
develop a backlog, how you manage your backlog, those are the 
things they will want performance measures on.
    Mr. Aderholt. But I guess you would agree that it is 
difficult to measure, unless you do have some type of metrics, 
and of course, any action plan needs some type of metrics to 
make sure that progress is being made. I would assume you would 
agree with that.
    Mr. Caldwell. Yes. The simplest, obviously, some of the 
items are open and may be relatively easy to close, and then 
they are marked as closed. But again, the challenge for them in 
the longer term is going to be the performance measures related 
to, are they improving security? I mean, it is one thing to 
know how many plans do you have and how many inspections have 
you done and those kinds of things, and so sometimes in 
security programs like this, those have to serve as a bit of a 
proxy to, how is the program moving along and things like that, 
as opposed to actually measuring the risk at any individual 
facility or something like that. But I certainly agree with 
your basic point; they need to monitor this.

             SITE SECURITY PLANS: APPROVALS/AUTHORIZATIONS

    Mr. Aderholt. Secretary Spaulding, one of the issues raised 
in the report is the lack of approved site security plans. In 
January, not one plan has been approved. And only 49 of the 114 
tier 1 plans had been authorized. I understand that as of this 
week, NPPD has authorized 71 plans and only 23 more than in 
January, even though NPPD has stated in January that it would 
have all 114 plans authorized or denied by the spring of this 
year. Could you speak to a little bit about that?
    [Opening statement of Suzanne Spaulding follows:]


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


             SITE SECURITY PLANS: APPROVALS/AUTHORIZATIONS

    Ms. Spaulding. Yes, I can, Mr. Chairman. Thank you for the 
question. We actually have now authorized 84 of the site 
security plans, and that includes 12 tier 2s. We have completed 
our review of all the tier 1 plans. And those that we have not 
been able to authorize, we are going back to the facilities to 
work with them to get those plans into shape so that we can 
move forward with those authorizations and the authorization 
inspections. But in the meantime, we have gone on to tier 2s, 
and we have reviewed about 40 percent of the tier 2 site 
security plans. And as I say, we have authorized 12 of those.
    The next step, as you know, is authorization inspections, 
and we have conducted 22 authorization inspections. And two of 
those have been able to move all the way through to approval. 
So we have two site security plans that have gone through the 
entire process to be approved. And so that is an increase of 
about 21 authorizations just since our July hearing.
    Mr. Aderholt. When I was talking to Mr. Caldwell earlier, 
we talked about the use of performance metrics. Authorizing and 
approving a site security plan is a perfect example of a metric 
that shows you are moving forward. Why has there been a delay 
in the authorizing plans, and when will NPPD actually approve a 
site security plan?
    Ms. Spaulding. So we have approved two site security plans, 
and we are certainly hopeful that we have turned the corner on 
this. We now have trained our inspectors in our refined 
authorization inspection process. We have trained all of our 
inspectors this summer, and they are now going through all of 
those plans that we have authorized, 84 of them, to conduct the 
appropriate inspection to make sure that the plan that is on 
paper is really something that the facility is in a position to 
implement, get the ground truth there. And as I say, they have 
done 22 of those inspections so far, and we have got a number 
of them scheduled, and David can give us the details on what is 
in the near term. But we are moving through to get those 
inspections done, which have to happen before we can then 
approve the plan.
    Mr. Aderholt. When do you estimate that all 114 of the 
security plans will be not only authorized but approved and 
inspected?
    Ms. Spaulding. So approval of a plan or authorization of a 
plan, the timing of that it is not entirely within our control. 
As I say, we have reviewed all the tier 1 site security plans, 
but some of them need some work. And so it really is dependent 
on the company, the facility, to work with us to make sure that 
the information that is needed is there and that it is clearly 
presented. And so we are hopeful that we are--as I say, we are 
reaching out to those facilities now. We are hopeful that we 
will resolve those issues and be able to move them into the 
authorized column, and we are moving forward on inspections.
    David, I know we are really loathe to set any rigid 
timelines, again, given that much of this depends on 
interaction between us and the facilities, but if you would 
like to address it.
    Mr. Wulf. I could take a crack at it.
    We are working very closely with those facilities that 
remain to be authorized. And our goal, clearly, is to work to 
get those facilities to approval. So we are anticipating a 
significantly heightened pace of authorizations and facility 
inspections, and we hope approvals as well within the next 
year. We certainly anticipate, if everything falls into place 
with the facilities having been inspected and, if everything 
lines up, approving all of the tier 1 facilities and quite a 
number of tier 2s as well.
    Mr. Aderholt. Do you have a ball park guess as far as when 
all 114 will be authorized, approved and inspected?
    Mr. Wulf. Certainly our goal is to have that done before 
this time next year, but probably significantly before. We have 
a goal of doing just under 300 approvals in fiscal year 2013, 
so that would include, if everything lines up, all of the tier 
1s and a good chunk, close to half, of the tier 2 facilities.
    Mr. Aderholt. Mr. Caldwell, I know GAO says it may be 2020 
before all sites are authorized, approved and inspected. Do you 
stand by that?
    Mr. Caldwell. This is an estimate we came up talking with 
the staff at NPPD and the directors, Director Wulf, so this is 
something they are going to have a little more expertise on 
until we get a little more into it on our phase 2 of our review 
of this. I think the key thing will be getting some of these 
under your belt, finding out how long they take, perhaps 
finding ways to streamline those. And then there is just 
obviously going to be a backlog. And until they start to figure 
out how long it is going to take them to start clearing the 
backlog of other ones, it is going to be hard to come up with a 
hard estimate for that.
    Mr. Aderholt. Mr. Price.

