[House Hearing, 113 Congress]
[From the U.S. Government Publishing Office]






H.R. 4007, THE CHEMICAL FACILITY ANTI-TERRORISM STANDARDS AUTHORIZATION 
                     AND ACCOUNTABILITY ACT OF 2014

=======================================================================

                                HEARING

                               before the

                     SUBCOMMITTEE ON CYBERSECURITY,
                       INFRASTRUCTURE PROTECTION,
                       AND SECURITY TECHNOLOGIES

                                 of the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED THIRTEENTH CONGRESS

                             SECOND SESSION

                               __________

                           FEBRUARY 27, 2014

                               __________

                           Serial No. 113-54

                               __________

       Printed for the use of the Committee on Homeland Security
                                     




[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]



      Available via the World Wide Web: http://www.gpo.gov/fdsys/

                               __________

                         U.S. GOVERNMENT PRINTING OFFICE 

88-171 PDF                     WASHINGTON : 2014 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Printing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800 
         DC area (202) 512-1800 Fax: (202) 512-2250 Mail: Stop SSOP, 
                          Washington, DC 20402-0001













                     COMMITTEE ON HOMELAND SECURITY

                   Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas                   Bennie G. Thompson, Mississippi
Peter T. King, New York              Loretta Sanchez, California
Mike Rogers, Alabama                 Sheila Jackson Lee, Texas
Paul C. Broun, Georgia               Yvette D. Clarke, New York
Candice S. Miller, Michigan, Vice    Brian Higgins, New York
    Chair                            Cedric L. Richmond, Louisiana
Patrick Meehan, Pennsylvania         William R. Keating, Massachusetts
Jeff Duncan, South Carolina          Ron Barber, Arizona
Tom Marino, Pennsylvania             Dondald M. Payne, Jr., New Jersey
Jason Chaffetz, Utah                 Beto O'Rourke, Texas
Steven M. Palazzo, Mississippi       Tulsi Gabbard, Hawaii
Lou Barletta, Pennsylvania           Filemon Vela, Texas
Richard Hudson, North Carolina       Steven A. Horsford, Nevada
Steve Daines, Montana                Eric Swalwell, California
Susan W. Brooks, Indiana
Scott Perry, Pennsylvania
Mark Sanford, South Carolina
Vacancy
                        Vacancy, Staff Director
          Michael Geffroy, Deputy Staff Director/Chief Counsel
                    Michael S. Twinchek, Chief Clerk
                I. Lanier Avant, Minority Staff Director
                                 ------                                

SUBCOMMITTEE ON CYBERSECURITY, INFRASTRUCTURE PROTECTION, AND SECURITY 
                              TECHNOLOGIES

                 Patrick Meehan, Pennsylvania, Chairman
Mike Rogers, Alabama                 Yvette D. Clarke, New York
Tom Marino, Pennsylvania             William R. Keating, Massachusetts
Jason Chaffetz, Utah                 Filemon Vela, Texas
Steve Daines, Montana                Steven A. Horsford, Nevada
Scott Perry, Pennsylvania, Vice      Bennie G. Thompson, Mississippi 
    Chair                                (ex officio)
Michael T. McCaul, Texas (ex 
    officio)
               Alex Manning, Subcommittee Staff Director
                    Dennis Terry, Subcommittee Clerk

















                            C O N T E N T S

                              ----------                              
                                                                   Page

                               STATEMENTS

The Honorable Patrick Meehan, a Representative in Congress From 
  the State of Pennsylvania, and Chairman, Subcommittee on 
  Cybersecurity, Infrastructure Protection, and Security 
  Technologies...................................................     1
The Honorable Yvette D. Clarke, a Representative in Congress From 
  the State of New York, and Ranking Member, Subcommittee on 
  Cybersecurity, Infrastructure Protection, and Security 
  Technologies:
  Oral Statement.................................................     4
  Prepared Statement.............................................     6
The Honorable Michael T. McCaul, a Representative in Congress 
  From the State of Texas, and Chairman, Committee on Homeland 
  Security.......................................................     7
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Ranking Member, Committee on 
  Homeland Security:
  Oral Statement.................................................     8
  Prepared Statement.............................................     9
The Honorable Gene Green, a Representative in Congress From the 
  State of Texas:
  Oral Statement.................................................    10
  Prepared Statement.............................................    12

                               WITNESSES
                                Panel I

Ms. Caitlin Durkovich, Assistant Secretary, Infrastructure 
  Protection, U.S. Department of Homeland Security, Accompanied 
  by David Wulf, Deputy Director, Infrastructure Security 
  Compliance Division:
  Oral Statement.................................................    14
  Joint Prepared Statement.......................................    16
Mr. Stephen L. Caldwell, Director, Homeland Security and Justice, 
  U.S. Government Accountability Office:
  Oral Statement.................................................    21
  Prepared Statement.............................................    22
Ms. Marcia Moxey Hodges, Chief Inspector, Office of Inspector 
  General, U.S. Department of Homeland Security:
  Oral Statement.................................................    29
  Prepared Statement.............................................    31

                                Panel II

Mr. Clyde D. Miller, Director for Corporate Security, BASF North 
  America, Incoming Vice Chair, American Chemistry Council 
  Security Committee:
  Oral Statement.................................................    52
  Prepared Statement.............................................    54
Ms. Kate Hampford Donahue, President, Hampford Research, Inc., 
  and Member, Board of Governors, Society of Chemical 
  Manufacturers and Affiliates (SOCMA):
  Oral Statement.................................................    57
  Prepared Statement.............................................    58
Ms. Anna Fendley, Legislative Representative, United 
  Steelworkers:
  Oral Statement.................................................    60
  Prepared Statement.............................................    62

                             For the Record

The Honorable Patrick Meehan, a Representative in Congress From 
  the State of Pennsylvania, and Chairman, Subcommittee on 
  Cybersecurity, Infrastructure Protection, and Security 
  Technologies:
  Letter.........................................................    51
  Memorandum From the Office of Enforcement and Compliance 
    Assurance, United States Environmental Protection Agency, 
    Washington, DC...............................................    47

 
H.R. 4007, THE CHEMICAL FACILITY ANTI-TERRORISM STANDARDS AUTHORIZATION 
                     AND ACCOUNTABILITY ACT OF 2014

                              ----------                              


                      Thursday, February 27, 2014

             U.S. House of Representatives,
                    Committee on Homeland Security,
 Subcommittee on Cybersecurity, Infrastructure Protection, 
                                 and Security Technologies,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 10:09 a.m., in 
Room 311, Cannon House Office Building, Hon. Patrick Meehan 
[Chairman of the subcommittee] presiding.
    Present: Representatives Meehan, McCaul, Perry, Clarke, 
Thompson, Vela, and Horsford.
    Also present: Representative Green.
    Mr. Meehan. The Committee on Homeland Security, 
Subcommittee on Cybersecurity, Infrastructure Protection, and 
Security Technologies will come to order. The subcommittee is 
meeting today to examine H.R. 4007, which is the Chemical 
Facility Anti-Terrorism Standards Authorization and 
Accountability Act of 2014.
    I now recognize myself for an opening statement.
    Chemical facilities continually rank among the most 
attractive targets for terrorists because an attack on a 
chemical plant would likely result in large-scale damage and 
potentially terrible loss of life. What happened at West, 
Texas, last spring gave us a chilling look at the devastation 
that occurs when a chemical facility detonates.
    To protect against potential catastrophe, Congress in 2007 
authorized the Department of Homeland Security to develop a set 
of vulnerability assessment standards for chemical plants and 
to implement a corresponding set of regulations to ensure that 
physical security of those at the highest risk. That 
authorization was in effect for 3 years.
    Seven years later, the resulting program, which we call 
CFATS, has yet to be reauthorized. Instead, the program simply 
receives appropriations year after year without any hard 
guidance from this authorizing committee. While we have held 
many hearings to assess the CFATS program's effectiveness and 
progress, the Department is still behind in establishing 
several of the program's most basic operational elements, and 
we all appreciate that this is simply not acceptable.
    It is the responsibility of this committee to set official 
guidelines and standards of this very important program. 
Oversight alone is simply not sufficient. We must give CFATS 
the formal and proper direction it needs. Therefore, we must 
resume our jurisdiction of the program.
    H.R. 4007, the Chemical Facility Anti-Terrorism Standards 
Authorization and Accountability Act of 2014, is the product of 
the Homeland Security Committee's consultation with dozens of 
stakeholders, including the facilities regulated under this 
act, community representatives, the Energy and Commerce 
Committee, the Senate Homeland Committee, and the Government 
Affairs Committee in the Senate, as well as the Government 
Accountability Office, the Department of Homeland Security 
itself. In fact, just yesterday, the Secretary of the 
Department of Homeland Security, Jeh Johnson, said about this 
bill that, ``I have looked at it, I have read it, I support it, 
and our critical infrastructure folks support it.''
    Therefore, we have reached the rare occurrence in Congress, 
constructive legislation supported by the White House, multiple 
House committees, the Senate, industry, and both Republicans 
and Democrats. As author of this bill, I take very seriously 
the problems that have plagued this program in the past; the 
now-infamous 2011 leaked memo written by the former ISCD 
Director Penny Anderson and then ISCD Deputy Director David 
Wulf was highly critical of the division and brought to light a 
disturbing litany of management flaws and achievement gaps 
within the ISCD.
    In response, this committee asked both the GAO and the 
inspector general to conduct a thorough review of the ISCD 
operations. The findings weren't surprising. Both auditors 
essentially said that the program's success had been slowed by 
inadequate tools, poorly-executed processes, and harmful 
mismanagement.
    In the 3 years since the Anderson-Wulf memo was leaked, 
ISCD has made substantial progress. The division has further 
accelerated the review process for security plans at facilities 
assigned a final tier under CFATS. It has significantly reduced 
the overall backlog of facilities. It has made notable progress 
in addressing the recommendations made by GAO in its 2013 
report. It has implemented the Infrastructure Security 
Compliance Division Action Plan.
    In addition, ISCD has put in place a new management team, 
headed by Suzanne Spaulding, the acting under secretary for 
NPPD, and David Wulf, who is here with us today, now the ISCD 
director. With a new management team at the helm, and tangible 
progress continuing to be demonstrated, now is the time to help 
CFATS begin its new chapter and take these next critically 
important steps.
    While progress has been made, it is now time for Congress 
to step in to mandate accountability for the Department and 
provide certainty to the regulated community. H.R. 4007 
authorizes CFATS for the short term in order to provide the 
stability and certainty both the Department and industry have 
been calling for, while at the same time using the 
authorization as a vehicle to mandate certain fundamental 
program improvements.
    Specifically, the bill improves the efficiency of a site 
security plan approval process. It amends certain parts of the 
original CFATS regulations to facilitate DHS industry 
coordination and simplify the compliance process. It ensures 
that DHS is communicating with State and local officials, as 
well as other Federal agencies and industry associations, to 
identify facilities of interest and implementing a sensible and 
effective methodology in assessing risk and ensures DHS 
accountability by requiring the Secretary to certify the 
Department's progress and by authorizing GAO to conduct an on-
going assessment and report to Congress with its findings every 
6 months.
    Last summer, the President issued Executive Order 13650, 
which improving Chemical Facility Safety and Security was the 
title of that Executive Order. While I applaud the President 
for his efforts, the security of our chemical facilities is too 
important to be guided by studies and directives alone. It is 
the duty of Congress and this committee to act.
    This bill works as a complementary piece of legislation to 
the President's Chemical Facility Safety and Security Working 
Group. The bill mirrors and reinforces many of the EO's 
initiatives. To suggest that this panel must choose between the 
Executive Order and authorizing CFATS in the short term is to 
create a false choice.
    Secretary Johnson confirmed this sentiment yesterday, 
saying, ``If we have got a good bill and there is an 
opportunity to pass it in this Congress, it supports my goals 
and objectives, and it enhances homeland security, I am going 
to support the measure. I think we in the Congressional, 
Executive branches owe it to the American people to get 
something done.'' Those were his words.
    Before I conclude, there is one final factor that must be 
considered today. The Government shutdown in late 2013 led to 
the first-ever expiration of the CFATS program. While this 
expiration thankfully turned out to be only temporary, the 
event nonetheless served as a wake-up call to the fragility of 
our Nation's chemical security and safety.
    With every appropriations cycle comes renewed anxiety that 
CFATS will cease to exist. Year after year, the authorizing 
committees have the opportunity to provide stability and 
certainty with regard to chemical security. Year after year, 
they have failed to take legislative action.
    As Henry Waxman, who was the Energy and Commerce Ranking 
Member, said, ``Whatever the flaws in the CFATS program, the 
answer is not to let the program sunset. This state of affairs 
leave dangerous chemical facilities unregulated and vulnerable 
to attack.'' I agree with that statement.
    The purpose of today's legislative hearing is to allow the 
subcommittee to hear from industry stakeholders, Government 
auditors, and those DHS officials directly responsible for 
implementing CFATS as to the value of H.R. 4007.
    I firmly believe this bill is a much-needed step in the 
right direction. If this bill takes--it takes a fresh approach 
to addressing some of the CFATS program's most basic issues. 
The bill represents a new partnership among industry, the 
Department, and Congress for the advancement of America's 
chemical security.
    The Chairman now recognizes the Ranking Member of the 
subcommittee, the gentlelady from New York, Ms. Clarke, for any 
statements she may have.
    Ms. Clarke. I thank you, Mr. Chairman. I would like to, 
before beginning my statement, acknowledge and recognize 
Congressman Gene Green and ask unanimous consent that he be 
allowed to sit in on this hearing.
    Mr. Meehan. I thank the gentleman for attending. Without 
objection, so ordered.
    Ms. Clarke. Thank you, Mr. Chairman. Thank you for holding 
this legislative hearing to examine your bill, H.R. 4007.
    This legislation before us today would repeal and replace 
the existing statute that authorizes the Department of Homeland 
Security, DHS, to regulate chemical facilities for security 
purposes. This subcommittee has a great stake and long history 
in attempting to help the CFATS program succeed, and I have 
watched with interest the development of this legislative 
language. However, I do have some concerns about the approach 
the bill takes.
    First, the bill stands alone. It would not amend the 
Homeland Security Act of 2002. This would not affect the 
implementation of the bill, if it is passed and enacted into 
law, but some might argue that such a bill does not provide a 
firm statutory footing for the CFATS program or resolve issues 
of Congressional jurisdiction.
    The bill does contain much of the language in the existing 
statutory authority and includes some new requirements for the 
Secretary to follow. Like in the existing statutory authority, 
the bill authorizes the use of a current regulatory rule that 
requires such facilities to submit security vulnerability 
assessments and to develop and implement site security plans 
and facilities that have approved site security plans as of the 
date of enactment will not have to resubmit those plans for 
approval just because the bill was enacted.
    The bill expressly authorizes DHS to accept the submission 
alternative security programs, or ASPs, with respect to site 
security plans. The practice of using ASPs is already in use at 
the Department, and I am in favor of the ASPs. I think it is an 
innovative approach for companies to address their security 
needs.
    Let me turn to the issue of standards versus regulations. 
The existing statutory authority expressly directs the 
Secretary to inform interim final regulations. H.R. 4007 does 
not, but instead directs the creation of a program establishing 
certain standards.
    The bill mandates the Secretary to establish risk-based 
performance standards designed to protect chemical facilities 
that the Secretary determines represent a high level of 
security risk. This is an important feature, because unlike the 
existing statutory authority, this bill would require the 
performance standards to provide protection from acts of 
terrorism, while the existing statutory authority requires the 
risk-based performance standards be for security. This may help 
with some of our jurisdiction issues, but in my mind, the 
establishment of standards as opposed to a current regulatory 
scheme poses questions as to how the Department would interpret 
such language, if it becomes law.
    For example, I think it is possible that some stakeholders, 
including some of our witnesses today, may assume that since 
such standards would be binding on the public, that this 
language provides an implied authority to issue regulations 
under provisions of the Administrative Procedure Act to 
implement these standards. On the other hand, in a close 
reading of the bill, one might also assert that the removal of 
the requirement to issue regulations reflects the Majority's 
Congressional intent to move the CFATS program away from a 
regulatory framework to a public-private partnership or some 
other unspecified structure.
    I am hoping to get some clarification or opinion from the 
Department on how they view these issues, especially in light 
of their surprisingly full-throated support of this language.
    Another issue I would like to bring up is the use of 
contractors in CFATS. One of the features of H.R. 4007 is that 
it specifically authorizes the Secretary to designate 
inspectors that are not DHS employees. The language says that 
the audit and inspection processes may be carried out by a non-
Department or non-Governmental entity as approved by the 
Secretary.
    I understand that the bill is attempting to aid the 
Department in accelerating the site security authorization 
approval and compliance process, but I have serious 
reservations about the use of contractors in the inspector 
cadre, where this work is generally recognized as an inherently 
Governmental responsibility, especially when it involves 
terroristic threats and risks to the Nation.
    Finally, Mr. Chairman, I am anxious to work with you on the 
pressing issue of personnel surety, and I know your bill 
includes some helping language, but enactment into law for H.R. 
4007 may be a while off. More recently, DHS has issued a 30-day 
information collection request offering its latest personnel 
surety proposal. The proposal, as I understand, would accept 
credentials that are vetted recurrently against the terrorist 
screening database and has their validity verified on a 
continuing basis by electronic or other means.
    However, DHS has previously communicated with stakeholders 
that it would not grant reciprocity to personnel surety 
programs that vet individuals against the terrorism screening 
database on a schedule not equivalent to recurrent vetting. 
This poses substantial problems in a very complex arena.
    Many have expressed concerns about duplication of efforts 
and the burden of multiple background checks, and others have 
rightfully asked about what protections might be offered for 
workers who would be required to secure multiple credentials to 
continue working and what financial and operation problems 
would be put on facilities who are already complying with 
credentialing regulations.
    We must find a way to meet the needs of addressing these 
risks posed by access to chemical facilities through a common-
sense approach that will likely involve multiple program 
efforts to harmonize Government credentialing among the 
agencies and programs. We all know the CFATS program has been 
striving to improve its performance, and we commend the hard 
work and leadership shown at ISCD, and we will hear today from 
two agencies that have looked closely at the program to help us 
determine what we might codify to help the program achieve its 
potential.
    Thank you, Mr. Chairman. I look forward to working with you 
to make the CFATS program one we can be proud of. I yield back.
    [The statement of Ranking Member Clarke follows:]
              Statement of Ranking Member Yvette D. Clarke
                           February 27, 2014
    Thank you for holding this legislative hearing to examine your 
bill, H.R. 4007. The legislation before us today would repeal and 
replace the existing statute that authorizes the Department of Homeland 
Security (DHS) to regulate chemical facilities for security purposes.
    This subcommittee has a great stake, and long history, in 
attempting to help the CFATS program succeed, and I have watched with 
interest the development of this legislative language. However, I do 
have some concerns about the approach the bill takes.
    First, the bill stands alone, and would not amend the Homeland 
Security Act of 2002. This would not affect the implementation of the 
bill, if it is passed and enacted into law, but some might argue that 
such a bill does not provide a firm statutory footing for the CFATS 
program or resolve issues of Congressional jurisdiction.
    The bill does contain much of the language in the existing 
statutory authority and includes some new requirements for the 
Secretary to follow. Like in the existing statutory authority, the bill 
authorizes the use of the current regulatory rule that requires such 
facilities to submit security vulnerability assessments and to develop 
and implement site security plans, and facilities that have approved 
site security plans as of the date of enactment will not have to 
resubmit those plans for approval just because the bill was enacted.
    And the bill expressly authorizes DHS to accept the submission 
alternative security programs, or ASPs, with respect to site security 
plans. The practice of using ASPs is already in use at the Department, 
and I'm in favor of the ASPs, I think it is an innovative approach for 
companies to address their security needs.
    Let me turn to the issue of standards versus regulations. The 
existing statutory authority expressly directs the Secretary to issue 
interim final regulations. H.R. 4007 does not, but instead directs the 
creation of a program establishing certain standards.
    The bill mandates the Secretary to establish risk-based performance 
standards designed to protect chemical facilities that the Secretary 
determines represent a high level of security risk. This is an 
important feature, because unlike the existing statutory authority, 
this bill would require the performance standards to provide protection 
from ``acts of terrorism''; while the existing statutory authority 
requires the risk-based performance standards be for ``security.'' This 
may help with some of our jurisdictional issues, but in my mind, the 
establishment of ``standards'' as opposed to the current regulatory 
scheme, poses questions as to how the Department would interpret such 
language, if it becomes law.
    For example, I think it is possible that some stakeholders, 
including some of our witnesses today, may assume that since such 
standards would be binding on the public, that this language provides 
an implied authority to issue regulations under provisions of the 
Administrative Procedure Act to implement these standards.
    On the other hand, in a close reading of the bill, one might also 
assert that the removal of the requirement to issue regulations 
reflects the majority's Congressional intent to move the CFATS program 
away from a regulatory framework to a public/private partnership, or 
some other unspecified structure.
    I am hoping to get some clarification, or opinion from the 
Department, on how they view these issues, especially in light of their 
surprisingly full-throated support of this language.
    Another issue I'd like to bring up is the use of contractors in 
CFATS. One of the features of H.R. 4007 is that it specifically 
authorizes the Secretary to designate inspectors that are not DHS 
employees. The language says that the audit and inspection processes 
``may be carried out by a non-Department or non-Governmental entity, as 
approved by the Secretary''.
    I understand that the bill is attempting to aid the Department in 
accelerating the site security authorization, approval, and compliance 
process, but I have serious reservations about the use of contractors 
in the inspector cadre, where this work is generally recognized as an 
inherently Governmental responsibility, especially when it involves 
terroristic threats and risks to the Nation.
    Finally, Mr. Chairman, I an anxious to work with you on the 
pressing issue of Personnel Surety, and I know your bill includes some 
helping language. But enactment into law for H.R. 4007 may be a while 
off.
    More recently, DHS has issued a 30-day information collection 
request offering its latest personnel surety proposal. The proposal, as 
I understand, would accept credentials that are vetted recurrently 
against the terrorist-screening database and has their validity 
verified on a continuing basis by electronic or other means. However, 
DHS has previously communicated with stakeholders that it would not 
grant reciprocity to personnel surety programs that vet individuals 
against the terrorism-screening database on a schedule not equivalent 
to recurrent vetting. This poses substantial problems in a very complex 
arena.
    Many have expressed concerns about duplication of efforts and the 
burden for multiple background checks, and others have rightfully asked 
about what protections might be offered for workers who would be 
required to secure multiple credentials to continue working, and what 
financial and operation problems would be put on facilities who are 
already complying with credentialing regulations.
    We must find a way to meet the needs of addressing the risks posed 
by access to chemical facilities through a common-sense approach that 
will likely involve multiple program efforts to harmonize Government 
credentialing among the agencies and programs.
    We all know that the CFATS program has been striving to improve its 
performance, and we commend the hard work and leadership shown at ISCD, 
and we will hear today from two agencies that have looked closely at 
the program to help us determine what we might codify to help the 
program achieve its potential.
    Thank you Mr. Chairman, I look forward to working with you to make 
the CFATS program one we can be proud of.