         SITE SECURITY PLANS: APPROVAL PROCESS LESSONS LEARNED

    Mr. Price. Thank you, Mr. Chairman.
    We are, of course, pleased to get the update on your 
progress, the completion of the tier 1 approvals and now 
getting into the tier 2 category. I wonder if you could, in 
light of the chairman's line of questioning, just step back a 
minute and reflect on lessons learned. Obviously, we have had 
here a very complex and protracted rulemaking process. Then the 
inspections and the extra work in the field is also often 
complicated and time consuming. At the same time, your efforts 
have taken much longer to complete than some other agencies, 
like the Coast Guard, that have been mandated to complete 
equally complex rulemaking.
    So, Ms. Spaulding, I wonder if, in retrospect, there are 
specific things you think should have been done differently to 
make the process more streamlined and more efficient from the 
start? And of course, I am interested in any implications those 
reflections have for the process going forward. We, of course, 
don't have 7 to 10 years to complete these inspections. And so 
that is a question that isn't just retrospective but also has 
present day implications.
    And then, Mr. Caldwell, maybe you can chime in what, from 
your point of view, would be the key factors that have 
contributed to the difficulties here and implications for the 
program going forward?
    Ms. Spaulding. Thank you.
    Hindsight is a wonderful thing, and it is relatively easy 
at this stage to look back and to see where decision points 
were, where you wished that we had gone in a different 
direction or moved in a different way. I do think it is 
important to remember that it was, in many respects, an 
unprecedented regulatory regime that we were asked, the 
department was asked to undertake. It was, you know, in an 
industry where we did not have in the department established 
contacts the way the Coast Guard has many, many, many years of 
experience of interaction with the facilities at the ports. And 
so we had to start by developing a regulatory regime around 
performance-based standards, which is much more complicated 
than one where you tell everybody they have to have a 12-foot 
fence, for example, to come up with standards that are, and I 
think Congress imposed on us, the requirement to be 
performance-based, and I think that is the right decision, but 
it makes it more challenging for both the facilities and for 
the department.
    We then had to find the chemical facilities, the wide 
variety of facilities that are covered by CFATS that includes 
universities and hospital and warehouse distributors in 
addition to chemical manufacturing plants, so a significantly 
wider variety of facilities; identify those, get the word out 
about this requirement; build the tools, the IT tools to allow 
us to get the data, then to take in 41,000 top screens, 41,000 
facilities about whom we now have data with regard to their 
holdings of dangerous chemicals. And we had to develop that 
list. There was no set list out there of what were those 
chemicals. So we developed that list. We now have data that we 
did not have before on 41,000 facilities all across the 
country.
    We had to develop what a vulnerability assessment for a 
chemical facility would look like, again, in a wide variety of 
facilities and develop the tools to allow those facilities to 
provide that information to us and 8,000, nearly 8,000 
facilities went through that important process of analyzing 
their vulnerabilities.
    We then had to develop a template or guidance on the site 
security plan and the tools to get that in. And we have 
received more than 4,500--4,500--site security plans, where 
facilities went through the careful process of developing that 
detailed, performance-based security plan. So we really did 
accomplish a great deal, but it was very complex. And until we 
got into it, it was hard to know exactly what the role, for 
example, of chemical inspectors would be. And initially there 
was a thought that they might have a response role, a first 
responder kind of role. As we got into it and talked with 
industry, and were able to look at the compliance and talk to 
other compliance and regulatory agencies, the determination was 
made that that was actually not going to be part of their role, 
but all of these things have taken time.
    An important lesson I think that I certainly have taken 
away from looking back at what has happened is the need to 
continue frequent, constant interaction with the industry. I 
think in the early stages, there was good interaction. We went 
through a phase where I think we were kind of hunkered down 
trying to figure out our regulatory regime and maybe the 
contact wasn't quite as good it as should be. And I think 
Director Wulf and Director Anderson, when she was here, have 
done an outstanding job, and I have worked hard at trying to do 
better outreach with the industry. And that is vitally 
important. They have expertise that we cannot replicate in the 
government. And so hearing from them and understanding the 
challenges that they face is critically important.
    Mr. Price. Mr. Caldwell.
    Mr. Caldwell. As you said, there are some similarities 
between this and the Coast Guard regime, CBP, TSA and some of 
the other elements at DHS. I think those were put into place 
relatively quickly, but as you know, and I think, as we all 
know, the Coast Guard, and CBP, and to a lesser extent TSA, 
they had established authorities. They had established 
organizational structure. And then maybe one of the most 
important things here is they actually had a field structure, 
which included a cadre of inspectors that you actually had. So 
they had people called inspectors that did that; they were 
inspecting for safety. You could train them, and you had these 
people already to train them for security.
    Again, in some ways, at least the Coast Guard regime under 
MTSA is performance-based; it is not a specific standard 
generally. I think one of the approaches the Coast Guard took, 
and that is some of the work I am most familiar with, is kind 
of an implement and amend approach. It is like let's get this 
out there, and we are not going to make it perfect. And I think 
maybe because the newness of NPPD and the CFATS regime, there 
has been a little more deliberation. I think they got off to a 
fast start. I mean the rule was in place and the appendix by 
the end of 2007, and that is where I think they started to 
struggle with the other issues about how are we going to 
organize this, and what are these people going to look like, 
these inspectors and things like that.
    I think the biggest challenges moving forward is twofold: 
One, kind of they are making progress on this regulatory 
regime, but they are also having to deal with the memo and the 
management problems that go with that. I also think that this 
backlog will soon become another issue; once they get those 
things in place, the backlog will become a bigger issue. And 
the, of course, you are faced with the do you surge staff that 
you are not going to need for the long run in terms of 
inspectors or you just get a strategy to kind of work that 
down. In some ways, it is very similar to the C-TPAT program 
that CBP had when they first set up, because you had a large 
backlog that they eventually threw 150 people at and got 
through it that way.
    Mr. Price. Thank you.
    Mr. Aderholt. Mr. Carter.

                PERSONNEL SECURITY CREDENTIALING PROGRAM

    Mr. Carter. Thank you, Mr. Chairman.
    And welcome, thank you for being here. This is an important 
issue.
    Back in 1969, I was a young lawyer who chaired or actually 
staffed a Houston ship channel study committee on safety. I 
heard some testimony from the Coast Guard at that time that at 
least once a day and sometimes as many times as five times a 
day, two chemical-carrying ships passed each other within 8 
feet of each other; and should there be a collision of those 
ships, an explosion would result, and the prevailing winds and 
plume of poisonous gas that would come from that explosion 
would kill every man, woman and child on the Texas Gulf Coast 
from Houston to Corpus Christi. That was about as serious a 
thing as I had ever heard of in my life. And so I think you 
have one of the most serious duties that we have under this 
particular agency.
    And I want to ask you about something that has been brought 
to my attention. We are fighting a war against people who 
individually blow things up. So personnel safety is a key 
factor in any facility, big or small, wherever it is; are 
people entering this facility that are safe? This key component 
that these chemical companies have sophisticated background 
check programs. Verifications against the terrorist screening 
database is inherently a governmental function. We see that DHS 
has pulled back its proposal from the OMB. What has DHS learned 
from the companies, from comments from industries on your 
initial proposals? Will the DHS include better leveraging of 
TWIC and other existing vetting programs to ease the burden on 
the regulated community while ensuring that workers are 
properly vetted? What is the time timetable for the revisal of 
the proposal so that industry can begin to submit information 
on those not yet vetted? How will the proposed personnel safety 
program improve security since its focus is on reacting to an 
instant instead of preventing one? And finally, given the 
apparent push by DHS to create a whole new personnel security 
credentialing program as opposed to leveraging the existing 
credentialing program, would such a policy decision create an 
onerous and unnecessary financial burden on CFATS regulated 
community? Would such a duplicative effort run counter to the 
President's call for the reduction and elimination of 
duplicative and burdensome regulations for our Nation's 
business? In other words, I want to know how we are going to 
get serious about vetting these people, and those are questions 
that need to be answered.
    Ms. Spaulding. Thank you, Congressman. They are very 
important questions. This is an absolutely essential issue.
    We withdrew our information collection request from OMB 
because we had learned from industry, and we thought it was 
really the fastest way to move forward to get a program 
actually implemented, because, as you know, the process really 
limits our ability to have really granular conversations with 
industry and with Congress, and we wanted to have both.
    Some of the things that we have learned, we have already 
had a number of meetings. I have participated in one already 
since we pulled the information collection request and have 
another one scheduled for tomorrow, and the director has done a 
number of them, as have others. We have been really trying to 
work with industry to address some industry concerns. And some 
of those issues that I think we can address that go to the 
burden but that still meet our national security imperative are 
things like allowing companies to file the information about 
their employees on a companywide basis as opposed to facility 
by facility, so that if you have folks who are traveling from 
one facility to another, you don't have as high a burden there.
    The ability for contractors to file, I think, was in our 
original proposal but was not well understood, that facilities 
and companies could make it part of their contractual 
relationship with their contractors that the contracting 
company would file the information with regard to their 
employees, rather than having the chemical company have to do 
that for them. And then finally we have heard a lot about the 
need to find better ways to leverage TWIC, and we have worked 
hard to find a way to do that that again meets our national 
security imperative. And I think we actually can do that. I 
think we have had some very productive conversations with 
industry about ways in which we can, with electronically 
verified TWIC [Transportation Worker Identification Credential] 
cards, find a way to have that meet the criteria for personnel 
surety under CFATS.
    And we have been talking and are mindful about the 
different position that small facilities are in versus large 
companies that have multiple facilities. And we, again, have 
thought hard about ways and have some, I think, constructive 
suggestions for ways in which we can mitigate the burden even 
for small facilities. So I am very optimistic, and I think our 
hope and expectation is that certainly maybe by the end of 
fall, within the next couple of months, we will be ready to 
resubmit and move I hope quickly through that process to have a 
program in place.
    David.
    Mr. Wulf. I don't think I would add anything to that.
    Mr. Carter. I appreciate that answer. What would be the 
turn around time if this information is submitted, because the 
company, if I understand what you said, you are setting up a 
program where the companies can submit their personnel and then 
you will process them through to see whether or not they are a 
danger to our country and to that facility; is that what you 
are saying?
    Mr. Wulf. That is the essence of the program.
    Mr. Carter. Because I don't know how long you have been in 
existence in this project, but I assume about as long as DHS 
has been in existence, and we still have got a lot of 
questions. So my question on this particular one would be, what 
would be the turnaround time when they submit it to you? When 
will you be able to say, your people are okay? Will it be days, 
weeks, months, years?
    Mr. Wulf. And--yeah, we will not necessarily be in a 
position to tell a facility ``go'' or ``no go.'' The 
requirement would only be, as sort of conceived--and we are 
having, I think, productive discussions on this and will 
continue to have productive discussions because we do want to 
get this right--but as initially conceived the idea was that 
facilities or their contractors, third parties, would submit 
information either for direct vetting against the terrorist 
screening database or to leverage existing vetting about 48 
hours, up to 48 hours before the planned access to the high-
risk facility. So that is sort of about the turnaround time we 
would have.
    Mr. Carter. Okay, that answers my question.
    Mr. Aderholt. Mr. Latham.
    Mr. Latham. Thank you very much, Mr. Chairman.
    And welcome, everyone here.
    Mr. Caldwell, it has been said that part of the problem 
with the CFATS program is that it started too quickly without a 
lot of thought as to its direction and that many of those 
involved in the program do not have the expertise to carry out 
the mission of the program. Would you agree with that theory? 
And if so, why or why not?
    Mr. Caldwell. I think one of the things that NPPD's own 
memo or ISCD's own internal memo pointed out was that those 
people were brought on very quickly when it was a little 
unclear what skills they actual have. And some of them had 
skills that were more toward law enforcement than regulatory 
inspections. I think with the training they have had this 
summer of their folks, that a lot of that problem hopefully 
will go away.
    There are some areas that will probably still be 
problematic in terms of expertise. The cybersecurity area, for 
example, they have people who review the plans specialize in 
that area. And that is kind of a high demand area right now for 
I think reasons we all know because of that threat.
    Mr. Latham. Are there any internal department barriers to 
really prevent the hiring of properly qualified people to carry 
out the program, and what kind of barriers would they be?
    Mr. Caldwell. I think one of the larger barriers to that 
was resolved a few years ago when the authority to hire was 
delegated from the department down to NPPD, and we did find 
some--the memo talks about some disconnects between NPPD and 
ISCD, but in our recent work over the last several months, we 
found a relatively close working relationship, and we meet on a 
very regular basis to try to get through that. Now if they end 
up having some people that, you know, aren't qualified and 
can't be qualified for some reason, that is another issue that 
I am not sure quite how they will deal with.
    Mr. Latham. Are there issues as far as training capability 
to get people up to being qualified? What do you find in that 
regard as far as training capabilities?
    Mr. Caldwell. We are just starting our phase 2 looking more 
at kind of the mission and the actual inspections and things 
like that of the program. But obviously training is one thing; 
it is actually getting people out there and having them inspect 
facilities and get several facilities under their belt will 
make the biggest difference in the department. And NPPD will 
start dealing with getting a lot of these inspections done and 
getting the backlog taken care of.