    Mr. Meehan. I thank the Ranking Member.
    The Chairman now recognizes the Chairman of the full 
committee, the gentleman from Texas, Mr. McCaul, for any 
statement he may have.
    Mr. McCaul. Thank you, Mr. Chairman. I want to thank you 
for holding this hearing, for introducing this important 
legislation that I strongly support, and I want to thank Mr. 
Green, Gene Green, my friend from Texas, for his support of 
this legislation.
    Energy and Commerce Committee has been very accommodating 
with this committee in terms of jurisdiction. We have worked 
out our differences to be able to move forward to this point. 
As Congressman Green and I can appreciate even more so, as the 
events of West, Texas, I think demonstrate, the explosion that 
occurred there, and the loss of life demonstrate the need for 
this legislation now.
    This is a product of, Mr. Chairman, your hard work, Joan 
O'Hara on the staff, over the last 6 months meeting with the 
stakeholders, Government Accountability Office, Senate 
authorizing committees, and most importantly, our Department of 
Homeland Security officials. In my meetings with DHS, they are 
strongly supportive of this legislation. They understand the 
need to authorize. This committee needs to operate and 
authorize.
    This has never been authorized, which creates confusion not 
only in the Government, but in the private sector. This has 
only been done by the appropriators. It is time for this 
committee to stand up and do its job and its responsibility and 
authorize, and that is what I strongly support here today.
    I was very pleased yesterday to hear the Secretary of 
Homeland Security--he gave me private assurances that he 
supports this legislation, but to hear him testify before this 
committee that he is fully supportive I think sends a strong 
message to this committee that we need to get our work done on 
this committee and pass this out of committee.
    We have enjoyed, I believe, on this committee a strong 
bipartisan support on legislation, whether there is a border 
security which passed unanimously out of this committee, 
whether it was a cybersecurity bill that after negotiations 
with the Minority passed unanimously out of this committee. I 
am very proud of that record, very proud of that record.
    I would ask that the Ranking Member of this committee and 
the full committee go forward with that same spirit of trying 
to get something done, and particularly on an issue of this 
importance, and continue our governance in a bipartisan issue, 
because when it comes to matters of security, I don't believe 
that partisan politics have any place in it.
    I will just end with the Secretary's quote, when he said 
yesterday, ``We owe it to the American people to get something 
done.'' I couldn't agree with the Secretary more, and I thank 
him for his testimony yesterday, and I look forward to working 
with the Minority to get something done in this area.
    With that, Mr. Chairman, I yield back.
    Mr. Meehan. I thank the Chairman for his comments and for 
his presence here. I also am very grateful for the presence of 
the Ranking Member on the committee, the gentleman from 
Mississippi.
    Mr. Thompson, you are recognized for any statements you may 
have.
    Mr. Thompson. Thank you very much, Mr. Chairman. I, too, am 
happy that we are moving forward with a discussion of much-
needed legislation. However, there are still some differences 
of interpretation about this legislation, and I think we will 
see that over the course of this hearing.
    However, I do want to thank you for holding this hearing to 
examine your bill, H.R. 4007. As an original author of chemical 
security legislation, I am supportive of DHS's efforts to raise 
the level of security at our Nation's chemical facilities. If 
you would have told me back in 2006, 8 years later, that CFATS 
would still be operating without a free-standing authorization 
in the Homeland Security Act, I would have been shocked. 
Jurisdictional wrangling has been a problem.
    The closest that Congress has come to approving an 
authorization bill was back in 2010 when I teamed up with then-
Energy and Commerce Chairman Waxman. Since that time, the 
program has faced its share of internal and external 
challenges. Today, the program appears to be in a better place.
    That said, there could be some major changes in the program 
once the President's interagency Chemical Facility Safety and 
Security Working Group completes its work to enhance chemical 
sector safety and security. The legislation before us today has 
some good features. Certainly, the mention of personnel surety 
is a positive. However, it has some glaring weaknesses.
    The bill is a stand-alone and would not amend the Homeland 
Security Act. This approach potentially denies CFATS a firm 
statutory footing and adds to jurisdictional conflict. The bill 
maintains exemptions that were put in place in haste in 2006 of 
categories of facilities even as we await the recommendations 
from the President's Chemical Facility Safety and Security 
Working Group.
    One of my biggest issues with the bill is that it is 
written so broadly as to raise questions on whether it is a 
stay-the-course bill or, by making little or no references to 
the existing CFATS program, requires something different. I 
must say that the introduction of this bill was somewhat 
surprising, since after the West, Texas, tragedy, last year, 
Chairman McCaul wrote, along with Energy and Commerce Chairman 
Upton, and Appropriations Subcommittee Chairman Carter, that 
the basic programmatic building blocks of CFATS are missing and 
they are convinced the program should not continue in its 
present condition.
    Since Chairman McCaul's July 2013 letter, the CFATS office 
has made some modest improvement, particularly with respect to 
identifying and reaching out to facilities that should be 
evaluated for risk. Still, fundamental questions about the 
program's implementation persist. Answers to those questions 
and recommendations for reform will likely be down the road.
    I wrote the President last year about my concerns regarding 
the tragedy that occurred in West, Texas, and how we might 
examine the processes here at DHS and other agencies to protect 
citizens from similar catastrophic events, including changes in 
the CFATS program.
    Soon thereafter, the President issued an Executive Order 
that created an interagency working group to undertake an 
across-the-board examination of the programs that regulate 
chemical security and safety in the Federal Government. The 
interagency working group includes the Department of Homeland 
Security, the Department of Agriculture, Department of Justice, 
Department of Labor, Department of Transportation, and the 
Environmental Protection Agency.
    The Chemical Facility Safety and Security Working Group is 
expected to report to the President in May. In fairness, the 
Federal Government shutdown, which resulted in lapses in 
funding and authority, was not helpful. For that matter, 
neither is the current sequester, but we are here to talk about 
making the CFATS program work for the American people and 
making our Nation more secure.
    As a committee, we have an obligation to advance 
legislation that gives effect to our oversight finding. From 
risk modeling to administrative processes, it is an excessive 
and wrongheaded approach to personal security. DHS needs 
guidance.
    Frankly, I see nothing in the scant 11 pages of H.R. 4007 
to deliver the massive reforms that will be required to make 
CFATS and other chemical security programs more efficient and 
productive programs.
    With that, Mr. Chairman, I yield back.
    [The statement of Ranking Member Thompson follows:]
             Statement of Ranking Member Bennie G. Thompson
    As an original author of chemical security legislation, I am 
supportive of DHS' efforts to raise the level of security at our 
Nation's chemical facilities. If you would have told me back in 2006 
that 8 years later that CFATS would still be operating without a free-
standing authorization in the Homeland Security Act, I would have been 
shocked.
    Jurisdictional wrangling has been a problem. The closest that 
Congress has come to approving an authorization bill was back in 2010, 
when I teamed up with then-Energy and Commerce Chairman Waxman. Since 
that time, the program has faced its share of internal and external 
challenges.
    Today, the program appears to be in a better place. That said, 
there could be some major changes to the program, once the President's 
inter-agency Chemical Facility Safety and Security Working Group 
completes its work, to enhance chemical sector safety and security.
    The legislation before us today has some good features; certainly, 
the mention of personnel surety is a positive; however, it has some 
glaring weaknesses.
    The bill is a stand-alone and would not amend the Homeland Security 
Act. This approach potentially denies CFATS a firm, statutory footing 
and adds to jurisdictional conflict. The bill maintains exemptions that 
were put in place, in haste, in 2006, of categories of facilities, even 
as we await the recommendations from the President's Chemical Facility 
Safety and Security Working Group.
    One of my biggest issues with the bill is that it is written so 
broadly as to raise questions on whether it is a ``stay the course'' 
bill or, by making little or no references to the existing CFATS 
program, requires something different.
    I must say that the introduction of this bill was somewhat 
surprising since, after the West, Texas, tragedy last year Chairman 
McCaul wrote, along with Energy and Commerce Chairman Upton, and 
Appropriations Subcommittee Chairman Carter, that ``The basic 
programmatic building blocks of CFATS are missing'' and they ``are 
convinced the program should not continue in its present condition.''
    Since Chairman McCaul's July 2013 letter, the CFATS office has made 
some modest improvement, particularly with respect to identifying and 
reaching out to facilities that should be evaluated for risk. Still, 
fundamental questions about the program's implementation persist. 
Answers to those questions and recommendations for reform will likely 
be down the road.
    I wrote the President last year about my concerns regarding the 
tragedy that occurred in West, Texas, and how we might examine the 
processes here at DHS and other agencies to protect citizens from 
similar catastrophic events, including changes in the CFATS program.
    Soon thereafter, the President issued an Executive Order that 
created an inter-agency working group to undertake an across-the-board 
examination of the programs that regulate chemical security and safety 
in the Federal Government. The interagency working group includes the 
Department of Homeland Security, the Department of Agriculture, the 
Department of Justice, the Department of Labor, the Department of 
Transportation, and the Environmental Protection Agency.
    The Chemical Facility Safety and Security Working Group is expected 
to report to the President in May.
    In fairness, the Federal Government shutdown, which resulted in 
lapses in funding and authority, was not helpful. For that matter, 
neither is the current sequester, but we are here to talk about making 
the CFATS program work for the American people and making our Nation 
more secure.
    As a committee, we have an obligation to advance legislation that 
gives effect to our oversight findings. From risk modeling to 
administrative processes and its excessive and wrong-headed approach to 
personnel surety, DHS needs guidance. Frankly, I see nothing in the 
scant 11 pages of H.R. 4007 to deliver the massive reforms that will be 
required to make CFATS, and other chemical security programs more 
efficient and productive programs.

    Mr. Meehan. I thank the Ranking Member on the committee for 
his comments. Other Members of the committee are reminded that 
opening statements may be submitted for the record.
    Now, before I recognize our distinguished panel before us 
of witnesses today, we are privileged to have a guest at the 
hearing, and I want to use the prerogative of the Chairman to 
take a moment to recognize the gentleman from Texas, Mr. Green, 
for any comments or questions he might have. I appreciate that 
some duties that he has with regard to other committees are 
going to prevent him from attending the full hearing.
    So, Mr. Green, the Chairman recognizes you.
    Mr. Green. Thank you, Mr. Chairman, and I thank Ranking 
Member Clarke for allowing unanimous consent for me to testify, 
and Members of the subcommittee, for the opportunity to speak 
with you this morning regarding this important legislation.
    I serve on the Energy and Commerce Committee and also on 
the Environmental and Economy Subcommittee has jurisdiction 
over CFATS and have worked on the issue literally since its 
inception. Chemical facility security is extremely important to 
the protection of the public health and safety throughout the 
United States, and particularly in my district in Texas, the 
Texas 29th.
    I represent most of the Houston ship channel area, which is 
the heart of the petrochemical complex that stretches along the 
Texas Gulf Coast into Louisiana and produces many products 
essential to modern life, and it is also the largest 
petrochemical complex in the country.
    I cannot stress how important the success of CFATS program 
is to my constituents who are employees and live in these 
communities that surround these facilities. They deserve the 
best security standards possible to prevent the act of 
terrorism on U.S. soil.
    The Energy and Commerce Committee, which I sit on, has been 
very active for the past two congresses on CFATS. The Energy 
and Commerce Committee, like your committee, has held numerous 
hearings with DHS, GAO, and stakeholders on the problem from 
the program's shortcomings. In 2009 and again in 2011, Energy 
and Commerce cleared CFATS authorization bills. Neither were 
perfect bills, just like this one is not, but both provided 
important guidelines DHS needs to proceed in fixing the 
problems in CFATS.
    Both efforts--one led by Democrats, and the other by 
Republicans--failed to become law, and as a result, we are left 
with the status quo, which continues to endanger the security 
of our Nation's chemical facilities and surrounding 
communities, and ultimately resulted in DHS temporarily losing 
its authority to continue running CFATS during the Government 
shutdown last October.
    H.R. 4007, the Chemical Facility Anti-Terrorism Standards 
Authorization and Accountability Act, gives this Congress a 
realistic pathway toward authorization. This bill doesn't solve 
every problem that exists in CFATS, and it isn't meant to do 
so. What this bill will do is provide the Department, industry, 
workers, and our communities the stability and certainty they 
need going forward that CFATS is here to stay.
    It will authorize CFATS for the first time for 2 years and 
give Congress the opportunity to oversee the Department's 
implementation of the program and provide Congress the time to 
come to consensus on how best to fix the lingering issues. The 
bill would also provide guidance on some of the most urgent 
fixes needed in CFATS, including improve the efficiency of the 
site security plans, allow facilities to use existing Federal 
terrorist screening programs, like TWIC, to satisfy personnel 
surety requirements, and limit information collected from 
individuals to only what is necessary to ensure site security.
    I am aware of the concerns of my colleagues that Congress 
should not act on chemical security until the completion of the 
administration's Chemical Facility Safety and Security Working 
Group. The intention of this bill is not to interfere with the 
President's Executive Order. The bill is intended narrowly in 
scope in order to avoid these conflicts.
    As Members of Congress, we shouldn't wait for any 
administration, Democrat or Republican, in order to act and 
author the laws that we know are necessary to protect the 
American people from terrorist threats.
    I would like to remind my colleagues of the words 
yesterday, and this will be the third time you get to hear DHS 
Secretary Jeh Johnson: ``We have got a good bill, and if there 
is an opportunity to pass it in this Congress that supports my 
goals and objectives and enhances homeland security, I am going 
to support that measure.''
    I think we in the Congressional and Executive branches owe 
it to the American people to get something done. I ask my 
colleagues on both sides of the aisle to not let the perfect be 
the enemy of the good and to support this important 
legislation.
    Again, thank you again for the opportunity to speak this 
morning, and I will yield back my time, but also recognize my 
good friend from South Texas, Congressman Vela, who--I am glad 
he is on Homeland Security. He represents also the Port of 
Brownsville.
    [The statement of Hon. Green follows:]
                   Statement of Honorable Gene Green
                           February 27, 2014
    Good morning. I would like to thank Chairman Meehan, Ranking Member 
Clarke, and Members of the subcommittee for the opportunity to speak 
with you all this morning regarding this important legislation.
    Chemical facility security is extremely important to the protection 
of public health and safety throughout the United States and 
particularly for my district, the Texas 29th.
    I represent the Houston Ship Channel area which is the heart of a 
petro-chemical complex that stretches along the Texas Gulf Coast and 
produces many products essential to modern life and it is also the 
largest petrochemical complex in the country.
    I cannot stress how important the success of the CFATS program is 
to my constituents who are the employees and live in the communities 
that surround these facilities. They deserve the best security 
standards possible to prevent act of terrorism on U.S. soil.
    The Energy and Commerce Committee, which I sit on, has been very 
active for the past two Congresses on CFATS. Energy and Commerce, like 
your committee, has held numerous hearings with DHS, GAO, and 
stakeholders on the program's shortcomings.
    In 2009, and again in 2011, Energy and Commerce cleared CFATS 
authorizations bills. Neither were perfect bills, but both provided 
importance guidelines on how DHS needs to proceed in fixing the 
problems in CFATS.
    Both efforts, one lead by Democrats, the other by Republicans, 
failed to become law, and as a result we are left with the status quo, 
which continues to endanger the security of our Nation's chemical 
facilities and surrounding communities and ultimately resulted in DHS 
temporarily losing its authority to continue running CFATS during the 
Government shutdown last October.
    H.R. 4007, the Chemical Facility Anti-Terrorism Standards 
Authorization and Accountability Act gives this Congress a realistic 
pathway towards authorization.
    This bill does not solve every problem that exists in CFATS. It 
isn't meant to do so.
    What this bill will do is provide the Department, industry, 
workers, and our communities, the stability and certainty they need 
going forward that CFATS is here to stay.
    It will authorize CFATS, for the first time, for 2 years and give 
Congress the opportunity to oversee the Department's implementation of 
the program and provide Congress the time to come to a consensus on how 
best to fix the lingering issues.
    The bill will also provide guidance on some of the most urgent 
fixes needed to CFATS, including:
   Improve the efficiency of the site security plans;
   Allow facilities to use existing Federal terrorist screening 
        programs, like TWIC, to satisfy personnel surety requirements, 
        and;
   Limit information collected from individuals to only what's 
        necessary to ensure site security.
    I am aware of the concerns of some of my colleagues that Congress 
should not act on chemical security until the completion of the 
administration's Chemical Facility Safety and Security Working Group.
    The intention of this bill is not to interfere with the President's 
EO. The bill is intentionally narrow in scope in order to avoid these 
conflicts.
    As Members of Congress, we shouldn't have to wait for any 
administration, Democrat or Republican, in order to act and author the 
laws we know are necessary to protect the American people from 
terrorist threats.
    I would also like to remind my colleagues of the words said in this 
very room yesterday by DHS Secretary Jeh Johnson:

``We've got a good bill, and if there is an opportunity to pass it in 
this Congress that supports my goals and objectives, enhances homeland 
security, I'm going to support that measure. I think we in the 
Congressional and Executive Branches owe it to the American people to 
get something done.''

    I ask my colleagues on both sides of the aisle to not let the 
perfect be the enemy of the good and to support this important 
legislation.
    Thank you again for the opportunity to speak with all of you this 
morning and I yield the balance of my time.

    Mr. Meehan. Well, I thank the gentleman from Texas, and I 
appreciate his taking the time out of his schedule to join us 
today.
    So at this point in time, let me turn to the testimony of 
our witnesses. We will have two panels of witnesses, the first 
constructed of members of the Department of Homeland Security 
and the agencies we have asked to participate in oversight of 
this program. So I will begin my identification of each of 
those witnesses.
    The first is Ms. Caitlin Durkovich, is the assistant 
secretary for infrastructure protection at the Department of 
Homeland Security. In this role, she leads the Department's 
efforts to strengthen public-private partnerships and 
coordinate programs to protect the Nation's critical 
infrastructure, assess and mitigate risk, build resilience, and 
strengthen incident response and recovery. Previously, Ms. 
Durkovich served as the National Program and Protection 
Directorate's chief of staff, overseeing day-to-day management 
of the director and the development of internal policy and 
strategic planning.
    Ms. Durkovich is accompanied this morning by Mr. David 
Wulf, the director of the Infrastructure Security Compliance 
Division in DHS's National Program and Protection Directorate. 
Mr. Wulf will not be offering an opening statement, but he is 
here to answer questions, and I do--Mr. Wulf has been 
previously identified in my testimony--but in his role, has 
spent a significant period of time both looking at the 
challenges of--been helping to direct the improvements in the 
response for DHS.
    We will also be joined on this panel by Mr. Stephen 
Caldwell. He is the director in the Government Accountability 
Office's homeland security and justice team. Most recently, Mr. 
Caldwell's focus has been related to protecting critical 
infrastructure and promoting resiliency. He recently raised 
concerns about the risk assessment process used by ISCD in 
assessing terrorist risk to the 3,500 chemical facilities under 
the CFATS program.
    Last on this panel, we will be joined by Ms. Marcia Hodges. 
She is the chief inspector of the office of inspection of the 
Department of Homeland Security's Office of Inspector General. 
Ms. Hodges directly directs highly complex analytical reviews 
of DHS operations and programs to determine their efficiency 
and effectiveness. Prior to her service at DHS, Ms. Hodges 
worked for the inspector general of the Federal Emergency 
Management Agency from 1999 to 2003. In that position, Ms. 
Hodges led a multi-discipline team in New York City to assist 
and facilitate FEMA's response to the terrorist attacks of 
September 11, 2001.
    I thank you all for being here. Full written statements for 
each of the witnesses have been submitted to the Chairman and 
will appear in the record. So I ask you to do your best to keep 
your testimony to our 5 minutes, and I will recognize our first 
witness, Ms. Durkovich.