                         HIRING QUALIFICATIONS

    Mr. Latham. Okay.
    Ms. Spaulding, kind of on the same line of questioning, I 
think you are aware that there have been problems getting 
qualified people on board to carry out the mission. To what do 
you attribute the difficulty in getting qualified people?
    Ms. Spaulding. I think a clarification--and I will let 
David, who was one of the co-authors of that memo, speak to 
it--but what they have done is to look at folks' qualifications 
and make sure that they are in the right job, a job that suits 
those qualifications. And so some of that has been an issue of 
realigning folks and making sure that they are in a position 
that, as I say, suits their skills and their training.
    There has been stepped up training and, particularly, I 
would emphasize, on leadership. We have stepped up NPPD-wide 
our focus on making sure that our supervisors have appropriate 
leadership training so that they are better suited to step into 
those leadership positions, and that has been very important.
    Mr. Latham. Mr. Wulf.
    Mr. Wulf. I would only add to that that the Deputy Under 
Secretary is absolutely right. We have done some good training 
on leadership that will provide people with--our folks with the 
tools to step into management roles. We this summer did some 
great training on inspections to ready ourselves to recommence 
authorization inspections, which we were able to do in July.
    With regard to the skills of the, the talent of the folks 
within our division, I don't think I can overstate the level of 
passion and talent that our people bring to the job. And they 
have certainly come in from a variety of backgrounds, law 
enforcement, military, industry backgrounds. And I think all 
have brought valuable skills to the table. In some cases, we 
have had to do some tweaking through realignment to get better 
person-position fits, but I think, through the training we have 
done, we have taken--through the policies we have put in place, 
we have made great strides in coming together as a cohesive 
regulatory compliance organization. So I am very pleased with 
the progress we have made and again can't say enough about the 
talent of the folks we have on the team.
    Mr. Latham. What you just said, does that go along with 
Rand Beers' report, that as far as capabilities and expertise, 
the internal----
    Mr. Wulf. If we are talking about the report, the 
challenges memo that Director Anderson and I sent up to Under 
Secretary Beers, yeah, it addresses what we discussed in the 
report. The context for those statements was that we needed to 
do a better job of ensuring a proper fit between the people 
with the skill sets that we brought on board and the actual 
alignment to the mission at hand. So I think we have made 
significant strides moving forward in that regard over the past 
year.
    Mr. Aderholt. Mr. Dent.

            SITE SECURITY PLANS: NUMBER OF COMPLETED REVIEWS

    Mr. Dent. Thank you, Mr. Chairman.
    Good morning. Just a few things I want to follow up on 
Judge Carter's question, but before I do, just with respect to 
the site security plans and that whole review process on page 5 
of the testimony, you said, I think, Ms. Spaulding, you said 
you completed all initial reviews of the tier 1 site security 
plans. How many is that, all of them?
    Ms. Spaulding. One hundred and fourteen.
    Mr. Dent. One hundred and fourteen. And 73 have been 
authorized or conditionally authorized.
    Ms. Spaulding. We are up to 84 total authorizations, but 
that includes 12 that are tier 2s.
    Mr. Dent. Okay. And then I guess two site security plans 
have been approved or completed then.
    Ms. Spaulding. Correct.

              SITE SECURITY PLANS: TIME FRAME FOR REVIEWS

    Mr. Dent. What is the timing of that? You may have already 
stated it, but what would be the timing then to get from those 
conditional authorizations or authorizations to an approval?
    Ms. Spaulding. So the next step after their conditional 
authorization is to schedule an authorization inspection and 
get the inspectors in there to inspect the facilities. The 
length of time that that inspection takes depends, of course, 
on the complexity and size of the facility. And then depending 
on what they find when they go in will dictate how quickly we 
can move to approval.
    The two that have been approved, do we have an estimate of 
how long or the 22 inspections that have been undertaken, 
David, maybe you can suggest an average time that that has 
taken?
    Mr. Wulf. I would anticipate a time frame of 2 to 3 months, 
not that there is a cookie cutter, but as the Deputy Under 
Secretary mentioned, there is a period of time for the drafting 
of the inspection report, for the review of the inspection 
report. Occasionally, there is a period during which the site 
security plan tool is reopened for the facility to make 
adjustments to the site security plan on the basis of the 
findings of the inspection.
    So all that would hopefully get us to a position where we 
are able to approve a plan within 2 to 3 months after the 
inspection.
    Mr. Dent. And you can do all these simultaneously? All 
the--2 minus 110 to go. In other words, you have to do--about 
108 sites have to get completed. Just curious, how long do you 
think you will be able to finish the whole queue?
    Mr. Wulf. Of tier 1s?
    Mr. Dent. Yes, tier 1s.
    Mr. Wulf. I am pretty confident we will be able to get 
through these in the next 6 to 8 months.

                        PERSONNEL SURETY PROGRAM

    Mr. Dent. Okay. On the issue of the Personnel Surety 
Program, which, Ms. Spaulding, you began, you started to 
address with Judge Carter's question, First, I think 
withdrawing that controversial information collection request, 
the ICR from OMB, is a good step forward for CFATS leadership 
in terms of recognizing the industry and stakeholder input into 
this whole process.
    I know the level of engagement with industry is still an 
issue of some concern. I am interested in how you plan to work 
with the interested parties to develop a rewrite of the ICR. 
How many meetings have you had thus far or are planning to have 
with industry since withdrawing the previous proposal?
    Maybe that should be a question of Mr. Wulf.
    Mr. Wulf. We have had two at this point. I think tomorrow 
will be a third. We were anticipating a fourth next week. That 
is being rescheduled, in view of a couple of conflicts, for the 
second week of October. So we are probably anticipating two to 
three additional meetings before we look to resubmit.
    Mr. Dent. And you think you will be able to take into 
account their concerns as you put together this new proposal?
    Mr. Wulf. That is absolutely the goal.
    Mr. Dent. Okay, good. When do you think we are going to see 
a new proposal? Do you have any idea on timing?
    Mr. Wulf. We are aiming for this fall, so the October, 
November, early December time frame. We would like to get it up 
there as soon as we possibly can.

  TRANSPORTATION WORKER IDENTIFICATION CREDENTIAL: INCORPORATION INTO 
                                PROCESS

    Mr. Dent. How are you going to plan to incorporate TWIC 
into the credentialing framework?
    Mr. Wulf. As the Deputy Under Secretary mentioned, that is 
one of the things, one the areas in which our thinking has 
evolved significantly as a result of the input we received from 
industry. So we believe that we will be able to leverage to the 
fullest extent possible vetting already done through TWICs to 
allow for the electronic verification of TWIC at a facility 
site or elsewhere, perhaps. So we are looking at how we can 
most fully take advantage.
    Mr. Dent. Are you looking at other credentials, FAST as 
well as TWIC, as part of that credentialing process.
    Mr. Wulf. We will be looking at everything down the road. 
And to the extent we can do that this time around, we will, but 
we are focusing on TWIC.
    Mr. Dent. Okay, good. What will the reporting requirement 
back at DHS for a facility for individuals using a TWIC?
    Mr. Wulf. You mean upon verification?
    Mr. Dent. Yes.
    Mr. Wulf. That is one of the things we need to work 
through. I don't know that there will be a requirement for 
facilities to report back, but we would like to explore ways 
that we can verify that electronic verification has occurred 
without imposing unnecessary burdens on industry.
    Mr. Dent. And what do you anticipate facilities' obligation 
for reporting would be for those without a TWIC?
    Mr. Wulf. Well, for those without a TWIC, for whom we are 
not leveraging other sorts of vetting, I think what we would be 
looking at is the reporting of the--or the submission of 
personal identifying information, you know, prior to 48 hours 
before the planned access, and that can happen on a companywide 
basis. It could happen directly, through third parties. So we 
would like to provide as many options as we possibly can to 
industry on this.
    Mr. Dent. Thank you.
    I yield back.

                          INTERNAL REVIEW MEMO

    Mr. Aderholt. Thank you, Mr. Dent.
    Let me just talk a little bit about the internal review 
memo. I know that, or I understand that, NPPD decided to limit 
the distribution of the memo to the extent that only senior 
leaders would receive the full version of that internal review 
memo. I would direct this to Mr. Caldwell. Do you believe the 
limited distribution of the memo hindered the execution of the 
action plan?
    Mr. Caldwell. Ultimately, I don't think it did. I think in 
some ways, that is a judgment call that management has to make. 
We are going to come clean; these are all the problems we have, 
but did you believe that some of the information in there was 
sensitive about the program, so the more that you distribute 
among your personnel, the more of chance that information could 
get out.
    We did find--initially we were concerned because people 
that were responsible for some of the actions in the action 
plan did not have access to the memo, but on further 
discussions with them, they had had detailed discussions with 
Ms. Anderson and I assume Mr. Wulf about what they saw as the 
nature of the problem and what needed to be fixed there.
    Mr. Aderholt. Thank you.
    Secretary Spaulding, why was the internal memo so closely 
guarded? What was the thinking there, especially when members 
and officials representing the industry hadn't seen this 
assessment?
    Ms. Spaulding. We had not provided it to folks in the 
industry, and we are frankly disappointed that the memo got as 
widely distributed as it did. I think this was clearly a very 
candid, internal memorandum that was written by our new 
leadership then at CFATS for the Under Secretary. And I think 
it is absolutely vital that that kind of confidential 
communication be allowed to take place, really no holds barred, 
warts and all, and frankly, not written as carefully or as 
thoughtfully as you would if you were writing it for a broader 
audience, written with the understanding that this was a 
prelude to a conversation to sit down and talk through the 
issues with the Under Secretary. And so I think to keep faith 
with the authors of the report and, frankly, with the 
workforce, I think it was the right decision to hold that close 
and try to avoid having that memo have broad distribution. It 
was not written with that in mind. It would have been written 
in a different way had that been the intended outcome.
    And frankly, I think it is not helpful for the workforce to 
be focused on the word choice within that kind of an internal 
memo rather than on moving forward with the mission. And the 
action plan was made widely available to the folks at ISCD and, 
again, the opportunity to talk through the challenges and 
problems that led to the creation of that action plan.

           PUBLIC-PRIVATE PARTNERSHIPS: OUTREACH TO INDUSTRY

    Mr. Aderholt. Thank you.
    We have heard from industry, and I know in your comments 
earlier, you mention about hearing from industry, but we have 
heard from industry that the Department of Homeland Security 
has not fully developed or utilized the public-private 
partnerships and in fact has stepped back from previous 
partnerships. These partnerships are crucial in the 
implementation of this program, particularly in the current 
fiscally constrained environment. Industry, like government, 
does not want harmful chemicals in the hands of terrorists, and 
that is clear. Has the Department of Homeland Security stopped 
promoting or building partnerships between DHS and facilities 
it regulates?
    Ms. Spaulding. Absolutely not. And I can speak personally, 
since I came on board last fall, I have participated in 
numerous meetings with industry. I have gone on a number of 
occasions to the Chemical Sector Coordinating Council meetings, 
the recent Chemical Security Summit, which is put on by 
industry. We had the Under Secretary. I spoke. Director Wulf 
spoke. We had a number of folks from ISCD who participated in 
numerous panels. I have sat down, I have also gone to the 
American Chemistry Council annual meeting, to the oil and 
natural gas gathering. We have sat down with industry on 
personnel surety and a number of other issues. I think, as I 
said, I think there was a period of time when there was a focus 
on doing the work, and the outreach to the industry was not 
what it might have been, but I think, within the last--over the 
last year with the new leadership at CFATS, I would be 
surprised if industry does not feel as though we have been 
reaching out to it.
    Mr. Aderholt. But in the past, you feel like there was some 
discouragement?
    Ms. Spaulding. I don't think there was any discouraging of 
outreach to industry; I am not aware of that. As I say, I think 
there was a period of time when there was a real focus on 
trying to get the program implemented properly, where they had 
done a good deal of outreach to industry and now they were 
trying to focus internally and get the program implemented. And 
the lesson learned, as I said earlier, is that that outreach 
has to continue on a very constant and regular basis.
    Mr. Aderholt. So building and forming those partnerships 
with the regulated CFATS community is vitally important?
    Ms. Spaulding. Absolutely essential.
    Mr. Aderholt. Thank you.
    Mr. Price.