     STATEMENTS OF CAITLIN DURKOVICH, ASSISTANT SECRETARY, 
    INFRASTRUCTURE PROTECTION, U.S. DEPARTMENT OF HOMELAND 
     SECURITY, ACCOMPANIED BY DAVID WULF, DEPUTY DIRECTOR, 
          INFRASTRUCTURE SECURITY COMPLIANCE DIVISION

    Ms. Durkovich. Thank you very much, Chairman Meehan, 
Ranking Member Clarke. I do also want to thank Chairman McCaul, 
committee Ranking Member Thompson, Congressman Green, and 
Congressman Vela for their presence here earlier this morning 
and also other distinguished Members of the subcommittee.
    I very much appreciate the opportunity to appear before you 
today to discuss the progress made by CFATS and the need to 
authorize the program. The CFATS program has made the Nation 
more secure. Over the past 2 years, as you have noted, it has 
made significant progress. We are pleased the subcommittee has 
acknowledged this progress by introducing a bill that would 
provide longer-term authorization and the authority to carry 
out the program in a manner that will foster the security of 
America's highest-risk chemical infrastructure.
    As you are aware, the Department's current authority is set 
to expire in October 2014. DHS is eager to work with this 
subcommittee, our other authorization committees, and our 
stakeholders to achieve passage of legislation that provides 
long-term authorization and appropriately matures the CFATS 
program. As I said, the CFATS program has made the Nation more 
secure, and we are seeing the impact of the program at 
facilities throughout the country.
    For example, one facility had numerous positive aspects to 
their security program but failed to address security for small 
containers, which could be easily concealed in a purse or bag. 
After inspection, the facility understood this vulnerability 
and developed measures to prohibit bags within the restricted 
areas and to inspect hand-carrier items when exiting the 
restricted area.
    Another recent example is a tier four facility in Missouri 
that exercised its commitment to CFATS security measures and 
contacted their chemical security inspector when they 
discovered they had only received one of two pallets of a 
chemical of interest. Our chemical inspectors worked with UPS, 
local law enforcement, FBI weapons of mass destruction until 
the pallet was successfully located and delivered to the 
facility.
    These improvements are attributable to the hard work of the 
staff of the Infrastructure Security Compliance Division, which 
implements the CFATS program. I have confidence in the ability 
of Director Dave Wulf, who is here with me today, and the 
dedicated staff of ISCD located across the country to continue 
the success we have made to date.
    The progress made in the last 2 years has helped to put 
CFATS on a path to success, but there still is work to be done. 
We continue to engage with stakeholders and focus on three core 
areas of progress, reducing the backlog of security plan 
approvals, improving the risk assessment process, and ensuring 
that all potentially high-risk facilities are identified and 
meet their CFATS obligations.
    Over the past year, we have authorized, inspected, and 
approved hundreds of security plans. Since Director Wulf 
appeared before you last August, we have made great strides in 
increasing our pace of approvals, despite the 2\1/2\-week 
Government shutdown.
    The number of authorizations has nearly doubled to over 
1,100 authorizations. The pace of inspections has increased 
dramatically, and we have now completed more than 800 
inspections in total, including over 100 in January. We have 
tripled the number of approved site security plans, with over 
500 approved, and we are on pace to hit 1,000 this summer. 
Finally, in September, we began conducting compliance 
inspections at facilities with approved security plans.
    Our progress demonstrates our commitment to ensuring this 
program succeeds. Now we ask Congress to demonstrate your 
commitment to this program in providing long-term 
authorization.
    The Federal funding hiatus last October illustrates the 
complication faced by a program authorized through 
appropriation bills. In addition to stopping all inspections, 
the authorization of the CFATS program expired on October 5, 
2013. The gap in program authorization caused concern among our 
regulated facilities, with many questioning if the regulations 
were still in effect. This uncertainty illustrated the need for 
longer-term authorization outside of the appropriations 
process.
    The Department strongly believes that an authorization 
period longer than the 2 years currently stipulated in the bill 
would benefit Congressional oversight, ensuring maturation of 
the program, and the review and approval of security plans. 
Perhaps most importantly, long-term authorization will provide 
industry with the stability needed to plan and invest in 
measures to harden their sites against terrorist attack or 
exploitation. Companies have communicated to us that their 
capital planning and budgeting process for security 
improvements often runs on a 3-to-5-year cycle, and they 
deserve to know that the program will not be allowed to lapse 
as they invest in many CFATS-related improvements.
    Uncertainty about the future of CFATS has provided 
incentive for potentially regulated facilities to ignore their 
obligations and hope that the program will be allowed to 
sunset. An authorization period of 5 years or longer would 
enable you to send a message to facilities that may be seeking 
to avoid compliance.
    As we approach the anniversary of the explosion in West, 
Texas, the Department remains committed to ensuring that 
facilities are both aware of the requirements to report under 
CFATS and complete their obligations. The committee's efforts 
to codify the Department's authority to seek noncompliant 
facilities will greater support our actions to bring these 
facilities into compliance.
    We have worked closely with our interagency partners to 
implement Executive Order 13650 on improving chemical facility 
safety and security, but we feel strongly that multi-year 
authorization is vital now and will harmonize with the outcomes 
of the Executive Order. With the progress made over the last 2 
years, the CFATS program is ready for stabilization through 
long-term authorization.
    Finally, I want to thank the next panel, Clyde Miller, who 
is representing the American Chemistry Council, and Kate 
Donahue, who is representing the Society of Chemical 
Manufacturers and its affiliates. Both individuals and 
organizations have been important supporters as we have worked 
to implement the program. It is with their input and feedback 
that we have made progress in areas like developing templates 
for alternative security programs, expanding outreach to 
potentially noncompliant facilities, and improving our tiering 
methodology.
    With continued support from industry and action by Congress 
to authorize the program, our mission to protect Americans will 
be strengthened. Thank you. I look forward to your questions.
    [The joint prepared statement of Ms. Durkovich and Mr. Wulf 
follows:]
      Joint Prepared Statement of Caitlin Durkovich and David Wulf
                           February 27, 2014
    Thank you, Chairman Meehan, Ranking Member Clarke, and 
distinguished Members of the subcommittee. I appreciate the opportunity 
to appear before you today to discuss the Department of Homeland 
Security's (DHS) regulation of high-risk chemical facilities under the 
Chemical Facility Anti-Terrorism Standards (CFATS) and the need for 
action to authorize the program. Over the past year, the CFATS program 
has made significant progress, advancing programmatically while 
simultaneously addressing internal management concerns. We are pleased 
the subcommittee has acknowledged this progress by introducing a bill 
that would provide longer-term authorization and the authority to carry 
out the program in a manner that will foster the security of America's 
highest-risk chemical infrastructure.
    As you are aware, the Department's current authority under Section 
550 of the Fiscal Year 2007 Department of Homeland Security 
Appropriations Act, as amended, is set to expire in October 2014. DHS 
is eager to work with this subcommittee, our other authorization 
committees, and our stakeholders both in Government and the private 
sector to achieve passage of legislation that provides long-term 
authorization and appropriately matures the CFATS program. In support 
of this collaboration, our testimony focuses on the progress made over 
the last 2 years, our efforts to continue strengthening the program, 
and the need for permanent authorization in order to fully stabilize 
the program.
                 cfats has made the nation more secure
    The CFATS program is an important part of our Nation's 
counterterrorism efforts as we work with our industry stakeholders to 
keep dangerous chemicals out of the hands of those who wish to do us 
harm. Since the CFATS program was created, we have engaged with 
industry to identify and regulate high-risk chemical facilities to 
ensure they have security measures in place to reduce the risks 
associated with the possession of chemicals of interest. CFATS has also 
played a significant role in reducing the number of high-risk chemical 
facilities that are susceptible to attack or exploitation. To date, 
more than 3,000 facilities have eliminated, reduced, or modified their 
holdings of chemicals of interest. The significant reduction in the 
number of chemical facilities that represent the highest risk is an 
important success of the CFATS program and is attributable both to the 
design of the program as enacted by Congress and to the work of CFATS 
personnel and industry at thousands of chemical facilities.
    The progress made in the CFATS program over the last 2 years has 
helped to put the program on a path to success; however, there is still 
work to be done. The Department continues to engage with stakeholders 
and focus on three core areas: Reducing the backlog of site security 
plan approvals, improving the risk assessment process, and ensuring 
that all potentially high-risk facilities are identified and are 
meeting their regulatory obligations as required by CFATS. Along with 
long-term authorization, our continued focus on these areas will ensure 
our stakeholders have the stability they need to comply with their 
regulatory obligations. We welcome the opportunity to work with you and 
our stakeholders on these important issues to further improve this 
vital National security program.
                     cfats implementation progress
    The cornerstone of the CFATS program is the development, 
submission, and implementation of Site Security Plans (SSPs), or 
Alternative Security Programs (ASPs) in lieu of SSPs, which document 
the security measures that high-risk chemical facilities utilize to 
satisfy the applicable Risk-Based Performance Standards (RBPS) under 
CFATS. It is important to note that these plans are not ``one-size-
fits-all,'' but are in-depth, highly customized, and account for each 
facility's unique circumstances.
    In order to determine whether a facility is regulated under CFATS, 
the facility submits a Top-Screen to the Department's Infrastructure 
Security Compliance Division (ISCD). Since we began collecting this 
information in 2007, ISCD has data from more than 46,000 Top-Screens 
submitted by chemical facilities, providing important information about 
their chemical holdings. Based on the information received in the Top-
Screens, ISCD makes an initial determination that certain facilities 
are considered high-risk and assigns each of these to a preliminary 
tier.\1\ These facilities then compile and submit Security 
Vulnerability Assessments (SVAs), which are used by ISCD to identify 
which facilities present a terrorism risk that is sufficiently high to 
warrant the assignment of a final high-risk tier under CFATS. As of 
February 20, 2013, CFATS covers over 4,200 high-risk facilities Nation-
wide; of these, over 3,300 have received final high-risk determinations 
and are required to develop SSPs (or ASPs) for ISCD review. The 
remaining facilities are awaiting final tier determinations based on 
their SVA submissions. The tiered population is dynamic and subject to 
change, depending on the chemical holdings and other conditions at 
facilities.
---------------------------------------------------------------------------
    \1\ The Department has developed a risk-based tiering structure and 
assigns facilities to one of four risk-based tiers ranging from high 
(Tier 1) to low (Tier 4) risk. Assignment of tiers is based on an 
assessment of the potential consequences of a successful attack on 
assets associated with chemicals of interest.

----------------------------------------------------------------------------------------------------------------
                                       Total No.              Authorized  Authorization   Approved    Compliance
                Tier*                     of       Received    SSPs and     Inspection    SSPs and   Inspections
                                      Facilities  Final Tier     ASPs       Conducted       ASPs      Conducted
----------------------------------------------------------------------------------------------------------------
1...................................         120         111         106           103           99           11
2...................................         392         343         253           234          195            1
3...................................       1,119         957         541           416          241            0
4...................................       2,571       1,914         149            28            5            0
                                     ---------------------------------------------------------------------------
      Total.........................       4,202       3,325       1,049           781          540          12
----------------------------------------------------------------------------------------------------------------
* As of February 20, 2013.
** Totals do not include facilities that are no longer regulated, but have received letters of authorization,
  authorization inspections, and/or approved SSPs/ASPs.

    Over the past year, the CFATS program has authorized, inspected, 
and approved hundreds of security plans. The program has also improved 
the pace of inspections and SSP approvals, developing new processes and 
distributing guidance materials. The majority of Tier 1 and Tier 2 
facilities (the highest of the high-risk), as well as many Tier 3 
facilities, now have an approved security plan. In September, ISCD 
marked yet another milestone when we began conducting compliance 
inspections for facilities with approved SSPs. During compliance 
inspections, the Department verifies that the facility is implementing 
the measures contained in its approved SSP. Initially, these 
inspections will be conducted approximately 1 year after a facility's 
SSP is approved, but the Department is developing a process whereby the 
timing for compliance inspections will be based on a variety of 
factors, such as the facility's risk tier, the facility and/or parent 
company's past CFATS compliance history, and the number of planned 
measures contained in the approved SSP.
    The improvements that have been made have accelerated the pace of 
approvals and we are continuing to explore areas to enhance the 
program. We recognize the projected time frame for all approvals must 
be reduced and we are exploring a variety of ways to increase the pace 
at which approvals are granted while maintaining the quality and 
thoroughness of the security plan approval process and the level of 
security required at chemical facilities. These include encouraging 
increased use of ASPs and supporting stakeholders' development of new 
ASP templates, focusing inspections on key RBPS at lower-tier 
facilities, exploring ways to streamline the security plan review and 
inspection process for facilities owned by corporations with multiple 
CFATS-regulated facilities, and identifying efficiencies in the 
inspection and compliance assistance visit scheduling process to reduce 
travel time per inspector activity. The Department is engaging with 
CFATS stakeholders on efforts to expedite security plan reviews and is 
committed to identifying and implementing appropriate enhancements to 
streamline the CFATS process. ASPs are an important option for 
facilities that desire flexibility in their site security plan, and we 
appreciate the subcommittee's effort to ensure this option remains 
available for the CFATS program moving forward.
                         cfats risk assessment
    As a part of our commitment to continue moving the CFATS program 
forward, NPPD has conducted a thorough review of our risk assessment 
process. In support of this review, NPPD implemented a phased approach, 
which included documenting all processes and procedures relating to the 
risk assessment methodology; conducting an internal NPPD review of the 
risk assessment process; and initiating an external peer review of the 
risk assessment methodology.
    All three of these phases are now complete, with the Department 
receiving the CFATS Tiering Methodology Peer Review Final Report from 
the expert peer review panel in October 2013. Although many of the peer 
review panel's recommendations pertain to areas the Department had 
previously identified for improvement, we felt it was essential to 
engage external stakeholders through an external peer review. As a 
result of continued stakeholder engagement, the Report provides 
valuable perspectives that will inform our efforts to enhance the CFATS 
risk-tiering methodology. We have analyzed the peer review 
recommendations and developed an implementation plan to enable us to 
address the recommendations in a timely and thoughtful manner. We also 
recognize that it is essential to continue to engage our stakeholders 
in implementing changes to risk assessment process.
    As recommended by the Peer Review Final Report, the Department 
intends to adopt appropriate changes to the tiering methodology in an 
integrated fashion, addressing as many issues concurrently as feasible. 
The implementation plan also addresses modifications to the tiering 
methodology stemming from efforts beyond the peer review, such as the 
economic and mission criticality studies being conducted on behalf of 
the Department by Sandia National Laboratories. Additionally, 
consistent with both recommendations within the Peer Review Final 
Report and our response to the Government Accountability Office's 
report on the CFATS tiering methodology, ISCD intends to have a third 
party verify and validate the revised tiering methodology. As we move 
forward with implementing recommendations to the tiering methodology, 
we are committed to ensuring these improvements are balanced with our 
stakeholders need for continued stability in tiering.
      chemical facility safety and security improvement: a shared 
                             responsibility
    Since the inception of the CFATS program, the Department has worked 
to ensure that potentially regulated facilities are aware of their 
reporting obligation under the CFATS regulations and that they comply 
with these existing regulations. Following the explosion in West, 
Texas, this past April, ISCD has taken a number of steps to 
reinvigorate this effort, including supporting the implementation of 
Executive Order 13650, Improving Chemical Facility Safety and Security. 
Under Executive Order 13650, Federal agencies are exploring options for 
improving chemical facility safety and security to reduce the 
likelihood of incidents occurring in the future. The working group is 
developing recommendations to see if there is a need to improve 
information collection, more effectively share information between 
agencies, improve operational and Federal coordination efforts, and the 
working group is analyzing the effectiveness of existing regulations 
and policies governing chemicals and chemical facilities. These 
coordinated efforts will help ensure that the Federal Government most 
effectively uses the collective resources available for managing 
chemical risk.
Promoting Compliance
    The activities taking place in support of Executive Order 13650 
complement many of the individual efforts being undertaken within the 
Department, and other Federal departments and agencies, following the 
tragic events in West, Texas. Since the April explosion, DHS has 
engaged with numerous members of industry and all have agreed that we 
must work together to prevent future incidents. Industry has offered to 
share information about the CFATS regulatory requirements with other 
members of industry and do their part to promote safety and security at 
chemical facilities. The Department appreciates this support and looks 
forward to working with industry and our Government partners to carry 
out these activities. In pursuit of this shared responsibility, the 
Department has undertaken significant outreach efforts throughout the 
years, to inform potentially high-risk chemical facilities of their 
obligations under CFATS. These outreach efforts have been a major 
contributor to the submission of over 46,000 Top-Screens from 
potentially high-risk chemical facilities to date.
    As the tragic incident in West, Texas, demonstrated, however, not 
all facilities with threshold quantities of CFATS chemicals of interest 
have met their obligation to submit Top-Screens. DHS is committed to 
pursuing all reasonable measures to identify potential high-risk 
chemical facilities that are not among those that have already complied 
with initial Top-Screen submission requirements, and we will continue 
to work to get those facilities into compliance. When appropriate, the 
Department can utilize available enforcement mechanisms to bring non-
compliant facilities into compliance. Both increased outreach and, 
where appropriate, the use of compliance enforcement mechanisms are 
part of the Department's overall strategy to reduce the likelihood of 
potentially high-risk chemical facilities intentionally or 
unintentionally evading identification under the CFATS program.
State and Local Partnerships
    The Department's strategy for identifying potentially non-compliant 
facilities also includes enhanced coordination with Federal, State, and 
local partners. One such activity has been reinvigorating efforts with 
the EPA and other Federal partners with regulatory authority over the 
chemical industry to compare lists of regulated facilities to identify 
facilities which may have complied with another regulatory program and 
are potentially regulated under CFATS but have yet to comply with 
CFATS. Initial results from these efforts have been promising, with the 
Department seeing a substantial increase in the monthly rate of new 
Top-Screen submissions having begun in August 2013.
    The Department is also undertaking similar efforts with States and 
localities. Since April, ISCD has reached out to officials in all 50 
States, including State Homeland Security Advisors (HSAs) and the 
Governors Homeland Security Advisory Council, about CFATS requirements. 
These efforts are in addition to continuing to provide State HSAs and 
their designees with access to information on CFATS-regulated 
facilities in their jurisdictions via CFATS Share, a web-based 
information-sharing portal that provides on an as-needed basis to 
certain Federal, State, and local agencies access to key information on 
CFATS facility information.
Outreach to Non-Compliant Facilities
    The Department is expanding outreach efforts to identify 
potentially non-compliant facilities and has developed an Outreach and 
Engagement Strategy as well as an Outreach and Engagement 
Implementation Plan to raise awareness of CFATS, the measures of 
success, roles and responsibilities, and resource implications. DHS 
will continue to operate its CFATS Tip Line and will follow up on any 
information of potentially non-compliant facilities.
    All of the aforementioned efforts are being undertaken in addition 
to the larger-scale efforts being coordinated under E.O. 13650. Of 
particular relevance is the effort being led by DHS under Section 5 of 
the EO, which addresses Enhanced Information Collection and Sharing. 
This section requires the development of recommendations on possible 
changes to improve and streamline information collection from regulated 
industries and recommendations to enhance data sharing between 
agencies, States, localities, and Tribal entities to better identify 
facilities which may not have provided all required information or may 
be non-compliant with requirements.
    We feel strongly that our private-sector stakeholders are key to 
our efforts to enhance data sharing, increase cross-training, and 
identify areas for possible regulatory changes as well as identifying 
possible gaps in existing statutory authorities. Enhancing security and 
building resilience across the chemical sector is not something a 
single company, industry or even Government can do by itself. This has 
to be a collaborative effort. It also has to be a comprehensive effort, 
because of the sheer complexity of affected facilities, the linkages to 
other sectors, and the potential cascading effects and consequences of 
a significant attack or disruption.
                          industry engagement
    Industry engagement has always been an important aspect of CFATS, 
but will be more important than ever as we move forward with program 
improvements. Chemical Security Inspectors play an important role, 
serving as our boots on the ground and the face of CFATS in the field. 
Inspectors provide assistance and outreach directly to facilities and 
play an important role in helping to identify appropriate security 
measures during the authorization inspection process. For example, one 
facility had numerous positive aspects to their security program, but 
failed to address any security measures for small containers, which 
could easily be concealed within a handbag or backpack. After the 
inspection, the facility understood the potential vulnerability and 
developed planned measures to prohibit bags within the restricted area 
and to inspect hand-carried items when exiting the restricted area. 
Another example is a different regulated facility that had effective 
security for the chemicals of interest located within the building, but 
failed to address the chemicals of interest located in the open storage 
yard. As a result of the inspection, the facility identified a new 
restricted area to store the chemicals of interest within the main 
building and added procedures to ensure that upon receipt, the 
appropriate facility personnel immediately moved the chemicals of 
interest into the new restricted area. In addition to conducting 
inspections and providing compliance assistance to facilities, NPPD's 
chemical inspectors actively work with local stakeholders and 
Governmental agencies across the country.
                   the need for program authorization
    DHS recognizes the significant work that the committee and others 
have undertaken to reauthorize the CFATS program. The progress we have 
made over the last 2 years demonstrates the Department's commitment to 
ensuring this program is a success; now we ask Congress to demonstrate 
your commitment to this program in providing a long-term authorization.
    The Federal funding hiatus last October illustrates the 
complications in the current authorization structure. The funding 
hiatus directly impacted the CFATS program because the program is 
authorized through appropriations bills. The shutdown resulted in all 
ISCD staff being furloughed, which resulted in cancellation of numerous 
inspections and immobilized security plan approvals. In addition to the 
shutdown of programmatic activities, the authorization of the CFATS 
program expired on October 5, 2013. The gap in program authorization 
caused concern among regulated facilities, with many facilities 
questioning whether the regulations were still in effect. This 
confusion and uncertainty demonstrated the need for long-term 
authorization outside of the appropriations process. Moreover, it is 
unclear if the Department would have had the authority to act had there 
been an exigent need during the shutdown to take enforcement action 
under CFATS in furtherance of National security interests.
    The Department strongly believes that an authorization period 
longer than the 2 years currently stipulated in the bill would be 
beneficial to your oversight activities by ensuring the full maturation 
of the program and the review and approval of all backlogged Site 
Security Plans. Perhaps most importantly, long-term authorization will 
provide industry stakeholders with the stability needed to plan for and 
invest in CFATS-related security measures to harden their critical 
sites against terrorist attack or exploitation. Companies have 
regularly communicated to us that their capital-planning/budgeting 
processes for security improvements frequently run on a 3-to-5-year 
cycle and they deserve to know that the program will not be allowed to 
lapse as they invest in major CFATS-related security improvements.
    Uncertainty about the future of CFATS also has provided an 
incentive for potentially-regulated facilities storing large quantities 
of dangerous chemicals to ignore their obligations under CFATS in hopes 
that the program will be allowed to sunset. An authorization period of 
5 years or longer would enable Congress to send an important message to 
such facilities that may willfully be seeking to avoid compliance.
    As we approach the 1-year anniversary of the explosion at the West 
Fertilizer plant in Texas, the Department remains committed to ensuring 
that facilities across the Nation are both aware of the requirements to 
report under CFATS and complete their obligations. The committee's 
efforts to codify the Department's authority to seek out non-compliant 
facilities will greatly support our on-going actions to bring these 
facilities into compliance. The Department has worked closely with our 
interagency partners to implement Executive Order 13650, but we feel 
strongly that multi-year CFATS authorization is vital now and will 
harmonize with the outcomes of the Executive Order.
    With the progress made over the last 2 years, the CFATS program is 
ready for program stabilization through permanent or long-term 
authorization. The Department has taken important steps to build a 
strong CFATS program and has a seasoned leadership team committed to 
the success of the program. With support from industry and action by 
Congress to authorize the program, the CFATS program's mission to 
protect Americans will be strengthened.
                               conclusion
    The Department has made significant improvements to the CFATS 
program and is moving forward strategically to address the challenges 
that remain. With your support, we can ensure our Nation is more secure 
by continuing implementation of the CFATS program, and we are committed 
to working with you to pass legislation to establish permanent or long-
term authorization for the program. As we implement CFATS, we will 
continue to work with stakeholders to keep our Nation secure by 
preventing terrorists from exploiting chemicals or chemical facilities. 
We firmly believe that CFATS is making the Nation more secure by 
reducing the risks associated with our Nation's chemical infrastructure 
and we are--along with our stakeholders and partners--committed to its 
continued success.