                     FUNDING: PROPOSED CUTS' IMPACT

    Mr. Price. I think it might be useful at this point in the 
hearing to turn the tables a bit. We have been talking about 
your responsibility, your plans. Let's talk about our own and 
about the work of this subcommittee and the way it will most 
surely affect your ability to carry out the plans that you have 
projected. We, after all, have some responsibilities, too.
    The fiscal 2013 request for the Infrastructure Security 
Compliance Division was $74 million. The House-passed bill 
provides $45.4 million, nearly 40 percent less than the 
request. Yet this division has been tasked with the resolving 
94 action items identified in the internal management review of 
ISCD. And the subcommittee has asked you to do a lot of other 
things, to identify gaps, to streamline the inspection process, 
better train personnel and to conduct robust stakeholder 
outreach.
    Mr. Wulf, you, last week, during a hearing of the 
Environment and Economy Subcommittee of House Energy and 
Commerce, you said ``this funding level would hurt DHS's 
ability to make good on its promise to clean up the CFATS 
program.'' You further indicated that NPPD has turned an 
important corner and ``a cut could force--would force some 
very, very difficult choices; it would essentially cut the legs 
out from under us.''
    Perhaps I should first ask if you want to elaborate on 
those comments. I think they are pretty straightforward and 
pretty clear. And I do want to ask Ms. Spaulding to expand on 
the comments.
    Given the funding level in the House-passed bill for fiscal 
2013, it is $29.1 million below your requested level. How could 
you possibly complete all these tasks and continue other 
critical functions, such as the work on ammonium nitrate, in a 
timely manner? And if this cut were ultimately adopted, what 
difficult choices would you need to make? I am sure you have 
thought about that. Would you delay making all the necessary 
corrections identified in your action plan, for example, to 
fully address the management issues identified in the November 
2011 memo, or are there other items you are considering?
    Ms. Spaulding. Thank you, Congressman.
    I would echo what Director Wulf said; it would be 
absolutely devastating to the program. We would of course focus 
all of our energies on the absolutely essential and core 
activities, imperatives of the program, and that would be 
conducting those authorization inspections and trying to 
approve site security plans. But that process would be slowed, 
and our ability to do a variety of things that will make this 
program--able to implement this program and continue the 
progress that we have made so far, would be seriously hampered. 
For example, one of those things is our interaction with 
industry. We just were talking about how important that is and 
learning from industry in this iterative process, we have 
learned lessons about how to make our tools more effective and 
easier for the industry to use and providing both more useful 
information for us and for industry. That work would grind to a 
halt, any improvement--in fact, the ability to simply maintain 
our current IT systems would be threatened by such a 
devastating cut, and I could go on.
    Let me say that I understand that that mark was a 
reflection of the deep level of concern on the committee, on 
the subcommittee, with regard to the implementation of this 
program. And my hope is that, given the substantial progress we 
have made, is that you will understand that we have turned a 
corner. There is a lot more to be done. We have an incredibly 
dedicated and committed and capable workforce determined to 
continue that progress. And we certainly hope that we will 
justify a renewed sense of faith in our ability to get that 
done. But suffice it to say that if that mark remains where it 
is, it would have a devastating impact on our ability to 
implement these programs.

                FUNDING: CONTINUING RESOLUTION'S IMPACT

    Mr. Price. Where does the CR leave you for now for the next 
6 months?
    Ms. Spaulding. The continuing resolution puts us at the 
fiscal year 2012 spending level. And I should say, I want to 
thank this committee for its efforts to ensure that the CFATS 
extension was explicitly included in the continuing resolution. 
It is vitally important. And I will just take this moment to 
make a plug for a permanent authorization of CFATS. I think we 
have talked about--we talked in our July testimony about the 
ways in which CFATS has made America safer already and about 
the 2,700 facilities that have either eliminated or reduced 
their chemicals of interest or have made other modifications to 
bring them out of that high-risk category and made America 
safer. And I think more companies would move in that direction 
if they saw that CFATS was permanent, was going to be 
permanently in place, and I think that is vitally important.
    But I am very grateful for the work that was done to extend 
the authorization. And one of the challenges we will have with 
the CR, of course, is determining the spend rate during that 
period of time, not knowing what the 2013 number will be.
    Mr. Price. Thank you.
    Mr. Aderholt. Well, let me just mention and point out that 
when the budget was fully developed last fall, the internal 
memo had not been leaked. The action plan was not completed and 
GAO had not commenced its review. As we sit here this morning 
in the hearing, the action plan is still being worked on. There 
are many items that are not close to answered, including 
reviewing staffing requirements, and so it would be premature 
to dedicate scarce resources today when there are still so many 
actions, so many questions that are unanswered. I understand, 
of course, there will be a carryover of $20 million from this 
year that cannot spend. So I just wanted to add that.
    Mr. Carter.

                         FUNDING: JUSTIFICATION

    Mr. Carter. I thank you, Mr. Chairman.
    So your responsibility as an agency is about 5 years old, 
right?
    Ms. Spaulding. Our responsibility, CFATS was enacted, I 
believe, in 2006, and we got the regulation in place in 2007.
    Mr. Carter. So it is 5 years. Okay. Well, first off, how 
does the threat of a terrorist attack on one of these 
facilities rank as a security risk as we look at the overall 
program of security risks in America?
    Ms. Spaulding. Congressman, I am not sure I can place it in 
the pantheon of risks that we face, but it is certainly a risk 
that we take very seriously.
    Mr. Carter. Well, I guess I am wondering, has it increased 
or decreased as a result of the work that you have done?
    Ms. Spaulding. Well, I think the threat has probably not 
significantly changed as a result of the work that we have 
done. I think the risk has been reduced as a result of the work 
that the men and women in ISCD have undertaken. As I said, I 
think America is safer today. They are at a lower risk from 
harm from one of these chemical facilities than they were 
before Congress enacted this important legislation.
    Mr. Carter. Well, you are complaining about the reduction 
in the proposed funds that have come into this agency. If I 
understand the chairman correctly, it will be $20 million from 
last cycle that you are not going to be utilizing. I don't 
claim to be an expert in this field. I am learning and 
listening as we sit here, but 2 out of 120 is not a real great 
track record of what we have been discussing on these plans. 
And, you know, we should spend our money on things that 
actually accomplish their mission, and quite honestly, I think 
that--and this is my personal opinion, and that is why I asked 
the ranking member--I don't know, there may be other things 
more important. But to me, they are not more important, because 
I heard back when I was a brand new lawyer, that we could kill 
most of the population of Texas with one bump between two 
ships. And with that kind of testimony, two or three chemical 
plants on the Houston ship channel, and there are plenty of 
them down there, could wipe out the whole State, and maybe the 
Western part of the United States. I don't know. That seems 
pretty damn serious to me. And I would say your track record is 
relatively poor.
    Now, do you want to tell me how you can defend the track 
record and increase this amount of money? I would like to hear 
it.
    Ms. Spaulding. Okay, thank you. I appreciate the 
opportunity. Let me state first, on the basis of discussions 
with our budget staff in the last few days, it appears at this 
point as though our carryover will be around $4 million; that 
in fact we will have over a 99.5-percent obligation of our 1-
year funds and that our carryover will be an historical low of 
about $4 million.
    In terms of, you know, how do we justify spending this 
money, again, I believe that we have turned the corner on this 
program, and that it is absolutely vital. And to suggest that 
we should perhaps pull the plug on a program that has already 
made America safer and that is making substantial progress 
toward an absolutely vital objective that I know you share with 
us of making chemical facilities pose less of a risk of 
terrorist sabotage, theft or release--it is--you know, we have 
learned a lot, as we have discussed in the last 5 years. We 
have made substantial progress. Our progress, again, just since 
July I hope demonstrates the degree to which we are now on a 
positive track.
    With regard to the action plan, we have completed now 70 of 
95 items, and there are 95 items because we have been adding 
items. This is a living dynamic document. And when GAO made its 
recommendation, we embraced that recommendation and added it as 
the 95th action plan item. But we have been moving forward on 
those. That is 17 more items since the July hearing.
    So I do think that your concern is justified with respect 
to how long it has taken us to get here, but I do believe this 
program has turned a corner, and it is absolutely vital to the 
safety and security of Americans, and to pull the plug now 
would be a huge mistake.