    Mr. Meehan. Thank you, Ms. Durkovich.
    The Chairman now recognizes the gentleman from the 
Government Accountability Office, Mr. Caldwell.

 STATEMENT OF STEPHEN L. CALDWELL, DIRECTOR, HOMELAND SECURITY 
       AND JUSTICE, U.S. GOVERNMENT ACCOUNTABILITY OFFICE

    Mr. Caldwell. Chairman Meehan, Ranking Member Clarke, thank 
you very much for, again, asking GAO to discuss our CFATS work, 
particularly at your hearing on your bill, H.R. 4007.
    My written statement is based on work we have done over the 
last couple of years, as well as some more recent updates in 
talking to the CFATS staff. We will provide basically a status 
report on four areas that are key to the program. First is 
identifying chemical facilities. Next is assessing the risks 
and prioritizing those facilities to decide which ones are high 
risk and at what tier. The next one is reviewing facility site 
security plans and improving those. Then, finally, inspecting 
the facilities for compliance at the end of the process.
    Based on reports we have done, the recent updates and some 
of the statements by the Department today, there are certainly 
some indications of process across all four of these areas. 
Regarding the identification of the facilities, your last 
hearing raised the issue of outliers, facilities that should 
have applied, but have not. As you know, on that very same day, 
the President issued the Executive Order 13650, to address that 
issue, DHS as a whole has reported on some of the progress by 
the 13650 working group. GAO does have a review in process to 
look at the implementation of that, focused not only on DHS, 
but also at OSHA, EPA, and some of the other facilities.
    Regarding the assessment of risks and the prioritization of 
facilities, DHS is working to implement our recommendations 
related to the risk assessment methodology. As part of response 
to our recommendation, they ask for a peer review from the 
Homeland Security and Studies Analysis Institute. Their study 
had results very similar to ours, and as mentioned, DHS has an 
action plan to address that.
    Regarding the review of site security plans, as noted 
before, we have talked about a long backlog of that, and the 
Department is taking steps to do that. When we restart our work 
on this, that is one of the things will focus on, and if 
appropriate, we will certainly revise our estimate from about a 
year ago that it will take 7 to 9 years to resolve that 
backlog.
    Of course, the outstanding issue for all the facilities, 
those that have had plans approved or not, relates to the 
personnel surety program performance standard 12. Until that is 
resolved, you know, none of the facilities actually have a 
final approval of their site security plan.
    Then regarding the inspections for compliance, as just 
reported, the Department is just starting that process. We have 
not really looked at it, but this is one of the key areas that 
we will focus on as we go forward with our new review.
    Closing, I would like to note the GAO still needs to verify 
a lot of the progress that has been reported by the Department. 
We will do that through in-depth audits, as we always do. We 
are coordinating with the I.G., as we do as well, to make sure 
that we have maximum coverage over the program without 
duplicating work. We plan to go forward with these reviews in 
response to outstanding requests we already have from the 
appropriators and the authorization committees and whether or 
not this bill goes forward in terms of that particular clause.
    So with that, I will be happy to answer any questions. 
Thank you.
    [The prepared statement of Mr. Caldwell follows:]
               Prepared Statement of Stephen L. Caldwell
                           February 27, 2014
                             gao highlights
    Highlights of GAO-14-365T, a testimony before the Subcommittee on 
Cybersecurity, Infrastructure Protection, and Security Technologies, 
Committee on Homeland Security, House of Representatives.
Why GAO Did This Study
    Facilities that produce, store, or use hazardous chemicals could be 
of interest to terrorists intent on using toxic chemicals to inflict 
mass casualties in the United States. As required by statute, DHS 
issued regulations establishing standards for the security of these 
facilities. DHS established the CFATS program to assess risk at 
facilities covered by the regulations and inspect them to ensure 
compliance. In February 2014, legislation was introduced related to 
several aspects of the program.
    This statement provides observations on DHS efforts related to the 
CFATS program. It is based on the results of previous GAO reports in 
July 2012 and April 2013, with selected updates conducted in February 
2014. In conducting the earlier work, GAO reviewed DHS reports and 
plans on the program and interviewed DHS officials. In addition, GAO 
interviewed DHS officials to update information.
What GAO Recommends
    In a July 2012 report, GAO recommended that DHS measure its 
performance implementing actions to improve its management of CFATS. In 
an April 2013 report, GAO recommended that DHS enhance its risk 
assessment approach to incorporate all elements of risk, conduct a peer 
review, and gather feedback on its outreach to facilities. DHS 
concurred with these recommendations and has taken actions or has 
actions underway to address them.
    GAO provided a draft of the updated information to DHS for review, 
and DHS confirmed its accuracy.
  critical infrastructure protection.--observations on dhs efforts to 
     identify, prioritize, assess, and inspect chemical facilities
What GAO Found
    In managing its Chemical Facility Anti-Terrorism Standards (CFATS) 
program, the Department of Homeland Security (DHS) has a number of 
efforts underway to identify facilities that are covered by the 
program, assess risk and prioritize facilities, review and approve 
facility security plans, and inspect facilities to ensure compliance 
with security regulations.
   Identifying facilities.--DHS has begun to work with other 
        agencies to identify facilities that should have reported their 
        chemical holdings to CFATS, but may not have done so. DHS 
        initially identified about 40,000 facilities by publishing a 
        CFATS rule requiring that facilities with certain types of 
        chemicals report the types and quantities of these chemicals. 
        However, a chemical explosion in West, Texas, last year 
        demonstrated the risk posed by chemicals covered by CFATS. 
        Subsequent to this incident, the President issued Executive 
        Order 13650 which was intended to improve chemical facility 
        safety and security in coordination with owners and operators. 
        Under the Executive Order, a Federal working group is sharing 
        information to identify additional facilities that are to be 
        regulated under CFATS, among other things.
   Assessing risk and prioritizing facilities.--DHS has begun 
        to enhance its ability to assess risks and prioritize 
        facilities. DHS assessed the risks of facilities that reported 
        their chemical holdings in order to determine which ones would 
        be required to participate in the program and subsequently 
        develop site security plans. GAO's April 2013 report found 
        weaknesses in multiple aspects of the risk assessment and 
        prioritization approach and made recommendations to review and 
        improve this process. In February 2014, DHS officials told us 
        they had begun to take action to revise the process for 
        assessing risk and prioritizing facilities.
   Reviewing security plans.--DHS has also begun to take action 
        to speed up its reviews of facility security plans. Per the 
        CFATS regulation, DHS was to review security plans and visit 
        the facilities to make sure their security measures met the 
        risk-based performance standards. GAO's April 2013 report found 
        a 7- to 9-year backlog for these reviews and visits, and DHS 
        has begun to take action to expedite these activities. As a 
        separate matter, one of the performance standards--personnel 
        surety, under which facilities are to perform background checks 
        and ensure appropriate credentials for personnel and visitors 
        as appropriate--is being developed. As of February 2014, DHS 
        has reviewed and conditionally approved facility plans pending 
        final development of the personal surety performance standard.
   Inspecting to verify compliance.--In February 2014, DHS 
        reported it had begun to perform inspections at facilities to 
        ensure compliance with their site security plans. According to 
        DHS, these inspections are to occur about 1 year after facility 
        site security plan approval. Given the backlog in plan 
        approvals, this process has started recently and GAO has not 
        yet reviewed this aspect of the program.
    Chairman Meehan, Ranking Member Clarke, and Members of the 
subcommittee: I am pleased to be here today to discuss our work on the 
Department of Homeland Security's (DHS) efforts in implementing and 
managing the Chemical Facility Anti-Terrorism Standards (CFATS) 
program. Facilities that produce, store, or use hazardous chemicals 
could be of interest to terrorists intent on using toxic chemicals to 
cause harm to surrounding populations during terrorist attacks, and 
these chemicals could be stolen and used as chemical weapons, such as 
improvised explosive devices, or as the ingredients for making chemical 
weapons. The danger posed by these chemicals became evident last year 
when ammonium nitrate--one of the chemicals covered by the CFATS 
program--detonated during a fire at a fertilizer storage and 
distribution facility in West, Texas. An investigation by the U.S. 
Chemical Safety Board (CSB) showed that the explosion killed at least 
14 people and injured more than 200 others and severely damaged or 
destroyed nearly 200 homes, 3 nearby schools, a nursing home, and an 
apartment complex.\1\ According to CSB, the fire at the facility 
detonated about 30 tons of ammonium nitrate. This event serves as a 
tragic reminder of the extent to which chemicals covered by the CFATS 
program can pose a risk to surrounding populations.
---------------------------------------------------------------------------
    \1\ Rafael Moure-Eraso, Chairperson, U.S. Chemical Safety Board, 
testimony before the Senate Committee on Environment and Public Works, 
113th Congress 1st Sess., June 27, 2013. The CSB is an independent 
Federal agency charged with investigating industrial chemical 
accidents. The CSB board members are appointed by the President and 
confirmed by the Senate. According to the CSB website, CSB does not 
issue fines or citations, but makes recommendations to plants, 
regulatory agencies, industry organizations, and labor groups.
---------------------------------------------------------------------------
    The DHS appropriations act for fiscal year 2007 \2\ required DHS to 
issue regulations to establish risk-based performance standards for 
securing facilities that possess, store, manufacture, or use chemicals 
that could be of interest to terrorists, among other things. \3\ In 
2007, DHS established the CFATS program to assess the risk posed by 
chemical facilities, place facilities considered to be high-risk in one 
of four risk-based tiers, require high-risk facilities to develop 
security plans, review these plans, and inspect the facilities to 
ensure compliance with regulatory requirements. DHS's National 
Protection and Programs Directorate (NPPD) is responsible for the CFATS 
program. Within NPPD, the Infrastructure Security Compliance Division 
(ISCD), a division of the Office of Infrastructure Protection (IP), 
manages the program.
---------------------------------------------------------------------------
    \2\ Pub. L. No. 109-295,  550, 120 Stat. 1355, 1388 (2006).
    \3\ The CFATS regulation establishes 18 risk-based performance 
standards that identify the areas for which a facility's security are 
to be examined, such as perimeter security, access control, and 
cybersecurity. To meet these standards, facilities are free to choose 
whatever security programs or processes they deem appropriate so long 
as DHS determines that the facilities achieve the requisite level of 
performance in each applicable standard.
---------------------------------------------------------------------------
    On February 6, 2014, Congressman Meehan and other Members of the 
House of Representatives' Committee on Homeland Security, along with 
one Member of the House of Representatives' Committee on Energy and 
Commerce, introduced H.R. 4007, the Chemical Facility Anti-Terrorism 
Standards Program Authorization and Accountability Act of 2014.\4\ This 
bill would authorize the CFATS program for 2 years and would take 
effect 30 days after enactment. This bill includes provisions regarding 
multiple aspects of the CFATS program, including risk assessment, 
security plan reviews, and facility inspections. Among other things, 
H.R. 4007 would:
---------------------------------------------------------------------------
    \4\ H.R. 4007, 113th Cong. (2014).
---------------------------------------------------------------------------
   Require DHS to consult with the heads of other Federal 
        agencies, States and political subdivisions, and business 
        associations to identify chemical facilities of interest;
   Direct DHS to develop a risk assessment approach that 
        includes all elements of risk, including threat data based on 
        available intelligence, the vulnerability of the facility to 
        terrorist attack, and consequence measurements including 
        potential economic consequences;
   Reaffirm the risk-based performance standard approach to 
        facility security plans and the use of Alternative Security 
        Programs;\5\
---------------------------------------------------------------------------
    \5\ Under current regulations, an Alternative Security Program 
(ASP) is a third-party, facility, or industry organization's security 
program that has been determined to meet the requirements of, and 
provides for an equivalent level of security to that established by the 
CFATS regulation. CFATS allows regulated chemical facilities to submit 
an ASP in lieu of a site security plan. 6 C.F.R.  27.235.
---------------------------------------------------------------------------
   Allow chemical facilities to utilize any Federal screening 
        program that periodically vets individuals against the 
        terrorist screening database to satisfy the requirements of a 
        personnel surety performance standard;\6\
---------------------------------------------------------------------------
    \6\ Personnel surety is one of the CFATS performance standards 
under which facilities are to perform background checks and ensure 
appropriate credentials for personnel and visitors as appropriate.
---------------------------------------------------------------------------
   Authorize the use of non-Department or non-Government 
        entities, with the Secretary's approval, for audits and 
        inspections; and:
   Require us to submit a semiannual report to Congress 
        containing our assessment of the implementation of the bill.
    My testimony today summarizes our past work on the CFATS program 
and provides our observations on the status of DHS's efforts in four 
key areas--identifying facilities to be covered by CFATS, assessing 
risk and prioritizing covered facilities, reviewing facility security 
plans, and inspecting facilities to verify compliance with CFATS 
regulations. My statement is based on reports and testimonies we issued 
from July 2012 through August 2013 on various aspects of the CFATS 
program in addition to work we conducted in February 2014 to update the 
status of DHS actions related to these four areas.\7\ To conduct our 
prior work, we reviewed applicable laws and regulations, as well as 
NPPD, IP, and ISCD policies and procedures for administering the CFATS 
program and conducting its mission. We interviewed senior ISCD 
officials along with NPPD and IP officials to obtain their views on the 
program and how ISCD assesses risk. We also reviewed ISCD documents and 
data on tiered facilities and the approach used to determine a 
facility's risk and assessed ISCD's process for reviewing security 
plans. Further details on the scope and methodology for the previously-
issued reports are available within each of the published products. To 
update our work, we met with senior ISCD officials and discussed status 
updates on the four areas (identifying facilities, assessing risk and 
prioritizating facilities, reviewing security plans, and inspecting 
facilities). Where possible, we also reviewed available documentation 
pertinent to each of the key areas. We provided a copy of new 
information in this statement to DHS for review. DHS confirmed the 
accuracy of this information.
---------------------------------------------------------------------------
    \7\ GAO, Critical Infrastructure Protection: DHS Needs to Improve 
Its Risk Assessments and Outreach for Chemical Facilities, GAO-13-801T 
(Washington, DC: Aug. 1, 2013); Critical Infrastructure Protection: DHS 
Efforts to Assess Chemical Security Risk and Gather Feedback on 
Facility Outreach Can Be Strengthened, GAO-13-353 (Washington, DC: Apr. 
5, 2013); Critical Infrastructure Protection: DHS Is Taking Action to 
Better Manage Its Chemical Security Program, But It Is Too Early to 
Assess Results, GAO-12-515T (Washington, DC: July 26, 2012).
---------------------------------------------------------------------------
    We conducted the work on which this statement is based in 
accordance with generally accepted Government auditing standards. Those 
standards require that we plan and perform the audit to obtain 
sufficient, appropriate evidence to provide a reasonable basis for our 
findings and conclusions based on our audit objectives. We believe the 
evidence obtained provides a reasonable basis for our findings and 
conclusions based on our audit objectives.
observations on dhs efforts to identify facilities, assess risk, review 
                 security plans, and verify compliance
Identifying Facilities Covered by CFATS
    DHS has begun to take action to work with other agencies to 
identify facilities that are required to report their chemical holdings 
to DHS but may not have done so.
    The first step of the CFATS process is focused on identifying 
facilities that might be required to participate in the program. The 
CFATS rule was published in April 2007,\8\ and appendix A to the rule, 
published in November 2007, listed 322 chemicals of interest and the 
screening threshold quantities for each.\9\ As a result of the CFATS 
rule, about 40,000 chemical facilities reported their chemical holdings 
and their quantities to DHS's ISCD.
---------------------------------------------------------------------------
    \8\ 72 Fed. Reg. 17,688 (Apr. 9, 2007) (codified at 6 C.F.R. pt. 
27).
    \9\ 72 Fed. Reg. 65,396 (Nov. 20, 2007). According to DHS, CFATS 
covers facilities that manufacture chemicals as well as facilities that 
store or use certain chemicals as part of their daily operations. This 
can include food-manufacturing facilities that use chemicals of 
interest in the manufacturing process, universities that use chemicals 
to do experiments, or warehouses that store ammonium nitrate, among 
others.
---------------------------------------------------------------------------
    In August 2013, we testified about the ammonium nitrate explosion 
at the chemical facility in West, Texas, in the context of our past 
CFATS work. Among other things, the hearing focused on whether the 
West, Texas, facility should have reported its holdings to ISCD given 
the amount of ammonium nitrate at the facility. During this hearing, 
the Director of the CFATS program remarked that throughout the 
existence of CFATS, DHS had undertaken and continued to support 
outreach and industry engagement to ensure that facilities comply with 
their reporting requirements. However, the Director stated that the 
CFATS regulated community is large and always changing and DHS relies 
on facilities to meet their reporting obligations under CFATS. At the 
same hearing, a representative of the American Chemistry Council 
testified that the West, Texas, facility could be considered an 
``outlier'' chemical facility, that is, a facility that stores or 
distributes chemical-related products, but is not part of the 
established chemical industry. Preliminary findings of the CSB 
investigation of the West, Texas, incident showed that although certain 
Federal agencies that regulate chemical facilities may have interacted 
with the facility, the ammonium nitrate at the West, Texas, facility 
was not covered by these programs. For example, according to the 
findings, the Environmental Protection Agency's (EPA) Risk Management 
Program, which deals with the accidental release of hazardous 
substances, covers the accidental release of ammonia, but not ammonium 
nitrate.\10\ As a result, the facility's consequence analysis 
considered only the possibility of an ammonia leak and not an explosion 
of ammonium nitrate.
---------------------------------------------------------------------------
    \10\ See 40 C.F.R.  68.130.
---------------------------------------------------------------------------
    On August 1, 2013, the same day as the hearing, the President 
issued Executive Order 13650--Improving Chemical Facility Safety and 
Security, which was intended to improve chemical facility safety and 
security in coordination with owners and operators.\11\ The Executive 
Order established a Chemical Facility Safety and Security Working 
Group, composed of representatives from DHS; EPA; and the Departments 
of Justice, Agriculture, Labor, and Transportation, and directed the 
working group to identify ways to improve coordination with State and 
local partners; enhance Federal agency coordination and information 
sharing; modernize policies, regulations, and standards; and work with 
stakeholders to identify best practices. In February 2014, DHS 
officials told us that the working group has taken actions in the areas 
described in the Executive Order. For example, according to DHS 
officials, the working group has held listening sessions and webinars 
to increase stakeholder input, explored ways to share CFATS data with 
State and local partners to increase coordination, and launched a pilot 
program in New York and New Jersey aimed at increasing Federal 
coordination and information sharing. DHS officials also said that the 
working group is exploring ways to better share information so that 
Federal and State agencies can identify non-compliant chemical 
facilities and identify options to improve chemical facility risk 
management. This would include considering options to improve the safe 
and secure storage, handling, and sale of ammonium nitrate.
---------------------------------------------------------------------------
    \11\ Exec. Order No. 13,650, 78 Fed. Reg. 48,029 (Aug. 1, 2013).
---------------------------------------------------------------------------
Assessing Risk and Prioritizing Facilities
    DHS has also begun to take actions to enhance its ability to assess 
risk and prioritize facilities covered by the program.
    For the second step of the CFATS process, facilities that possess 
any of the 322 chemicals of interest at levels at or above the 
screening threshold quantity must first submit data to ISCD via an on-
line tool called a Top-Screen.\12\ ISCD uses the data submitted in 
facilities' Top-Screens to make an assessment as to whether facilities 
are covered under the program. If DHS determines that they are covered 
by CFATS, facilities are to then submit data via another on-line tool, 
called a security vulnerability assessment, so that ISCD can further 
assess their risk and prioritize the covered facilities.\13\ ISCD uses 
a risk assessment approach to develop risk scores to assign chemical 
facilities to one of four final tiers. Facilities placed in one of 
these tiers (tier 1, 2, 3, or 4) are considered to be high-risk, with 
tier 1 facilities considered to be the highest risk.\14\ The risk score 
is intended to be derived from estimates of consequence (the adverse 
effects of a successful attack), threat (the likelihood of an attack), 
and vulnerability (the likelihood of a successful attack, given an 
attempt). ISCD's risk assessment approach is composed of three models, 
each based on a particular security issue: (1) Release, (2) theft or 
diversion, and (3) sabotage, depending on the type of risk associated 
with the 322 chemicals. Once ISCD estimates a risk score based on these 
models, it assigns the facility to a final tier.
---------------------------------------------------------------------------
    \12\ 6 C.F.R.  27.200(b)(2).
    \13\ 6 C.F.R.  27.215, .220.
    \14\ 6 C.F.R.  27.220.
---------------------------------------------------------------------------
    Our prior work showed that the CFATS program was using an 
incomplete risk assessment approach to assign chemical facilities to a 
final tier. Specifically, in April 2013, we reported that the approach 
ISCD used to assess risk and make decisions to place facilities in 
final tiers did not consider all of the elements of consequence, 
threat, and vulnerability associated with a terrorist attack involving 
certain chemicals. For example, the risk assessment approach was based 
primarily on consequences arising from human casualties, but did not 
consider economic criticality consequences, as called for by the 2009 
National Infrastructure Protection Plan (NIPP)\15\ and the CFATS 
regulation.\16\ In April 2013, we reported that ISCD officials told us 
that, at the inception of the CFATS program, they did not have the 
capability to collect or process all of the economic data needed to 
calculate the associated risks and they were not positioned to gather 
all of the data needed. They said that they collected basic economic 
data as part of the initial screening process; however, they would need 
to modify the current tool to collect more sufficient data. We also 
found that the risk assessment approach did not consider threat for 
approximately 90 percent of tiered facilities. Moreover, for the 
facilities that were tiered using threat considerations, ISCD was using 
5-year-old data. We also found that ISCD's risk assessment approach was 
not consistent with the NIPP because it did not consider vulnerability 
when developing risk scores. When assessing facility risk, ISCD's risk 
assessment approach treated every facility as equally vulnerable to a 
terrorist attack regardless of location and on-site security. As a 
result, in April 2013 we recommended that ISCD enhance its risk 
assessment approach to incorporate all elements of risk and conduct a 
peer review after doing so.
---------------------------------------------------------------------------
    \15\ DHS, National Infrastructure Protection Plan (Washington, DC: 
June 2006). The NIPP sets forth the risk management framework for the 
protection and resilience of the Nation's critical infrastructure. DHS 
updated the NIPP in January 2009 to include resiliency. See DHS, 
National Infrastructure Protection Plan, Partnering to Enhance 
Protection and Resiliency (Washington, DC: January 2009). Broadly 
defined, risk management is a process that helps policymakers assess 
risk, strategically allocate finite resources, and take actions under 
conditions of uncertainty. DHS further updated the NIPP, which is now 
called the National Plan, in December 2013. See DHS, NIPP 2013, 
Partnering for Critical Infrastructure Security and Resilience 
(Washington, DC: December 2013).
    \16\ The CFATS regulation states that chemical facilities covered 
by the rule are those that present a high risk of significant adverse 
consequences for human life or health, or critical economic assets, 
among other things, if subjected to terrorist attack, compromise, 
infiltration, or exploitation. 6 C.F.R.  27.105, .205.
---------------------------------------------------------------------------
    ISCD agreed with our recommendations, and in February 2014, ISCD 
officials told us that they were taking steps to address them and 
recommendations of a recently-released Homeland Security Studies and 
Analysis Institute (HSSAI) report that examined the CFATS risk 
assessment model.\17\ As with the findings in our report, HSSAI found, 
among other things, that the CFATS risk assessment model inconsistently 
considers risks across different scenarios and that the model does not 
adequately treat facility vulnerability. Overall, HSSAI recommended 
that ISCD revise the current risk-tiering model and create a standing 
advisory committee--with membership drawn from Government, expert 
communities, and stakeholder groups--to advise DHS on significant 
changes to the methodology.
---------------------------------------------------------------------------
    \17\ Homeland Security Studies and Analysis Institute, CFATS 
Tiering Methodology Peer Review (For Official Use Only) (Falls Church, 
Virginia: October 2013). The Homeland Security Studies and Analysis 
Institute, operated by Analytic Services Inc. on behalf of DHS, is a 
Federally-funded research and development center providing independent 
analyses of homeland security issues.
---------------------------------------------------------------------------
    In February 2014, senior ISCD officials told us that they have 
developed an implementation plan that outlines how they plan to modify 
the risk assessment approach to better include all elements of risk 
while incorporating our findings and recommendations and those of 
HSSAI. Moreover, these officials stated that they have completed 
significant work with Sandia National Laboratory with the goal of 
including economic consequences into their risk tiering approach. They 
said that the final results of this effort to include economic 
consequences will be available in the summer of 2014. With regard to 
threat and vulnerability, ISCD officials said that they have been 
working with multiple DHS components and agencies, including the 
Transportation Security Administration and the Coast Guard, to see how 
they consider threat and vulnerability in their risk assessment models. 
ISCD officials said that they anticipate that the changes to the risk 
tiering approach should be completed within the next 12 to 18 months. 
We plan to verify this information as part of our recommendation 
follow-up process.
Reviewing of Facilities' Security Plans
    DHS has begun to take action to lessen the time it takes to review 
site security plans which could help DHS reduce the backlog of plans 
awaiting review.
    For the third step of the CFATS process, ISCD is to review facility 
security plans and their procedures for securing these facilities. 
Under the CFATS rule, once a facility is assigned a final tier, it is 
to submit a site security plan or participate in an alternative 
security program in lieu of a site security plan. The security plan is 
to describe security measures to be taken and how such measures are to 
address applicable risk-based performance standards.\18\ After ISCD 
receives the site security plan, the plan is reviewed using teams of 
ISCD employees (i.e., physical, cyber, chemical, and policy 
specialists), contractors, and ISCD inspectors. If ISCD finds that the 
requirements are satisfied, ISCD issues a letter of authorization to 
the facility. After ISCD issues a letter of authorization to the 
facility, ISCD is to then inspect the facility to determine if the 
security measures implemented at the site comply with the facility's 
authorized plan. If ISCD determines that the site security plan is in 
compliance with the CFATS regulation, ISCD approves the site security 
plan, and issues a letter of approval to the facility, and the facility 
is to implement the approved site security plan.
---------------------------------------------------------------------------
    \18\ 6 C.F.R.  27.225.
---------------------------------------------------------------------------
    In April 2013, we reported that it could take another 7 to 9 years 
before ISCD would be able to complete reviews of the approximately 
3,120 plans in its queue at that time. As a result, we estimated that 
the CFATS regulatory regime, including compliance inspections 
(discussed in the next section), would likely not be implemented for 8 
to 10 years. We also noted in April 2013 that ISCD had revised its 
process for reviewing facilities' site security plans. ISCD officials 
stated that they viewed ISCD's revised process to be an improvement 
because, among other things, teams of experts reviewed parts of the 
plans simultaneously rather than sequentially, as had occurred in the 
past. In April 2013, ISCD officials said that they were exploring ways 
to expedite the process, such as streamlining inspection requirements.
    In February 2014, ISCD officials told us that they are taking a 
number of actions intended to lessen the time it takes to complete 
reviews of remaining plans including the following:
   Providing updated internal guidance to inspectors and ISCD 
        reviewers;
   Updating the internal case management system;
   Providing updated external guidance to facilities to help 
        them better prepare their site security plans;
   Conducting inspections using one or two inspectors at a time 
        over the course of 1 day, rather than multiple inspectors over 
        the course of several days;
   Conducting pre-inspection calls to the facility to help 
        resolve technical issues before-hand;
   Creating and leveraging the use of corporate inspection 
        documents (i.e., documents for companies that have over 7 
        regulated facilities in the CFATS program);\19\
---------------------------------------------------------------------------
    \19\ According to ISCD officials, these documents would be designed 
to provide examples of standard operating procedures regarding employee 
vetting, chemical handling, or security practices that are standard 
across corporations and that could be placed in a facility's file and 
expedite the inspection process.
---------------------------------------------------------------------------
   Supporting the use of alternative security programs to help 
        clear the backlog of security plans because, according to DHS 
        officials, alternative security plans are easier for some 
        facilities to prepare and use; and,
   Taking steps to streamline and revise some of the on-line 
        data collection tools such as the site security plan to make 
        the process faster.
    It is too soon to tell whether DHS's actions will significantly 
reduce the amount of time needed to resolve the backlog of site 
security plans because these actions have not yet been fully 
implemented.
    In April 2013, we also reported that DHS had not finalized the 
personnel surety aspect of the CFATS program. The CFATS rule includes a 
risk-based performance standard for personnel surety, which is intended 
to provide assurance that facility employees and other individuals with 
access to the facility are properly vetted and cleared for access to 
the facility. In implementing this provision, we reported that DHS 
intended to: (1) Require facilities to perform background checks on and 
ensure appropriate credentials for facility personnel and, as 
appropriate, visitors with unescorted access to restricted areas or 
critical assets, and (2) check for terrorist ties by comparing certain 
employee information with its terrorist screening database. However, as 
of February 2014, DHS had not finalized its information collection 
request that defines how the personal surety aspect of the performance 
standards will be implemented. Thus, DHS is currently approving 
facility security plans conditionally whereby plans are not to be 
finally approved until the personnel surety aspect of the program is 
finalized. According to ISCD officials, once the personal surety 
performance standard is finalized, they plan to reexamine each 
conditionally approved plan. They would then make final approval as 
long as ISCD had assurance that the facility was in compliance with the 
personnel surety performance standard. As an interim step, in February 
2014, DHS published a notice about its Information Collection Request 
(ICR) for personnel surety to gather information and comments prior to 
submitting the ICR to the Office of Management and Budget (OMB) for 
review and clearance.\20\ According to ISCD officials, it is unclear 
when the personnel surety aspect of the CFATS program will be 
finalized.
---------------------------------------------------------------------------
    \20\ 79 Fed. Reg. 6418 (Feb. 3, 2014). DHS previously published a 
notice about the personnel surety ICR on March 22, 2013. 78 Fed. Reg. 
17,680 (March 22, 2013).
---------------------------------------------------------------------------
    During a March 2013 hearing on the CFATS program, industry 
officials discussed using DHS's Transportation Worker Identification 
Credential (TWIC) as one approach for implementing the personal surety 
program. The TWIC, which is also discussed in DHS's ICR, is a biometric 
credential \21\ issued by DHS for maritime workers who require 
unescorted access to secure areas of facilities and vessels regulated 
under the Maritime Transportation Security Act of 2002 (MTSA).\22\ In 
discussing TWIC in the context of CFATS during the August 2013 hearing, 
officials representing some segments of the chemical industry stated 
that they believe that using TWIC would lessen the reporting burden and 
stop facilities from having to submit additional personnel information 
to DHS while maintaining the integrity of the program. In May 2011, and 
May 2013, we reported that the TWIC program has some shortfalls--
including challenges in development, testing, and implementation--that 
may limit its usefulness with regard to the CFATS program.\23\ We 
recommended that DHS take steps to resolve these issues, including 
completing a security assessment that includes addressing internal 
controls weaknesses, among other things. The explanatory statement 
accompanying the Consolidated Appropriations Act, 2014, directed DHS to 
complete the recommended security assessment.\24\ However, as of 
February 2014, DHS had not yet done the assessment, and although DHS 
had taken some steps to conduct an internal control review, it had not 
corrected all the control deficiencies identified in our report.
---------------------------------------------------------------------------
    \21\ A biometric access control system consists of technology that 
determines an individual's identity by detecting and matching unique 
physical or behavioral characteristics, such as fingerprint or voice 
patterns, as a means of verifying personal identity.
    \22\ Pub. L. No. 107-295, 116 Stat. 2064. The TWIC program is 
intended to provide a tamper-resistant biometric credential to maritime 
workers who require unescorted access to secure areas of facilities and 
vessels regulated under the MTSA. TWIC is to enhance the ability of 
MTSA-regulated facility and vessel owners and operators to control 
access to their facilities and verify workers' identities. Under 
current statute and regulation, maritime workers requiring unescorted 
access to secure areas of MTSA-regulated facilities or vessels are 
required to obtain a TWIC, and facility and vessel operators are 
required by regulation to visually inspect each worker's TWIC before 
granting unescorted access. 46 U.S.C.  70105(a); 33 C.F.R.  101.514, 
104.265(c), 105.255(c). Prior to being granted a TWIC, maritime workers 
are required to undergo a background check, known as a security threat 
assessment. See 49 C.F.R  1572.21.
    \23\ GAO, Transportation Worker Identification Credential: Card 
Reader Pilot Results Are Unreliable; Security Benefits Need to Be 
Reassessed, GAO-13-198 (Washington, DC: May 8, 2013); Transportation 
Worker Identification Credential: Internal Control Weaknesses Need to 
Be Corrected to Help Achieve Security Objectives, GAO-11-657 
(Washington, DC: May 10, 2011).
    \24\ Explanatory statement accompanying the Consolidated 
Appropriations Act, 2014, Pub. L. No. 113-76, 128 Stat. 5 (2014).
---------------------------------------------------------------------------
Inspecting to Verify Compliance with Facility Plans
    DHS reports that it has begun to perform compliance inspections at 
regulated facilities. The fourth step in the CFATS process is 
compliance inspections by which ISCD determines if facilities are 
employing the measures described in their site security plans. During 
the August 1, 2013, hearing on the West, Texas, explosion, the Director 
of the CFATS program stated that ISCD planned to begin conducting 
compliance inspections in September 2013 for facilities with approved 
site security plans. The Director further noted that the inspections 
would generally be conducted approximately 1 year after plan approval. 
According to ISCD, as of February 24, 2014, ISCD had conducted 12 
compliance inspections. ISCD officials stated that they have considered 
using third-party non-Governmental inspectors to conduct inspections 
but thus far do not have any plans to do so.
    In closing, we anticipate providing oversight over the issues 
outlined above and look forward to helping this and other committees of 
Congress continue to oversee the CFATS program and DHS's progress in 
implementing this program. Currently, the explanatory statement 
accompanying the Consolidated and Further Continuing Appropriations 
Act, 2013, requires GAO to continue its on-going effort to examine the 
extent to which DHS has made progress and encountered challenges in 
developing CFATS. Additionally, once the CFATS program begins 
performing and completing a sufficient number of compliance 
inspections, we are mandated to review those inspections along with 
various aspects of them.\25\ Moreover, Ranking Member Thompson of the 
Committee on Homeland Security has requested that we examine among 
other things, DHS efforts to assess information on facilities that 
submit data, but that DHS ultimately decides are not to be covered by 
the program.
---------------------------------------------------------------------------
    \25\ Explanatory statement accompanying the Consolidated and 
Further Continuing Appropriations Act, 2013, Pub. L. No. 113-6, 127 
Stat. 198 (2013).
---------------------------------------------------------------------------
    Chairman Meehan, Ranking Member Clarke, and Members of the 
subcommittee, this completes my prepared statement. I would be happy to 
respond to any questions you may have at this time.