         PUBLIC-PRIVATE PARTNERSHIPS: INTERACTION WITH INDUSTRY

    Mr. Carter. I believe you testified--and if I misunderstood 
you, you can correct it now--that during the regulatory process 
where you were writing regulations, there wasn't a lot of 
interaction with industry, but now you are much more involved 
in interacting with industry. Is that what your testimony was?
    Ms. Spaulding. I am not sure during the writing of the 
regulation. I think that was the early stages and my 
understanding--I wasn't on board then--is that there was good--
what industry tells me is its sense is there was good 
interaction early on. Then there was a period of time when it 
was much more spotty. But I think there is a consensus that 
over the last year, certainly there has been a great deal more.
    Mr. Carter. As you re-analyze your duties and your agencies 
and your 95 items that you have got to deal with and you have, 
at least within this last year, started to include industry, 
could you tell us what the mindset of the people who work in 
this industry, in your department, was that they didn't talk to 
industry? Because one of the concerns that we have in this 
country today is regulations are being passed without really 
paying any attention to what those regulations do to people, 
and I would like to know what that gap, what caused that gap.
    Ms. Spaulding. All right. And it is hard for me to say. I 
do think--I am not suggesting there was no interaction with 
industry. I think there has been ongoing, and there has always 
been that interaction through the Chem Security Coordinating 
Council, for example.
    But I suspect part of it was the process--I think some of 
the--a lot of the concern arose in the personnel surety 
context, where, frankly, the process simply hamstrings our 
ability to continue to have conversations. We had--I think we 
certainly received a lot of comments from industry, but our 
ability to sit down across the table and kind of work through 
issues, once you have initiated that process at OMB, is 
extremely limited. And so my suspicion is that that was a 
period of time in which there was some frustration on both 
sides.

  TRANSPORTATION WORKER IDENTIFICATION CREDENTIAL: CLARIFYING PROGRAM 
                                MISSION

    Mr. Carter. Well, a 5-year period of time is a long time.
    And I realize I may be running over time, Mr. Chairman. One 
more question.
    You were discussing earlier about the TWIC program. I 
understand that that exists on several facilities, especially 
in port areas, and that now you are analyzing that to see if 
that--you were proposing a duplicative process originally. If I 
understand your testimony, you are now saying you are taking a 
look at being able to utilize the information that you gained 
from TWIC to possibly make these CFATS sites more secure.
    One of the things that at least I have been told by some is 
that you are insisting on setting up a new program so that you 
are able to track people. And I guess my question is, isn't 
that a law enforcement, or do you have a law enforcement 
portion of your duties, or isn't that a law enforcement duty, 
to track people? Because there are those who think that is the 
reason TWIC has not been utilized.
    Ms. Spaulding. Right. And there have been a number of 
misunderstandings about this program, and that is one of them. 
I very much appreciate the opportunity to correct the record on 
that.
    This is absolutely not--there is not an objective, a goal 
to track people, but the way that we are now looking at 
implementing this really would not allow us to track people. So 
it really has nothing to do with the location of individuals.
    Again, for example, the ability for a company to file 
company-wide rather than facility by facility, there is no way 
for us to know what facility an employee is at on any given 
day. Even as we look at electronic verification of the TWIC 
cards, one of the things we are trying to explore is could it 
be, particularly for smaller facilities, at a central location, 
and a number of them could use the same reader, for example? 
That would not allow us to know who is going into which 
facility.
    All of these things present, you know, a trade-off, 
frankly, from a security perspective, and one of the things we 
have had to think very carefully about is, we have to be true 
to our national security imperative. So it has required us to 
talk with other regulatory agencies and other elements of 
government, frankly, to see ways in which we can mitigate the 
national security risk that comes from trying to ease the 
burden on industry, and that is the balance we are trying to 
find and I think we going to be able to do that.
    Mr. Carter. Thank you.
    Thank you, Mr. Chairman.
    Mr. Aderholt. Mr. Price, do you have anything else?
    Mr. Price. No, thank you, Mr. Chairman. No further 
questions.