    Mr. Meehan. I thank you, Mr. Caldwell, and I thank you and 
your colleagues in the GAO for the extensive work that you do. 
You perform a great service to those of us in Congress in 
helping us to get to, you know, an objective assessment of 
where things are and many challenging areas. Thank you for your 
continuing service.
    Last, I would like to recognize the gentlelady from the 
inspector general's office, Ms. Hodges.

 STATEMENT OF MARCIA MOXEY HODGES, CHIEF INSPECTOR, OFFICE OF 
    INSPECTOR GENERAL, U.S. DEPARTMENT OF HOMELAND SECURITY

    Ms. Hodges. Good morning, Chairman Meehan, Ranking Member 
Clarke, and Members of the subcommittee.
    In response to the leaked memorandum in December 2011, we 
were requested by the former subcommittee Chairman, Chairman 
Lungren, to look at the issues that were identified in that 
leaked memorandum. In April 2012, we were also asked by Member 
Waxman of the House Committee on Energy and Commerce to look at 
the issues that were identified in that leaked memorandum.
    In March 2013, we issued our report, ``The Effectiveness of 
the Infrastructure Security Compliance Division's Management 
Practices to Implement the Chemical Facility Anti-Terrorism 
Standards Program.'' We had three objectives: Whether 
management controls were in place and operational to ensure the 
CFATS program was not mismanaged; whether leadership 
misrepresented program progress; and whether nonconforming 
opinions of personnel had been suppressed or met with 
retaliation. The scope of that review covered the CFATS 
implementation all the way through October 2012.
    We determined that ISCD needs to improve program-related 
tools and processes, reduce its reliance on contractors, 
eliminate program waste and duplication, follow proper hiring 
practices, and provide sufficient training to all CFATS 
personnel.
    When Congress granted DHS the authority to regulate high-
risk chemical facilities, it required an interim final rule to 
be issued within 6 months. While DHS met that deadline, there 
appeared to be confusion within ISCD about the 6-month 
requirement. Some employees interpreted that statute as a 
mandate to stand up and implement the CFATS program within 6 
months.
    Misinterpretations of Congressional intent may have put 
unnecessary pressure on ISCD to develop and implement the 
program, resulting in poor management oversight and internal 
control, personnel issues, and missed milestones. In our 
report, we made 24 recommendations to correct these 
deficiencies.
    When the inspector general issues a report, we go through a 
resolution process on open recommendations, and this procedure 
requires us to perform an analysis of any and all documentation 
and corrective action that has been presented by the Department 
to determine whether this information meets the intent of a 
recommendation. This process is repeated in 90-day intervals 
until all report recommendations are closed.
    Currently, this report has 12 open recommendations, and 12 
are closed. Since we issued the report back in March of last 
year, ISCD has provided our office with correction plan updates 
regarding the progress it has made to address those 
recommendations. Of the nine administrative recommendations 
closed, these include selecting permanent ISCD leadership and 
communicating organizational--and the structure of the staff, 
reducing reliance on contractors, ensuring that proper human 
resources, policies, and procedures are followed, reiterating 
the process of reporting misconduct allegations, implementing a 
plan to ensure long-term CFATS authorization, and establishing 
internal controls for appropriated funds.
    We also closed three programmatic recommendations that 
concern revising the review process to reduce the site security 
plan backlog, implementing a process to improve the timeliness 
of facilities' submission determinations, and metrics that 
measure CFATS's value accurately and demonstrate the extent to 
which risk has been reduced at regulated facilities.
    To close these, NPPD provided our office with evidence 
showing a reduction in the site security plan backlog for all 
tiers, improved response time to facility submissions, 
performance metrics were placed into its annual operating plan, 
as well as the Government Performance and Results Act measures.
    Despite this progress, program challenges remain. Before 
CFATS can attain intended program results, ISCD needs to 
address the opening remaining 12 recommendations. These 
recommendations include improving program tools and processes, 
engaging regulated industry and Government partners, finalizing 
program requirements, providing training and guidance, and 
eliminating inappropriate administratively uncontrollable 
overtime pay.
    This concludes my remarks. Thank you for the opportunity to 
testify. I welcome any questions that the Chairman or the 
subcommittee Members may have.
    [The prepared statement of Ms. Hodges follows:]
               Prepared Statement of Marcia Moxey Hodges
                           February 27, 2014
    Good morning, Chairman Meehan, Ranking Member Clarke, and Members 
of the subcommittee. Thank you for the opportunity to testify on The 
Chemical Facility Anti-Terrorism Standards Authorization and 
Accountability Act of 2014.
    In December 2011, a limited distribution internal memorandum, 
prepared by Infrastructure Security Compliance Division (ISCD) 
management, was leaked to news media. The document disclosed 
allegations of employee misconduct and inadequate performance, as well 
as misuse of funds and ineffective hiring within the Department of 
Homeland Security's (DHS) Chemical Facility Anti-Terrorism Standards 
(CFATS) Program. In February 2012, former Chairman Lungren, of the 
House Committee on Homeland Security, Subcommittee on Cybersecurity, 
Infrastructure Protection, and Security Technologies, requested that we 
review these issues. In April 2012, Ranking Member Waxman, of the House 
Committee on Energy and Commerce, also requested that we review the 
challenges facing this program.
    In March 2013, we issued a report, Effectiveness of the 
Infrastructure Security Compliance Division's Management Practices to 
Implement the Chemical Facility Anti-Terrorism Standards Program, OIG-
13-55. We reviewed whether: (1) Management controls are in place and 
operational to ensure that the CFATS Program is not mismanaged; (2) 
National Protection and Programs Directorate (NPPD) and ISCD leadership 
misrepresented program progress; and (3) nonconforming opinions of 
program personnel have been suppressed or met with retaliation.
    ISCD addressed some issues contained in the December 2011 
memorandum; however, challenges remain. For example, we determined ISCD 
needs to improve program-related tools and processes, reduce its 
reliance on contractors, eliminate program waste and duplication, 
follow proper hiring practices, and provide sufficient training to 
personnel at all CFATS Program levels. When Congress granted DHS the 
authority to regulate high-risk chemical facilities, it required that 
an interim final rule be issued within 6 months. While DHS met this 
deadline when it published the CFATS Interim Final Rule in April 2007, 
there appeared to be confusion throughout ISCD about the 6-month 
requirement.\1\ Some ISCD employees interpreted the statute as a 
mandate to stand up and implement the CFATS Program within 6 months. 
Misinterpretations of Congressional intent may have put unnecessary 
pressure on ISCD to develop and implement the CFATS Program, resulting 
in poor management oversight and internal controls, personnel issues, 
and missed milestones.
---------------------------------------------------------------------------
    \1\ Chemical Facility Anti-Terrorism Standards; Interim Final Rule, 
72 FR 17688, April 9, 2007.
---------------------------------------------------------------------------
    In our March 2013 report, we made 24 recommendations to correct 
program deficiencies and attain intended program results and outcomes. 
After a report is issued, OIG standard operating procedures require 
that we perform analyses of all documentation submitted by the 
Department to determine whether proposed corrective actions meet the 
intent of a recommendation. Corrective action plans are due 90 days 
after a report is issued. Recommendation status is defined as 
``unresolved or resolved'' and ``open or closed.'' An unresolved 
recommendation means the corrective action plan does not meet the 
intent of the recommendation. A recommendation that is resolved and 
open means the corrective action plan meets the recommendation's 
intent, but additional measures and milestones are necessary before the 
recommendation can be closed. A recommendation that is resolved and 
closed means the corrective action plan meets the recommendation's 
intent, corrective action has occurred, and no additional reporting is 
necessary. However, based on the recommendation, final implementation 
of the corrective action may not be required to close a recommendation. 
This process is repeated every 90 days until all report recommendations 
are closed. Currently, 12 report recommendations are resolved and open, 
and 12 recommendations are closed.
    Since we issued the report, ISCD has provided our office with two 
corrective action plan updates regarding its progress toward addressing 
the report recommendations. The nine administrative recommendations 
closed include: Selecting permanent ISCD leadership; reducing reliance 
on contract personnel; developing policy for appointing acting 
management; ensuring that all employees serving in an acting 
supervisory capacity have a supervisory position description; ensuring 
that all employees receive performance reviews; disseminating ISCD 
organizational and reporting structure to staff; reiterating to all 
employees the process for reporting misconduct allegations; 
implementing a plan to ensure the long-term authorization of the CFATS 
Program; and establishing internal controls for the accountability of 
appropriated funds.
    We have also closed three programmatic recommendations pertaining 
to: Revising the long-term review process to reduce the Site Security 
Plan backlog; implementing a process to improve the timeliness of 
facility submission determinations; and program metrics that measure 
CFATS Program value accurately and demonstrate the extent to which risk 
has been reduced at regulated facilities. To close these programmatic 
recommendations, NPPD provided our office with evidence showing a 
reduction in the Site Security Plan backlog for all tiers, improved 
ISCD response times to facility submissions, and performance metrics 
incorporated into ISCD's Annual Operating Plan and Government 
Performance and Results Act measure. Despite this progress, 
programmatic challenges remain.
    Before CFATS can attain intended program results, ISCD must address 
the remaining 12 resolved and open recommendations. The ten resolved 
and open programmatic recommendations, which are 1, 2, 4, 6, 7, 8, 9, 
12, 13, and 24, include: Improving CFATS Program tools and processes; 
engaging regulated industry and Government partners; and finalizing 
program requirements. The two resolved and open administrative 
recommendations, which are 15 and 19, include: Providing training and 
guidance; and eliminating inappropriate Administratively Uncontrollable 
Overtime pay.
    Most industry officials believe the CFATS regulation is sound and 
the performance-based philosophy is appropriate. However, ISCD needs to 
modify its Chemical Security Assessment Tool (CSAT) to make it more 
efficient, effective, and easier to use. For example, the Site Security 
Plan is a list of yes or no questions; it is not a security plan and is 
of limited use to facilities. We recommended that ISCD modify the CSAT 
to capture facility data efficiently and ensure the tools provide 
meaningful end products for industry users and ISCD. In its November 
2013 corrective action plan update, NPPD provided some of the key 
milestones and target dates for modifying the CSAT. We will close this 
recommendation once we receive documentation confirming NPPD has 
completed deploying the modified CSAT.
    As ISCD addresses its Site Security Plan backlog, those facilities 
with approved plans will need inspection. However, when we issued our 
report in March 2013 ISCD had yet to define, develop, and implement 
processes and procedures for Compliance Inspections, or train CFATS 
personnel to conduct Compliance Inspections. In response to our 
recommendation, ISCD developed a Standard Operating Procedure for 
inspections of CFATS Covered Facilities, which defines the different 
types of inspections, enumerates roles and responsibilities related to 
inspections, and details processes and procedures for pre-inspection, 
inspection, and post-inspection activities. ISCD has completed its 
Compliance Inspection guidance and training materials, but this 
recommendation will remain open until ISCD has trained all Chemical 
Security Inspectors.
    Chemical facilities must resubmit a Top-Screen when there are 
changes to the use and quantities of certain chemicals of interest, 
referred to in the CFATS regulation as material modifications and 
changes in ownership.\2\ The regulation also requires resubmission of 
Top-Screens, Security Vulnerability Assessments, and Site Security 
Plans at 2 or 3 year intervals, depending on a facility's tier level. 
In addition, a facility may seek a redetermination of its tier level by 
filing a request with DHS' Assistant Secretary for Infrastructure 
Protection. We recommended that ISCD develop a strategy and implement a 
plan to address facility resubmissions and requests for redetermination 
as prescribed in the CFATS regulation. In its November 2013 update, 
NPPD officials provided some of the key milestones for finalizing the 
procedures and policies associated with receiving, reviewing, and 
responding to facility resubmissions and requests for redetermination. 
The recommendation will remain open pending our receipt of the approved 
final procedures for receiving, reviewing, and responding to facility 
resubmissions and requests for redetermination.
---------------------------------------------------------------------------
    \2\ Ibid.
---------------------------------------------------------------------------
    The CFATS tiering engines were created quickly, leaving limited 
time for quality assurance and internal control. Since December 2009, 
multiple errors in the data and formulas used to tier chemical 
facilities have been identified. Because concerns remained that the 
tiering methodology was still flawed, we recommended that ISCD develop 
a methodology and reporting process to identify and address errors and 
anomalies that arise in the CFATS tiering methodology and risk engine. 
In its November 2013 corrective action plan update, ISCD officials said 
they are undertaking a three-phased approach to review the tiering 
process and indicated that ISCD would be developing a formalized 
process for documenting, reporting, and resolving potential anomalies 
within the risk engine. This recommendation will remain open pending 
our receipt of the finalized process. As the three-phased approach 
includes an external peer review, we also recommended that ISCD provide 
us with the review results and ISCD's action plan to implement peer 
review recommendations. ISCD has received the final peer review report, 
and is developing an action plan with time frames to address the 
recommendations. This recommendation will remain open pending our 
receipt of the integrated plan with time frames and milestones for 
addressing the peer review recommendations.
    Industry representatives favorably view some DHS' Infrastructure 
Protection voluntary programs, and recommend these programs be used to 
assist the CFATS Program. For example, the Protective Security Advisor 
Program has a field cadre that specializes in public and private 
outreach, and activities to reduce security risks of critical 
infrastructure and key resources across all sectors. In addition, many 
industry members use the Voluntary Chemical Assessment Tool, which 
allows owners/operators to identify current facility risk levels using 
an all-hazards approach, and it also facilitates a cost-benefit 
analysis. However, since CFATS Program development, management 
separated the Infrastructure Protection voluntary and regulatory 
programs, impeding ISCD's ability to identify and apply best practices 
across programs. We recommended ISCD document engagement with 
Infrastructure Protection and DHS regulatory and voluntary programs to 
identify and implement existing tools and processes that can be 
leveraged to make Top-Screen, Security Vulnerability Assessments, and 
the Site Security Plan tools more efficient, effective, and easier to 
use for the CFATS Program. In its November 2013 update, NPPD provided 
examples of collaboration since the inception of ISCD. The examples 
NPPD provided demonstrate collaboration; however, these examples 
pertain to the initial CFATS tools and processes development, not 
current efforts to modify existing program areas. This recommendation 
will remain open pending the receipt of documentation demonstrating 
continued engagement between Infrastructure Protection and DHS 
regulatory and voluntary programs has resulted in tangible improvements 
to the Top-Screen, Security Vulnerability Assessments, and the Site 
Security Plan tools.
    The regulated chemical industry has embraced the Risk-Based 
Performance Standards approach and the flexibility it allows. However, 
challenges remain with CSAT tools, and limited feedback is provided to 
facilities following submissions of Security Vulnerability Assessments 
and Site Security Plans. While the industry has applauded ISCD 
leadership for identifying programmatic issues, additional efforts are 
necessary. Industry officials support the CFATS Program, but without a 
clear path forward, they are concerned about industry resources and 
funds spent to meet program requirements. As a result, we recommended 
that ISCD improve the clarity of guidance provided to the CFATS-
regulated industry so that industry can benefit from regular and timely 
comments on facility submissions. In its November 2013 corrective 
action plan update, NPPD officials reiterated that as part of its 
efforts to improve the CSAT, ISCD intends to update guidance materials 
for the Top-Screen, Security Vulnerability Assessment, and Site 
Security Plan. ISCD is also in the process of developing updated 
guidance related to its Chemical-terrorism Vulnerability Information 
program, and intends to release guidance specific to the CFATS 
Personnel Surety Program when the CFATS Personnel Surety Program is 
launched. The recommendation will remain open pending our receipt of 
guidance materials for the Top-Screen, Security Vulnerability 
Assessment, Site Security Plan, Chemical-terrorism Vulnerability 
Information program, and the CFATS Personnel Surety Program.
    Risk-Based Performance Standards-12, Personnel Surety, requires 
regulated facilities to perform background checks and ensure 
credentials for facility personnel, and for unescorted visitors with 
access to restricted areas or critical assets. This includes measures 
designed to: (1) Verify and validate identity; (2) check criminal 
history; (3) verify and validate legal authorization to work; and (4) 
identify people with terrorist ties. Since April 2010, NPPD has paid 
DHS' Transportation Security Administration (TSA) more than $7.7 
million to conduct vetting against the terrorist watch list, although 
no names have been vetted to date. Providing names to TSA for vetting 
is contingent on the Office of Management and Budget's (OMB) approval 
of the program's Information Collection Request. As a result, we 
recommended that ISCD limit funding for Personnel Surety Program 
vetting until the Information Collection Request has been approved. 
Since our review, NPPD will only allocate funding to TSA when deemed 
appropriate given all relevant factors. NPPD has also submitted the 
Information Collection Request necessary to move the Personnel Surety 
Program forward. We acknowledge that Information Collection Request 
approval rests with OMB, and this recommendation will remain open until 
documentation is received that the Information Collection Request has 
been approved by OMB and names have been sent to TSA for vetting.
    In December 2007, Congress directed NPPD to provide a plan to 
regulate the sale and transfer of ammonium nitrate by an ammonium 
nitrate facility to prevent the misappropriation or use of the chemical 
in an act of terrorism. However, as of March 2013, the Ammonium Nitrate 
Program was only in the rulemaking process. As a result, we recommended 
that ISCD develop an action plan and guidance for implementing the 
Ammonium Nitrate Program, which incorporates lessons learned from CFATS 
Program challenges. In its November 2013 corrective action plan update, 
NPPD officials said they have been working to develop a final rule, an 
action plan, and guidance for implementing the final rule. The 
recommendation will remain open pending our receipt of quarterly status 
updates of the Ammonium Nitrate Security Program Action Plan until all 
items on the plan have been implemented. In addition, ISCD is moving 
forward with a dual-functioning inspector cadre and will be hiring 
inspectors for the Ammonium Nitrate Program and cross-training them on 
the CFATS Program. We recommended that ISCD develop and implement a 
curriculum and time line for training inspectors to perform both 
Ammonium Nitrate and CFATS Program duties and responsibilities. NPPD 
provided a copy of the ISCD New Chemical Security Inspector Training 
Work Plan and copies of training materials for courses identified in 
the Work Plan. However, this material does not include necessary 
training for the proposed dual-functioning Ammonium Nitrate Security 
Program inspector cadre. Therefore, the recommendation will remain open 
pending our receipt of training curriculum and implementation data for 
dual-functioning inspectors.
    When establishing the CFATS Program, ISCD leadership envisioned an 
academy to train Chemical Security Inspectors to enforce the CFATS 
regulation. However, ISCD began training personnel before issuing the 
CFATS Interim Final Rule, developing a program vision, or defining 
inspector roles and responsibilities. In addition, by focusing training 
efforts on Chemical Security Inspectors, ISCD has provided limited 
guidance to headquarters staff on responsibilities and career 
development. Most headquarters staff do not have formalized training, 
and frequently have to learn critical position duties and functions on 
the job with little guidance. We recommended that ISCD develop and 
implement a learning curriculum that: (1) Describes position roles and 
responsibilities clearly; (2) provides comprehensive training plans to 
prepare employees to perform assigned duties; and (3) communicates 
measures to assess performance. In its November 2013 corrective action 
plan update, NPPD officials said that ISCD has completed a Strategic 
Human Capital and Training Plan, delivered Performance Management 
Training to all personnel, and is developing an ISCD Employee Handbook. 
The recommendation will remain open pending our receipt of 
documentation that the ISCD Employee Handbook has been developed and 
disseminated to all ISCD employees.
    Since its inception in 2007, ISCD has struggled with applying sound 
Government practices to human capital issues, pay administration, and 
resource allocation. ISCD personnel received inappropriate 
Administratively Uncontrollable Overtime, which is a form of premium 
pay used to compensate employees who occupy positions that require 
substantial amounts of irregular and unscheduled overtime work. We were 
unable to determine a definitive rationale for why inspectors were 
receiving Administratively Uncontrollable Overtime and recommended that 
ISCD eliminate its authorization and payment for all ISCD personnel. In 
its November 2013 update, NPPD officials said that instead of 
eliminating Administratively Uncontrollable Overtime, ISCD leadership 
has determined that the more appropriate path is to continue to permit 
CFATS Chemical Security Inspectors to claim Administratively 
Uncontrollable Overtime in a manner that is consistent with rules and 
regulations, and that is supported by greater oversight, increased 
training, documented policies and procedures, and greater management 
controls.
    We consider NPPD's actions partially responsive to our 
recommendation. Administratively Uncontrollable Overtime is a form of 
premium pay used to compensate employees who occupy positions that 
require substantial amounts of irregular, unscheduled overtime work 
that cannot be controlled administratively and cannot be scheduled in 
advance of the work week. According to the Interim Final Rule, the 
Department will conduct audits and inspections at reasonable times and 
in a reasonable manner, providing covered facility owners and operators 
with advance notice before inspections, with limited exceptions. 
Therefore, inspectors schedule their work in advance, eliminating the 
need for Administratively Uncontrollable Overtime. The recommendation 
will remain open pending our receipt and analysis of documentation that 
demonstrate Administratively Uncontrollable Overtime payments to 
inspectors are supported and justified by current and long-term 
activities across multiple fiscal years.
    Chairman Meehan, this concludes my prepared remarks. I welcome any 
questions that you or the Members of the committee may have.

    Mr. Meehan. I thank each of the panelists for their 
testimony. Thank you, Ms. Hodges. I now recognize myself for 5 
minutes of questions.
    Ms. Durkovich, let me begin with you, because you have 
been, along with Director Wulf, sort-of the closest to this 
process, as we have moved along. This has certainly been 
tenuous, from the legacy, some of which has been inherited, and 
we are dealing with a regulated community that has made 
significant investment over time. We are also dealing with 
outliers that are out there, watching this process, and using 
their assessments of it to determine how they may or may not 
act in accordance with the requirements of our program.
    So will you please discuss for me your assessment of what 
it means to have certainty in a program of this sort?
    Ms. Durkovich. Thank you very much, Chairman, and that is a 
great question. As the Secretary said yesterday, DHS supports a 
bill that provides long-term authorization. We firmly believe 
that H.R. 4007 is an important starting point. We look forward 
to working with you to continue to refine the bill, and as you 
know, we hope to actually get longer-term authorization, 
anywhere from 3 to 5 years, because it is important both for 
our regulated community, industry that in addition to having 
invested the time that they have over the last 7 years to 
submit Top-Screens, to do security vulnerability assessments, 
to work with us on authorization of those SSPs, to begin 
implementing the recommended path forward, and as we come back 
and begin compliance inspection, the investments and time and 
resources--and certainly as they look to the capital planning 
process--to begin to implement some of these recommended 
measures, the certainty is important for them, so as they make 
these investments, they know that the program is going to be 
around.
    As for outliers, for those facilities that have chosen for 
whatever reason not to comply with their requirement to submit 
Top-Screens if they may have one of the 324 possible chemicals 
of interest, this will prevent them from waiting the program 
out. It is certainly, I think, fair to say that there are some 
facilities out there that may be waiting to see whether the 
program is around next year. If we are able to guarantee 
longer-term authorization, I think that that position of 
waiting us out will likely dissipate.
    I do agree with you, sir, that I think that it is--we owe 
it to the American people, but we also owe it to our 
stakeholders and we owe it to the men and women of ISCD to give 
this program long-term or permanent authorization. Thank you.
    Mr. Meehan. We are talking long-term. We are talking not 
just the--where we go into the future, but where we have been. 
We have had a complex process. There has been pain associated 
with taking, first, the identification, but simply the 
winnowing down and to a point in which we have been able to 
significantly identify--albeit we have outliers--but 
significantly identify numbers of people we have had 
significant collaboration and cooperation from industry 
themselves that are looking for more in the way of an ability 
to contribute to moving forward.
    Now, we are also appreciative that there are a lot of 
questions that are being asked in the aftermath of West, Texas, 
and the reality that there are, you know, outliers who are out 
there, but there are also efforts to include a great number of 
more agencies and others to be involved in this process.
    My first question for you is: Do you see anything mutually 
exclusive? The importance of us taking this objective, which we 
had, which was to identify where we needed to secure dangerous 
chemicals from access to those who would want to use them to 
commit acts of terrorism, and that was our focus, and we have 
made significant progress towards that.
    Would it create ambiguity for us now to include a number of 
other considerations that would not just be dealing with 
security, but perhaps questions of safety in the program that 
we have? Are we in any way precluded down the road from 
seriously considering those issues of safety and allowing an 
Executive Order to contribute? But do we have to wait in order 
to authorize--do we have to wait before we authorize this 
program?
    Ms. Durkovich. I want to thank you again for that important 
question. To answer your question directly, I do not think that 
they are mutually exclusive. What our priority is, is to ensure 
that we do have long-term and permanent authorization, and I 
think that is one of the most important things that we can see 
happen in this particular session of Congress.
    As you know, we are very willing to work with you and our 
colleagues in the Minority to get a bill that has bipartisan 
support, but, really, again, at the end of the day, what we 
need is stability and long-term authorization. I think that as 
we continue to look at some of the findings that are coming out 
of the work that is going on between us, between EPA, between 
OSHA and other members of the interagency, that will present 
other opportunities for us to look at legislation that is 
needed to address some of the issues around operational 
coordination, around information sharing, around ensuring that 
we have compatible sets of data.
    Legislation is certainly one way that we can address some 
of these issues. We can work under existing regulation and 
under existing authority. We can continue just to work better 
together, which we have already done with the EPA, in looking 
at both of our data sets and trying to cross-walk those data 
sets to see where we may have outliers and to send out notices 
to those facilities, letting them know that they may 
potentially be regulated both by our program and by EPA.
    We have had a lot of success on that front. I think that we 
have already demonstrated that we can work together. But the 
most important thing at the end of the day, again, is that we 
provide long-term stability of the program.
    It has been successful, sir. We started with 40,000 
facilities that submitted Top-Screens. Through our process, we 
have whittled that down to nearly 4,000 that are regulated. 
Most of them have SSPs in place. We are working through the 
process of authorizing and improving them and going back and 
doing inspections. I think, at the end of the day, the most 
important thing is long-term authorization.
    Mr. Meehan. I thank you. My time is expired, but I will 
before--Mr. Wulf, you have been intimately involved in this 
process, as well, as we have gone, and I asked that question, 
but you have been here from the beginning of the challenging 
moment of trying to really get our arms around this and improve 
the process. Do you have any observations on the question that 
I asked?
    Mr. Wulf. With regard to whether the Executive Order is 
mutually exclusive to the legislation, I would completely agree 
with the assistant secretary. You know, there is a lot of good 
work being done on the Executive Order. Assistant Secretary 
Durkovich is one of three tri-chairs of that effort.
    But I think the absolute priority for us is achieving long-
term authorization of this program. It is something that will 
provide much-needed certainty for industry as they consider 
long-term investments and important security matters, important 
security measures. From a management standpoint, it will 
provide my leadership team with the stability that is needed to 
plan and execute what are some really game-changing initiatives 
to take CFATS even beyond the next level.
    So we are doing a lot of things to continue to increase the 
pace of SSP reviews, authorization inspections, and approvals. 
We are getting into the regular cycle of compliance inspection 
activity. You know, the ability to have a long-term 
authorization would be tremendous from the standpoint of our 
being able to focus on that critical mission and to be able to 
recruit and retain top talent in the division.
    Mr. Meehan. Thank you, Mr. Wulf.
    The Chairman now recognizes the Ranking Member for her 
questions.
    Ms. Clarke. I thank you, Mr. Chairman.
    My first question is to you, Ms. Durkovich. I want to echo 
and sort of drill down a little on something Mr. Thompson asked 
earlier in his statement about H.R. 4007. It provides no 
explicit authorization of a specific level of appropriation. So 
would you want a CFATS authorizing bill to identify funding for 
the program's operations? If not, would it create the 
possibility that funding for CFATS be taken from other programs 
within DHS's budget? I might question whether the absence of an 
authorization of appropriations indicates some Congressional 
intent for DHS to provide funding for this program from within 
its current budget.
    Ms. Durkovich. Thank you, Ranking Member Clarke, and thank 
you for that important question. Ensuring that we have adequate 
funding for the program has been and remains a priority. We 
certainly appreciate your support in the past and would like to 
work with you to see funding authorized for CFATS in 
legislation to ensure that we retain the appropriate levels in 
the future, both as we continue to move the program forward and 
work to implement many of the initiatives under the Executive 
Order.
    Ms. Clarke. So just for clarification, through the 
appropriations process, not from some other means within DHS 
itself?
    Ms. Durkovich. Well, again, we would like to work with you 
to authorize funding through the appropriations process, yes, 
ma'am.
    Ms. Clarke. Got it. Got it, got it. If passed and signed by 
the President, the bill would take effect 30 days after 
enactment. On that day, the existing statutory authority for 
CFATS would be repealed by striking Section 550 from Public Law 
109-295. Thus, the bill creates a free-standing program, apart 
from the original authorizing DHS legislation. Additionally, 
CFATS would terminate or sunset 2 years after the date it would 
take effect.
    Two questions: Would you want CFATS authorizing legislation 
that codified the program in Homeland Security Act of 2002, 
rather than leave the program stand-alone? What would be the 
Department's plan for chemical security in general if Congress 
failed to act if and when CFATS is sunsetted?
    Ms. Durkovich. Thank you very much for that question. It 
certainly does seem appropriate to me that placing a statute 
for the program in the Homeland Security Act is a reasonable 
thing. But, again, our goal, because of the sunsetting of the 
program, is to make sure that we have multi-year or permanent 
authorization, and that is our priority for this session.
    We know that we will be able to work with Chairman Meehan 
and with you, ma'am, I think to get us to a successful outcome 
so we don't have to think about the latter part of your 
question.
    Ms. Clarke. Looking at a stand-alone, but you would like to 
see it comprehensive?
    Ms. Durkovich. If a stand-alone gets us to multi-year or 
permanent authorization, that is our priority. As you know----
    Ms. Clarke. I hear a major emphasis in all of this 
discussion around multi-year, which this bill does not contain. 
So it seems to me that that is a major priority for the 
Department. Is that correct?
    Ms. Durkovich. Yes. We have been clear that, again, while 
we are very supportive of the bill, at the end of the day, we 
would like to see a longer authorization period, either 5 years 
or permanent authorization. Yes, ma'am.
    Ms. Clarke. Okay. Like you, I am supportive of authorizing 
CFATS program in DHS and taking the program off the 
appropriations cycle. That said, I would like to talk through 
the expectations the Department has for such legislation, and I 
just want to get a yes-or-no to each of these questions. Would 
you want it to authorize funding for the program's operations?
    Ms. Durkovich. If that is something that----
    Ms. Clarke. Yes or no. Yes----
    Ms. Durkovich [continuing]. Could be contained in the 
bill----
    Ms. Clarke. Yes or no?
    Ms. Durkovich [continuing]. Yes.
    Ms. Clarke. Yes. Would you want it to reflect the 
forthcoming findings and recommendations from the President's 
Chemical Safety and Security Working Group that DHS is leading?
    Ms. Durkovich. I do not think that it needs to do that, no.
    Ms. Clarke. No? Would you want it to codify the program in 
the Homeland Security Act?
    Ms. Durkovich. That would be a desirable----
    Ms. Clarke. Yes?
    Ms. Durkovich. Yes, ma'am.
    Ms. Clarke. Would you want it to remove the exemptions on 
water facilities and other possible terrorist targets that were 
hastily agreed to in 2006?
    Ms. Durkovich. Again, that is something we would like to 
work with you on, but at the end of the day, what is most 
important----
    Ms. Clarke. Yes, no?
    Ms. Durkovich [continuing.] Is that we get--that is a 
laudable goal, yes, ma'am.
    Ms. Clarke. Yes. You did say yes?
    Ms. Durkovich. Yes.
    Ms. Clarke. That is what I thought. Okay, very well. I 
wanted--Mr. Chairman, my time is----
    Mr. Meehan. You may pursue your questions.
    Ms. Clarke. Thank you. Thank you, Mr. Chairman.
    Ms. Hodges, H.R. 4007 would allow the Secretary to expand 
the CFATS inspector force to include contractors, which begs 
the question as to whether the inspection of chemical 
facilities for possible terroristic vulnerabilities is an 
inherently Governmental responsibility or should be outsourced 
to contractors. In 2007, during comment on the CFATS final 
rule, several stakeholders expressed concerns regarding DHS's 
use of third-party inspectors.
    How would you describe these concerns, including the 
maintenance of confidentiality of facility business 
information, potential variation in training and inspection, 
standards between Federal and third-party inspectors, and DHS 
establishment of qualifications, certification, indemnification 
of third-party inspectors?
    Ms. Hodges. Contractors are used in various components of 
the Department. I think the most important element is the 
decisions being done are applied by Government employees. 
Contractors do serve a very valuable purpose when you have 
limited resources, but ultimately, they may not and should not 
be ever doing anything that would be of a decision-making 
inherently Governmental function.
    Ms. Clarke. So you are saying that if there is a 
supervisory--personnel from a Governmental standpoint, 
basically, overlooking what these contractors would be doing, 
you would feel more comfortable with that, but should 
contractors be in a position to make decisions themselves, that 
would present some discomfort?
    Ms. Hodges. That would get into the area of an inherently 
Governmental function, yes.
    Ms. Clarke. Can you tell me in your opinion if it is 
appropriate for DHS to use third-party auditors and, if so, for 
which tiers of facilities and what the standards and 
requirements would be for those third-party auditors? Who would 
pay for the third-party auditors?
    Ms. Hodges. Right, well, I think that goes back to the 
initial underlying issue here about authorization. Trying to 
make an estimate on resources needed or our contract staff to 
augment the Federal staff is a little bit difficult now, not 
knowing what the on-going appropriation would be for this 
particular program.
    Ms. Clarke. Very well.
    Mr. Chairman, I yield back.
    Mr. Meehan. I thank the gentlelady.
    The Chairman now recognizes the gentleman from 
Pennsylvania, Mr. Perry.
    Mr. Perry. Thank you, Mr. Chairman. Greetings to the panel. 
Thank you for your testimony.
    My questions will be directed to the assistant secretary. 
Madam Secretary, some in Congress and elsewhere have said that 
the CFATS program is not operating efficiently or making 
adequate progress and is in need of a complete overhaul. 
Unfortunately, the individuals that have that opinion are 
waiting for a unilateral overhaul that allows the 
administration to dictate chemical security policy without 
reasonable input from industry. I just listened to some of the 
testimony regarding the backlog and approvals and the 
recommendations, et cetera, and I think it lends itself at 
least a portion to the credibility of that opinion.
    So my questions are as follows: Can you explain to the 
committee how a completed overhaul is not the right approach 
and why waiting for it would make the situation more burdensome 
for the Department and hinder continued progress? Finally, do 
you feel that it is crucial that the industry has substantial 
input into any regulations imposed upon them? If you would 
comment on those two, I would appreciate it.
    Ms. Durkovich. Thank you very much, sir, for that question. 
It is an important question, because I firmly believe we do not 
need a major overhaul of the program. As I noted in my opening 
statement, the program has made this country more secure, and 
we have demonstrated tremendous progress, not only over the 
course of the last 7 years, but certainly over the course of 
the last 2 years.
    We started with over 40,000 facilities that submitted Top-
Screens. Through our process, we now have over 4,000 that are 
regulated in our various stages of having both approved SSPs, 
but now beginning compliance inspections. At every turn, 
Director Wulf is looking at ways to improve the efficiency and 
the effectiveness of the program. We do that in very close 
collaboration with our stakeholders, who have provided 
important input to us on the Alternative Security Program, on 
our tiering methodology, on how to reach outliers, and to 
overhaul the program, again, at a point where we have 
demonstrated success, where we have over 500 SSPs that are 
approved, where we have facilities that are making investments 
and making decisions based on those SSPs again would, I think, 
be unfair both to the industry itself, but also to the men and 
women of ISCD.
    I would like to yield the last 2\1/2\ minutes of my time to 
allow Director Wulf perhaps to speak to a few minutes to that, 
as well.
    Mr. Wulf. I would be glad to. Thank you so much.
    You know, I would add that the core of the CFATS program, 
18 risk-based performance standards, a non-prescriptive program 
that allows for security measures to be tailored to the 
individual needs of our 4,000 regulated facilities, is strong 
and is well-suited to the mission at hand.
    So I would absolutely agree that a major overhaul of the 
program is not needed. The program is moving absolutely in the 
right direction. That is not to say that the regulation is 
perfect or that we won't move forward to try to make some 
tweaks and to further improve the process. Down the road, I 
would anticipate an advanced notice of proposed rulemaking, 
through which we will solicit from our stakeholders across the 
board their thoughts on what can be done to improve the 
program.
    But I would absolutely, you know, want to be clear that the 
core of this program is very strong and well-suited to the 
mission. Appreciate the question.
    Mr. Perry. So the only place that stakeholders will have a 
voice is in the rulemaking or the reform maybe of--or, you 
know, the modification of rules moving forward at this point? 
Is that their place?
    Mr. Wulf. No, we have a continuing dialogue with our 
stakeholders through sector coordinating councils, the chemical 
sector, the oil and natural gas sector, our other stakeholders. 
We are working on a continuing basis to conduct outreach, 
working with the industry associations, including ACC and 
SOCMA, from which you will hear later on during this hearing, 
working together on initiatives to drive the program forward, 
to get the word out, to reach out to facilities that may be in 
the outlier population, to work on efforts such as Alternative 
Security Program templates that can further streamline industry 
members' ability to develop security plans and our ability to 
review, authorize, and approve those plans.
    Mr. Perry. Thank you, Mr. Chairman. I yield back.
    Mr. Meehan. I thank the gentleman.
    The Chairman now recognizes the gentleman from Nevada, Mr. 
Horsford.
    Mr. Horsford. Thank you, Mr. Chairman.
    Ms. Hodges, I want to thank you for coming to testify 
today, and I know that our invitation to you was recent and 
that your report, however, is almost a year old, so I realize 
that the effort that you and your staff had put into the update 
and the review of this report.
    In your 2013 report, you issued 24 recommendations. Since 
that time, we understand that 12 recommendations were closed. 
What does this change in status tell us about the effectiveness 
of the CFATS program to prevent a terrorist incident involving 
a chemical plant?
    Ms. Hodges. Yes, thank you for that question. The change in 
the recommendation status indicates that ISCD is addressing the 
report recommendations to build a basic administrative 
foundation, as well as the core infrastructure to support the 
program.
    While the majority of the closed recommendations involved 
administrative issues that were presented, the majority of the 
unresolved issues have to do with programmatic areas, on-going 
programmatic areas that need to be addressed.
    The program is maturing, but it is not fully operational. 
Even when CFATS becomes fully operational, it can't prevent an 
incident, but what it can do is better prepare industry and 
their facilities to mitigate risk to the incident.
    Mr. Horsford. Okay. So when you assessed DHS's effort to 
implement the CFATS program from inception to the end of fiscal 
year 2012, at the time, among other items, you found that DHS's 
officials' use of, ``confusing terminology'' led to 
misunderstandings of CFATS's program progress. Likewise, we on 
the committee have repeatedly expressed concern in the way that 
NPPD tracks its progress, as it makes it difficult to get to an 
accurate picture of the program.
    Since the release of your program--of your report, excuse 
me, you have made a chance to review the Department's 
materials. Is that correct?
    Ms. Hodges. That is correct.
    Mr. Horsford. What would you say about the quality of 
information that is furnished today by the program and the 
terminology utilized to communicate it?
    Ms. Hodges. I think there has been great strides with their 
annual operating plan. That plan has realistic and thoughtful 
measures. It also has milestones, time frames, and that is a 
really big--from our frame of reference, our fieldwork ended 
back in October 2012. The report was issued in March 2013. From 
where the program was to where they are now, with just the 
foundational documents of having a way forward, that has been a 
big, impressive effort on the part of NPPD and ISCD.
    Mr. Horsford. Do you feel that it is presented in a way 
that is useful for this oversight committee to reach 
conclusions about the efficacy of the program?
    Ms. Hodges. With the time and the distance from our field 
work, we wanted to get the measures in place. We haven't been 
back with the component or with ISCD to look at whether they 
have had results, you know, from those measures. So I would not 
be able to articulate or weigh in if that progress would be 
helpful to the subcommittee and the committee.
    Mr. Horsford. Well, I would see, to the extent we can--I 
mean, my experience here is rather recent, but what I find, Mr. 
Chairman, and to the Ranking Member, is that a lot of times, 
you know, we have these reports and their recommendations and 
conclusions to the agencies, but a lot of time there is not the 
follow-up or the follow-through to help us provide the proper 
guidance and oversight. So that is something that I would be 
interested in as a Member of the subcommittee. Maybe someone 
from the agency can respond. I yield back.
    Mr. Wulf. Yes, I would be glad to, and I appreciate the 
opportunity. Even at the time that the inspector general issued 
its report, many of the recommendations that it made and issues 
it had identified had been previously identified through the 
challenges memo that we prepared in the fall of 2011, and those 
issues had largely been resolved through the implementation of 
the action plan we had put together.
    So we have done a lot of good work putting into place 
important management controls, business practices, streamlining 
processes with respect to the review authorization, inspection 
of facilities, and approval of site security plans. You know, 
acknowledging that the I.G. engagement with our division is 
somewhat dated, you know, I would--I am not sure I would accept 
the premise that our program is not fully operational.
    Every day across America, our inspectors are working 
closely with facilities and working through security measures 
that are fostering security and improving security at America's 
highest-risk chemical infrastructure. So the program is 
absolutely on the move. Since I last testified before this 
committee in August, we have more than tripled our output of 
approved site security plans, more than doubled to more than 
1,100 our output of authorized plans. This program is 
absolutely fully operational, and the pace will only continue 
to increase, and we are certainly committed to continuing to 
work to improve the program going forward.
    Mr. Meehan. I thank the gentleman.
    Mr. Wulf, let me just ask a quick question as a follow-up 
on that. There were 24 recommendations made by the OIG. Twelve 
of those recommendations have been fully closed. Is that not 
correct?
    Mr. Wulf. That is correct. The remaining 12 are noted as 
resolved, but open.
    Mr. Meehan. There are three levels of scrutiny on this, so 
if you had been entirely lacking on those remaining 12, some of 
which, as I have reviewed the report, indicate that there are 
various technical reasons why they may not be, but the bottom 
line is, by having said that they were not yet closed, but you 
are in that middle level of scrutiny, which you have made the 
significant progress, you are pretty close to getting to 
answering the questions of the OIG. Is that not accurate?
    Mr. Wulf. I think that is absolutely correct, sir.
    Mr. Meehan. Do you disagree, Ms. Hodges, or agree?
    Ms. Hodges. I believe that, yes, 12 of the 24 
recommendations are closed. The remaining open recommendations, 
some of them will be more longer-term. When a recommendation is 
indicated as resolved, that means that the inspector general's 
office and the Department have agreed in principle on the way 
forward the action plan, the milestones, the goals.
    Depending on how far we are in achieving those milestones 
and goals and deliverables, we would resolve and close that 
particular recommendation. However, some recommendations 
require a longer period of time to be resolved and then closed.
    Mr. Meehan. Thank you.
    The Chairman recognizes the Ranking Member, Mr. Thompson, 
for questions he may have.
    Mr. Thompson. Thank you very much, Mr. Chairman.
    Ms. Durkovich, a lot has been talked about, about West, 
Texas. Can you tell this committee, since the explosion, that 
those facilities like the one in West, Texas, are now being 
inspected on a regular basis?
    Ms. Durkovich. Thank you for that question. Since West, 
Texas, nearly a year ago, both the Department, but the 
interagency, has undertaken an extraordinary effort to identify 
outliers like West, Texas. We have worked very closely with our 
colleagues at EPA to cross-walk our lists of regulated 
facilities. We are working very closely with State homeland 
security advisers, with State chemists, with State departments 
of agriculture to identify facilities that may not be aware of 
our regulations and/or who may not have decided to comply with 
them.
    We have a number of facilities since our efforts with the 
EPA and to get the word out who have since submitted Top-
Screens. We are in the process of assessing and evaluating 
those Top-Screens to determine which one of those will be given 
a preliminary tier. But the way that our process works, sir, is 
that we are not yet at a point where we are doing inspections, 
but we have certainly undertaken, again, an extraordinary 
effort to identify those outliers and to ensure that they have 
begun the process under CFATS, which begins with a Top-Screen.
    Mr. Thompson. Thank you. So for the sake of the committee, 
can you give us an estimate of how many of those outliers that 
might be out here?
    Ms. Durkovich. I will tell you that as part of our work, we 
sent out--I think it was 3,000 letters to potentially--or to 
facilities that could be potentially regulated under CFATS. 
Those facilities, again, have gone through--or are in process 
of submitting Top-Screens. I am going to defer to Mr. Wulf, but 
I think the number--I will actually let you answer that.
    Mr. Wulf. Absolutely. We have taken in approximately 800 
additional Top-Screen submissions from facilities since we 
started this process, facilities that have threshold holdings 
of high-risk chemicals of interest, beginning the process, then 
as appropriate to go through the security vulnerability 
assessment and sign as appropriate a final tier.
    We found through this that very few of these facilities are 
looking as though they are going to tier into the program. So I 
am pretty confident that we have a good handle on the known 
universe of high-risk chemical facilities as currently defined 
in the United States. Over the course of the program's history, 
we have taken in upwards of 46,000 Top-Screens.
    Mr. Thompson. Right. But what I am trying to get to is--we 
were told that the West, Texas, facility was one of those 
outliers, that there was no review. I am trying to see--you 
said 3,000. Is that the universe to your knowledge?
    Ms. Durkovich. No, go ahead.
    Mr. Wulf. That is the number of facilities that we 
identified through a cross-walk with EPA and subsequently sent 
letters. West, Texas, the West Fertilizer Company did not meet 
its obligation to submit a Top-Screen. That doesn't mean that, 
had it submitted a Top-Screen--and it has subsequently 
submitted a Top-Screen--it would end up as a regulated facility 
under CFATS, that it would be determined to be one of the 
highest risk of a terrorist attack exploitation.
    Mr. Thompson. So at what point would these 3,000 people you 
sent letters to, what is the Department's time table for 
bringing that review to completion?
    Mr. Wulf. It is moving forward right now. I would 
anticipate that the facilities that, you know, have moved 
through and received a preliminary tier, and I believe that is 
only about 40 facilities right now, would be receiving their 
final tier as appropriate, developing their site security plan 
in concert with our physical security specialists and chemical 
security inspectors, and moving through the process of 
authorization, inspection, and approval.
    Mr. Thompson. Well, I guess what I am trying, Mr. Chairman, 
to get to is, if it is 3,000 or the 3,000--is it X number 
that--what is the time table for the agency? You talked about 
it may not be involved for the tiering, but we need assurance 
that these outliers, whether they voluntarily come in or you 
identify them through some other process, that they don't 
endanger the lives and communities just because we didn't know 
they existed.
    Mr. Wulf. Absolutely.
    Mr. Thompson. I am trying to get us to some point of how we 
are going to bring everybody into a system, regardless of where 
they are.
    Ms. Durkovich. So, sir, I think that this is a continuous 
process, frankly. The work that we have done with the EPA to 
cross-walk our list is just one step in the process. But, 
frankly, we will always work very closely not only with the 
major trade associations, again, with State homeland security 
advisers, with State agricultural departments, with State 
chemists. We are working very closely now with smaller State 
associations. Some of these outliers don't always belong to the 
large National associations. We are looking at how through our 
voluntary program, through our protective security adviser 
program, we can utilize those individuals who are--so it is 
going to be an on-going process, sir.
    Mr. Thompson. Well, and I understand that. But, you know, 
the West, Texas, facility was not a new facility. It had been 
there a long time. It had gone through some modifications. So a 
lot of this information and these companies are already there.
    So I am trying to figure out, how did they fall through the 
system to start with?
    Ms. Durkovich. So they--sir, they were in the system. They 
were not necessarily in our system. We have gone through a very 
important process, which is cross-walking our database with the 
EPA's database. That is what resulted in the 3,000 letters that 
we ended up sending out. Part of what we are doing is part of 
the Executive Order----
    Mr. Thompson. Yes.
    Ms. Durkovich. Okay.
    Mr. Thompson. Well, I understand. But if you know there are 
3,000, so you assume these companies will just fill out the 
form and send it back. If you know that 3,000 are there, you do 
not plan to do a physical inspection of the 3,000, just if they 
send it back, fine, if they don't----
    Ms. Durkovich. That is how our process works, yes, sir. 
They submit a Top-Screen, and then based on that Top-Screen and 
the corresponding site--the security vulnerability assessment, 
we then----
    Mr. Thompson. So if they don't submit it, what happens?
    Ms. Durkovich. Then we can issue an administrative order. 
Again, we are going through the process of ensuring that all of 
the people who have received letters, where appropriate, are 
submitting their Top-Screens.
    Because of some of the way the taxonomy of the data is 
structured, a facility that is in an EPA database may be 
identified differently than it is in our database, because we 
look at that long, and they look at addresses, and so we have 
to work through some of that, but there is a process to ensure 
that those need to submit Top-Screens do.
    Mr. Thompson. Mr. Chairman, I hope you can understand the 
need to put some of this under one roof, because there is just 
too much--too many moving parts, and there doesn't appear to be 
one person really in charge. I understand the need to talk, but 
somebody should have the ultimate responsibility. I think the 
public would like to see some entity, DHS or something, in 
charge, and we can talk to other people.
    But if I might ask, Mr. Chairman, that Mr. Wulf or Ms. 
Durkovich provide the committee with the current status of 
those 3,000 facilities that they have identified that are 
outside the system, what kind of time table they are operating 
from to bring them under some kind of review, so we can assure 
the public that a West, Texas-type event, if it happens, we at 
least know the facility is there and that there is some 
regulation being applied to it.
    Ms. Durkovich. We would be happy to do that, sir. Thank 
you.
    Mr. Thompson. Thank you.
    Mr. Meehan. I thank the Ranking Member.
    Let me take a moment just to follow up on a couple of 
questions with regard to that particular issue. We are talking 
about outliers that may or may not be purposefully deciding 
that they don't want to participate, for whatever reason. Is it 
more likely that they will be inclined to participate if, in 
fact, we have an authorized program than whether or not we have 
an ambiguous program about whether it is moving forward or not, 
in your professional opinion?
    Ms. Durkovich. In my professional opinion, it is more 
likely that they will participate, if there is a fully 
authorized program, yes, sir.
    Mr. Meehan. Now, you are also cooperating with other 
members of the industry who are significantly interested in 
working with you, and it is often likely that chemical 
companies who are in possession very infrequently operate 
entirely in isolation. By that I mean they are either selling 
their product to another user or they are purposing component 
chemicals from a user.
    So the privity of relationships with people in the industry 
is well established. So the capacity to identify through other 
members who outliers may be is significantly enhanced when we, 
in fact, have a program which is predictable, dependable, and 
people know that they have made a commitment. Is your 
professional opinion we do better working through industry to 
identify outliers if we had an authorized program?
    Ms. Durkovich. That is my--yes, that is my professional 
opinion. I am happy to let Mr. Wulf just talk a little bit 
about how we are already doing that, but yes.
    Mr. Wulf. Yes, no, I am glad to, and that is absolutely the 
case. We work very well with industry through the National 
associations, through these State-level associations, and 
through the companies that are part of those associations, and 
otherwise, to identify segments of industry that we may need to 
communicate with, working with them to get the word out, you 
know, working together on efforts such as the chemical security 
summit to bring in members of industry and educate them on the 
requirements of the CFATS program and on the availability of 
voluntary programs, as well. So, yes, absolutely would agree 
with that.
    Mr. Meehan. Okay. Well, I thank you. I am aware we have 
another panel to get to, but I want to ask just a few follow-up 
questions and, of course, turn it over to my colleagues to see 
if they have concluding questions for this particular panel.
    But let me just ask Ms. Hodges, as a matter of record, if 
you do know, and I know there have been some questions about 
contract employees. I am referring to the EPA. Are you aware 
that it is their practice to use contract employees for 
inspections and evaluations under such things as the Clean 
Water Act, the Resource Conservation and Recovery Act, the 
Toxic Substances Control Act, the Oil Pollution Act, the Safe 
Drinking Water Act? Are you aware as to the utilization of 
contract employees for those kinds of important programs?
    Ms. Hodges. For the EPA?
    Mr. Meehan. Yes, ma'am.
    Ms. Hodges. No, I am personally not.
    Mr. Meehan. Okay. Okay, well, I will ask that a letter of 
record be submitted, the letter from David Kling, director of 
the Federal Facilities Enforcement Office of the EPA, dated 
November 1. I thank you.
    Without objection, so ordered.
    [The information follows:]
  Memorandum From the Office of Enforcement and Compliance Assurance, 
     United States Environmental Protection Agency, Washington, DC
                              Nov. 1, 2005
                               memorandum
SUBJECT: Use of Contract Inspectors for EPA's Federal Facility 
Compliance Inspections/Evaluations