                          DELISTING FACILITIES

    Mr. Aderholt. Let me just close with one question I wanted 
to ask about the delisting of facilities. In your opinion, how 
many companies have been removed from the chemical of interest 
listing from their sites? I think the concern here is the 
validation with removal. I just was wondering how many 
companies that you would estimate have been removed as 
chemicals of interest?
    Ms. Spaulding. Sir, I would start with around 2,700 
facilities that were preliminarily tiered as potentially high 
risk, that, as I said, eliminated, reduced--or reduced their 
chemicals of interest or otherwise made modifications to bring 
them below the threshold for regulation.
    David, are there additional numbers there?
    Mr. Wulf. That is it right now, 2,700.
    Mr. Aderholt. What is the policy for redetermination that 
you go through?
    Ms. Spaulding. So companies can, under the regulation, 
request a redetermination. They are required to notify us if 
they make a material modification to their holdings, and they 
can request that we review their tier level and make changes.
    And I would point out that that is one of the ways in which 
tiering can change. So we have a process where we assign 
preliminary tiers and then what we call final tiering. But one 
of the things that we have learned--we need to emphasize when 
we talk with industry is that tiering is a dynamic process, and 
there are a number of reasons in which people's tiers can 
change, things that the industry does, but also things that we 
learn about how to do our tiering methodology better.
    Mr. Aderholt. How do you verify that these chemicals have 
been removed?
    Ms. Spaulding. Do you want to talk to that?
    Mr. Wulf. In some cases, we will verify through phone calls 
or visits to a facility by the chemical security inspectors, 
but it will vary on a case-to-case basis.
    Mr. Aderholt. We understand from the GAO, we have heard 
some companies have been moving the chemicals of interest to 
other sites or just placing them on rail cars or in containers 
offsite to avoid regulation. Has this occurred, and what 
assurances could you give us here at the subcommittee that it 
has not occurred?
    Mr. Wulf. I think on a case-to-case basis, it is probably 
difficult for us to say or to assure you that it hasn't 
occurred in any case, but we strongly, strongly believe, and 
are talking extensively with our industry stakeholders and 
regulated and unregulated facilities, that these 2,700 
facilities have in the aggregate reduced their risk by lowering 
or eliminating chemicals of interest at their facilities. So 
that is our overall sense of it.
    Mr. Aderholt. But there could be the possibility they just 
move it offsite, is that correct?
    Mr. Wulf. They could go to different processes that may 
result in chemicals being off site or in transit, in the 
transportation process, and perhaps being delivered to the 
facility just in time for use and not stored there for a long 
period of time. And that sort of scenario, I don't know that 
that increases the amount of time that the chemicals are on the 
roads or on the rails, but it is a process that does reduce the 
risk at that facility.
    Mr. Aderholt. But that would certainly be something you 
would be concerned about, if they just put it on a rail car 
just for the purpose of it being offsite.
    Mr. Wulf. The notion of just transferring the risk, moving 
the risk around, is something that would concern us, 
absolutely.
    Mr. Aderholt. What would you do if you found out that this 
was occurring?
    Mr. Wulf. I think that is something we would have to 
address with our interagency partners, because our jurisdiction 
is to regulate security at high-risk chemical facilities. There 
are many other agencies that come into the mix on the rails, on 
the roads, et cetera.
    Mr. Aderholt. But certainly if you found the company was 
doing this, trying to hide the fact that they had these 
chemicals, you certainly would take quick and swift actions on 
that?
    Mr. Wulf. We would absolutely have discussions with our 
partners.

                           FUNDING: CARRYOVER

    Mr. Aderholt. Okay. Well, I just want to touch base on a 
couple of things I think we want to clarify. I mentioned 
earlier the $20 million from this year that could be spent. I 
think we need to clarify some terms. You said there is around 
$4 million. But let me clarify this to make sure I understand 
that there is about $20 million of funds that have been 
classified as 2-year funds that could be used in fiscal year 
2013, is that correct?
    Ms. Spaulding. Mr. Chairman, I am going to have to get back 
to you with the exact numbers. They have been changing on an 
almost daily basis, as you might expect, as we approach the end 
of the fiscal year and are closing contracts, et cetera. My 
understanding is that we had anticipated a significantly 
greater carryover than we have wound up with at the end of the 
year, that we have in fact been successful in obligating those 
funds and moving, and I think, again, it is a reflection of the 
substantial progress that we have made in implementing this 
program and moving things forward.
    Mr. Aderholt. But there possibly could be--I understand 
there is $20 million that is in that, so you can----
    Ms. Spaulding. Sir, my staff tells me that there is $20 
million of 2-year money, but that $16 million of that is on 
contract for fiscal year 2012, leaving $4 million.
    Mr. Aderholt. Okay. All right, well thank you for your 
testimony here, and all of you being here today.
    Let's remember that it has been 5 years and hundreds of 
millions of dollars since the program was created. Today there 
has been a lot of statements about what you plan to accomplish 
this year. Certainly, I think this subcommittee will hold you 
to that and monitor this closely as we move forward in your 
progress.
    So, again, we appreciate your being here, and especially 
after our last hearing, when you were only here for a few 
minutes. We got through the entire hearing today without a 
series of votes, so that is good news for the hearing. So, 
again, we thank you for being here, and the hearing is 
adjourned.


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]



                               I N D E X

                              ----------                              
                                                                   Page

Chemical Facility Anti-Terrorism Standards (CFATS) Program.......     1
    Opening Statements:
        Chairman Robert Aderholt.................................     1
        Ranking Member David Price...............................     4
        Caldwell, Stephen (Director, Homeland Security and 
          Justice, GAO)..........................................     9
        Spaulding, Suzanne (Deputy Under Secretary, NPPD)........    46
        Wulf, David (Director, IP)...............................    56

Chemical Facility Anti-Terrorism Standards (CFATS) Program.......    59
    Opening Statements:
        Chairman Robert Aderholt.................................    59
        Caldwell, Stephen (Director, Homeland Security and 
          Justice, GAO)..........................................    62
    Delisting Facilities.........................................   103
    Funding:
        Carryover................................................   104
        Continuing Resoloution's Impact..........................    99
        Justification............................................   100
        Proposed Cuts' Impact....................................    98
    Hiring Qualifications........................................    93
    Internal Review Memo.........................................    96
    Opening Statements:
        Spaulding, Suzanne (Deputy Under Secretary, NPPD)........    77
        Wulf, David (Director, IP)...............................    77
    Personnel Security Credentialing Program.....................    90
    Personnel Surety Program.....................................    95
    Public-Private Partnerships:
        Interaction with Industry................................   101
        Outreach to Industry.....................................    97
    Site Security Plans:
        Approvals/Authorizations.................................    77
        Approval Process Lessons Learned.........................    88
        Number of Completed Reviews..............................    94
        Time Frame for Reviews...................................    94
    Transportation Worker Identification Credential:
        Clarifying Program Mission...............................   102
        Incorporation into Process...............................    96

                                  