FROM: David J. Kling, Director, Federal Facilities Enforcement Office 
(2261A)

TO: Regional Federal Facilities Program Managers, Regional Federal 
Facilities Senior Managers

    Since some EPA Regional enforcement and compliance personnel have 
recently raised questions regarding the use of contract inspectors in 
compliance inspections/evaluations of Federal facilities, we are 
writing to confirm that properly trained and authorized contract 
inspectors are appropriate for Federal facility compliance inspections/
evaluations under the Clean Water Act (CWA), the Resource Conservation 
and Recovery Act (RCRA), the Toxic Substances Control Act (TSCA), the 
Oil Pollution Act (OPA) and the Safe Drinking Water Act (SDWA). The 
Federal courts are split as to whether contract inspectors are 
authorized to conduct inspections under the Clean Air Act (CAA), and 
the Federal Insectide, Fungicide and Rodenticide Act's (FIFRA's) 
language limits those who are authorized to conduct inspections.
    Under the CAA, the Courts of Appeals for the Sixth, Ninth, and 
Tenth Circuits have considered the issue of contract inspectors, but 
have reached different conclusions that depend, in part, on the 
specific area being inspected. Without a definitive answer from the 
Supreme Court, we advise that Regions should not use contract 
inspectors for CAA inspections. In the rare circumstance where contract 
inspectors may be needed to conduct a CAA evaluation/inspection, 
written approval for the use of such inspectors must first be granted 
by the Federal Facilities Enforcement Office (FFEO).
    Further, FIFRA's language limits those authorized to conduct 
inspections to ``any officer or employee of the Environmental 
Protection Agency or of any State or political subdivision.'' FIFRA  
9, 7 U.S.C.  136g. Accordingly, we do not advise using contract 
inspectors for FIFRA compliance inspections/evaluations.
    Regional enforcement personnel should reacquaint themselves with 
the requirements for authorizing contractors to conduct inspections. 
These requirements include:
   The inspection contract must contain language per EPA Order 
        3500.1 requiring the contract inspector to meet the training 
        requirements of the Order, including completion ofthe Basic 
        Inspector Course, health and safety training, and medium-
        specific training requirements--prior to leading an inspection.
     Contractors who merely assist, rather than lead, 
            inspections are not required to comply with all of the 
            requirements of EPA Order 3500.1, although meeting the 
            requirements is still recommended. Even if not leading 
            inspections, contract inspectors are obliged to have health 
            and safety training, as specified in EPA Order 1440.3.
   The inspections must be carried out in accordance with 
        approved Quality Assurance/Quality Control plans (that are part 
        of the Regions' Quality Assurance Management Plan) and use 
        established procedures, such as those set forth in EPA's 
        Inspection Manuals.
   Depending on the nature of the inspections to be conducted, 
        a background investigation may be required for contract 
        inspectors. Any background investigation requirements should be 
        included in the contract. Background investigations are 
        especially important in the Federal facilities context--
        particularly at high-risk facilities (e.g., certain military 
        bases, nuclear weapons plants, and Classified facilities).
   A contract inspector may not request or review Confidential 
        Business Information (CBl) unless she or he has been cleared 
        for CBl by EPA under the particular statute for which the 
        authorization is given.
   EPA does not issue the same Federal credential which EPA 
        employees carry to contractors. A few programs issue a statute 
        specific credential authorizing the contractor to carry out 
        inspections under a specific statute. It clearly identifies the 
        bearer as a contractor. In most cases, EPA provides contractors 
        with a letter of authorization. The letter identifies the 
        bearer as a contractor.
    Please note that OECA and OARM are developing an EPA order that 
        addresses the issuance of credentials to Federal employees, 
        State/Tribal government employees, Senior Environmental 
        Employees (SEEs), and contractors.
    Thank you for your interest in this matter and your support for 
using contract inspectors in appropriate circumstances. If you have any 
questions regarding this memorandum, please contact Gracie Garcia in 
OECA's Federal Facilities Enforcement Office or Phyllis Flaherty in 
OECA'S Office of Compliance.
cc (electronic only): Michael S. Alushin, OECA/OC, Kenneth A. 
Gigliello, OECA/OC, Phyllis E. Flaherty, OECA/OC, Sandra L. Connors, 
OECA/FFEO, Bernadette Rappold, OECA/FFEO, Gregory Snyder, OECA/FFEO, 
Gracie Garcia, OECA/FFEO, FFEO Liaisons, Regional Enforcement Division 
Directors, Regional Media Division Directors, Regional Enforcement 
Coordinators.

    Mr. Meehan. Let me just close my comments--my questions. 
Mr. Caldwell, you have done a great deal of oversight in this 
program. I know you are responsible for sort-of looking at the 
activities in response to the directions that have been given 
us, but we are not operating in isolation here. You have also 
been very closely associated with the things that are being 
done to move forward.
    From your position, you have seen this bill. Do you see any 
advantages in it or any of the provisions there that you think 
are helpful?
    Mr. Caldwell [continuing]. Sorry, GAO doesn't have an 
official position on the bill itself, but I can talk about a 
couple of things there. Many of them have been said. I mean, I 
think the multi-year authorization, whether it is 2, 3, 4, 
whatever many years, certainly adds stability to both DHS and 
to industry. I think it also provides some normalcy in terms of 
being an authorized program, whether or not the appropriations 
have been approved or not. As we know from recent years, that 
has not always been a pretty thing.
    The bill codifies some of the activities that are already 
being done in the program, but that also offers some stability 
to industry, because if it is purely something within the 
regulations, the Department in theory could change those quite 
different--you know, could change those quite dramatically. 
Then industry and others, as well as the Department, would have 
to react to that.
    Finally, I think if you look at some of the areas that were 
emphasized in the bill, they certainly are areas where GAO, as 
well as I.G., has pointed out a need for corrective actions and 
emphasis.
    Mr. Meehan. Let me just close by an observation, as well. 
You have watched. We have been through a long history, and one 
of the great frustrations here has been in the past there have 
been requests for responsiveness from DHS with regard to a 
number of matters with Congressional oversight, and your own 
investigations have demonstrated that part of these issues from 
time to time have been related to not just program management 
and other kinds of tools, et cetera, but the overall 
responsiveness, as you have begun, do you believe that you are 
seeing an improvement and important activity along the lines of 
the requests and demands that you have met?
    Mr. Caldwell. Yes, sir. So our first review of CFATS came 
at what might be the low point of the program, when the 
internal memo came out. I think relatively early, when we 
started our work, the top management at NPPD talked to us, 
pledged their commitment to change, as well as the commitment 
from our auditor standpoint, of giving us access to their 
people and documents, which they did. I think since that time, 
we have had very good cooperation in terms of when we have 
actually had an on-going review, getting documents, getting 
access to their people, and reviewing it.
    I would say, we have seen progress since that time, again, 
taking the longer sweep here, in terms of the management 
problems that they have identified. They sit down to track them 
and look at their progress against them. In terms of the 
outlier issue, they are certainly working to match data with 
the other agencies, be it EPA or other ones. Whether that will 
lead to some of the--I am not sure you could prevent all the 
West, Texases, through that process because of the tiering 
process, but at least it is progress in the sense of trying to 
identify them.
    They are speeding up, say, the plan reviews through the 
concurrent review process. They are doing something that used 
to be very sequential and very long to do. I guess maybe the 
biggest thing to GAO--and I would ask Ms. Hodges to comment, if 
she wants to, as well, is I think they are certainly interested 
in any suggestions and recommendations that we have, and there 
is an effort certainly to implement those, sir.
    Mr. Meehan. Ms. Hodges, do you have a comment?
    Ms. Hodges. I do believe that the component has been 
responsive to our follow-up for recommendations and 
documentation, yes.
    Mr. Meehan. Thank you. I turn it to the Ranking Member. Do 
you have any closing questions for the panel?
    Ms. Clarke. I do, Mr. Chairman, but just to put in 
perspective the agencies and the letter that you have submitted 
for the record, those agencies don't have the mandate of 
preventing terrorism. I think that that is the distinction that 
we are talking about with these contractors that we really need 
to make sure we hold fast to.
    Ms. Durkovich, ISCD has on a number of occasions testified 
that the agency is willing to accept any vetting program for 
the Department as an alternative to the PSP under CFATS. 
However, I understand that ISCD does not intend to accept these 
alternative vetting programs without preconditions. Most 
recently, Congress addressed this issue in the fiscal year 2014 
omnibus appropriations bill, but I would like to get the 
Department's most recent views on the PSP issues.
    Ms. Durkovich. Thank you very much. I appreciate the 
opportunity to address this great question.
    The personnel surety program under CFATS presents a 
standard that I think that any prudent company isn't already 
doing or shouldn't be doing. It requires that those companies 
verify the identity of new personnel, that they conduct a 
criminal or a background check, and that they verify that they 
are legal to work.
    For those personnel with access to restricted areas or 
critical assets, as you have mentioned, since this program does 
have a terror--a mandate for terrorism, we are requiring a 
check against the TSDB, the Terrorist Screening Database. We 
have outlined a number of different options that will allow 
facilities to do that, and the information collection request 
that is out right now is part of the basic tenets of our 
program. We allow flexibility and options for companies. We 
can't mandate requirements or prescribe requirements.
    As part of personnel surety and the check against this 
Terrorist Screening Database, we are allowing for other 
credentials to be used. However, what we want to ensure is that 
we have the ability to verify the validity of those credentials 
and to ensure in the intervening period since they have been 
issued that that individual has not committed a crime or has 
for some reason not ended up on the Terrorist Screening 
Database.
    That is the intent of the program, is, again, to verify 
that the individual who will have access to those restricted 
areas and to those critical assets is not on the TSDB. So, yes, 
we are giving companies the option to leverage existing 
credential programs, but, again, we want to verify the validity 
of those credentials to ensure that, again, in the intervening 
time since they have been issued, for some reason, that 
individual has not committed a crime or has not ended up on the 
screening--Terrorist Screening Database.
    Ms. Clarke. What is the process for verification? Is 
there----
    Ms. Durkovich. There are a number of different ways. 
Specific to the credential, through our CFATS tool, they can 
enter their name, their date of birth, and the credential 
number, and that will do a quick verification----
    Ms. Clarke. So is it sort of a self-verifying----
    Ms. Durkovich. No, no, no. No. Either the facility or a 
third party does the verification, but it is--again, either 
through the database or they can do a swipe with a TWIC reader 
card, for example.
    Ms. Clarke. Very well.
    Mr. Chairman, I yield back. Thank you.
    Mr. Meehan. I thank the Ranking Member. I thank each of the 
witnesses, not just for your testimony today, but for the long 
work each of you in your various capacities have given to the 
oversight and continuing progress of this program. I thank you.
    The Members may have additional questions, and if they are 
submitted to you at some point in time, I would ask that you 
respond in writing. Thank you. The panel is dismissed. The 
clerk will prepare the witness table for the second panel.
    I want to welcome our panel. Before I recognize the panel, 
I am going to ask unanimous consent that a letter in support of 
H.R. 4007 that has been signed by 24 industry associations be 
entered into the record.
    Without objection, that will be so ordered.
    [The information follows:]
                Letter Submitted by Hon. Patrick Meehan
                                  February 7, 2014.
The Honorable Michael McCaul (R-TX),
Chairman, U.S. House of Representatives, Committee on Homeland 
        Security, H2-176 Ford House Office Building, Washington, DC 
        20515.
The Honorable Bennie Thompson (D-MS),
Ranking Member, U.S. House of Representatives, Committee on Homeland 
        Security, H2-176 Ford House Office Building, Washington, DC 
        20515.
The Honorable Patrick Meehan (R-PA),
Chairman, U.S. House of Representatives, Subcommittee on Cybersecurity, 
        Infrastructure Protection, and Security Technologies, H2-117 
        Ford House Office Building, Washington, DC 20515.
The Honorable Yvette Clarke (D-NY),
Ranking Member, U.S. House of Representatives, Subcommittee on 
        Cybersecurity, Infrastructure Protection, and Security 
        Technologies, H2-117 Ford House Office Building, Washington, DC 
        20515.
    Dear Chairman McCaul, Ranking Member Thompson, Chairman Meehan, and 
Ranking Member Clarke: We, the undersigned organizations would like to 
express our support for H.R. 4007, the CFATS Authorization and 
Accountability Act of 2014, a streamlined bill that provides a 2-year 
authorization of the Chemical Facility Anti-Terrorism Standards (CFATS) 
program and guidance to the Department of Homeland Security (DHS) on 
key issues of chemical facility security.
    The bill addresses several important policy goals. First, it 
provides a multi-year authorization to allow DHS to confidently 
implement CFATS and industry to make important investments with the 
certainty that goes along with knowing the program will be authorized. 
The current practice of year-to-year extensions, or worse, short-term 
continuing resolutions through the appropriations process is a 
destabilizing force in the implementation and investment process.
    Secondly, the legislation also addresses some of the major 
impediments to completing site security plans and full implementation 
of the program. It addresses certain concerns surrounding the personnel 
surety requirements needed for access; gives covered facilities the 
ability to meet site security plans through alternate security plans 
approved by DHS and an option to use third parties as inspectors; 
improves Congressional oversight regarding the tiering methodology; and 
ensures better coordination with State and local officials.
    We recognize the complexities in implementing a program like CFATS 
and are fully aware of some of the flaws in management exposed over the 
past few years. This multi-year authorization will give DHS the time 
and stability it needs to improve its implementation, but at the same 
time, will ensure that Congress has the ability to monitor the program 
and make any necessary changes to it before the next authorization.
    The organizations and companies listed below represent thousands of 
American businesses that employ millions of American workers. We are 
manufacturers, producers, processors, distributors, transporters, and 
retailers in agriculture, chemistry, energy, forest products, food 
processing, medicine, and other businesses that form our Nation's 
infrastructure. We support H.R. 4007, and urge you to quickly consider 
and pass this important legislation.
    Thank you for your timely consideration.
            Sincerely,
Agricultural Retailers Association, American Chemistry Council, 
American Coatings Association, American Forest & Paper Association, 
American Fuel and Petrochemical Manufacturers, American Petroleum 
Institute, American Trucking Associations, Association of Oil Pipe 
Lines, Edison Electric Institute, Global Cold Chain Alliance, Institute 
of Makers of Explosives, International Association of Refrigerated 
Warehouses, International Dairy Foods Association, International Liquid 
Terminals Association, International Warehouse Logistics Association, 
National Agricultural Aviation Association, National Association of 
Chemical Distributors, National Association of Manufacturers, National 
Mining Association, National Pest Management Association, Petroleum 
Marketers Association of America, Society of Chemical Manufacturers & 
Affiliates, The Fertilizer Institute, U.S. Chamber of Commerce.

    Mr. Meehan. I want to thank our second panel for your 
presence here today and for your willingness to help us draw 
light on this very, very important issue. In order of 
appearance, Mr. Clyde Miller is the director of corporate 
security at BASF Corporation. In this capacity, Mr. Miller is 
responsible for critical security initiatives both at the 
corporate level and at BASF production sites across North 
America, which include the execution of a crisis management and 
response plan, CFATS compliance, and company-wide security 
initiatives. In addition, Mr. Miller has served as the chair of 
the Chemical Sector Coordinating Council, chair of the 
Partnership for Critical Infrastructure Protection, and is 
currently the incoming vice chair of the American Chemistry 
Council's Security Committee.
    Ms. Kate Hampford Donahue is the president of Hampford 
Research, a specialty chemical manufacturer serving Fortune 500 
companies in the electronics, dental, personal care, printing, 
and adhesive markets. In addition, Ms. Donahue's company is a 
member of the board of governors of the Society of Chemical 
Manufacturers and Affiliates. This association supports the 
industry with programs that maximize commercial and networking 
opportunities to increase public confidence and to influence 
the passage of rational laws and regulations.
    We are joined by Ms. Anna Fendley, who represents the 
Health, Safety, and Environmental Department of the United 
Steelworkers of America. USW is North America's largest 
industrial union, representing 850,000 workers across a diverse 
range of industries, including the majority of unionized 
workers in the chemical industry and workplace that use and 
store large quantities of industrial chemicals.
    I may add for the record, I am quite pleased to have good 
relationships with the many fine workers in the refineries in 
the southeastern Pennsylvania portion that I am able to 
represent, and I thank you for being here today.
    In fact, I thank each of you. Your full written statements 
will be entered into the record. You may give your verbal 
testimony, and I am going to ask that you do your best to try 
to keep it within the 5-minute time limit.
    So right now, the Chairman recognizes Mr. Miller for his 
testimony.

STATEMENT OF CLYDE D. MILLER, DIRECTOR FOR CORPORATE SECURITY, 
  BASF NORTH AMERICA, INCOMING VICE CHAIR, AMERICAN CHEMISTRY 
                   COUNCIL SECURITY COMMITTEE

    Mr. Miller. Thank you, Chairman Meehan, and good morning, 
Ranking Member Clarke and Members of the committee.
    I am the director of corporate security for BASF 
Corporation, and I think it speaks to the importance of this 
legislation that we had both Chairman McCaul and Ranking Member 
Thompson from the full committee in the hearing this morning to 
speak to this legislation.
    I am here today on behalf of BASF and the American 
Chemistry Council. As you have pointed out, I am responsible 
for all the security functions at our chemical facilities at 
BASF in North America, as well as the implementation of the 
Chemical Facility Anti-Terrorism Standards, or CFATS.
    For BASF and the chemical industry as a whole, security is 
an important aspect of our operations, and there is no greater 
priority than the safety and security of our employees and the 
communities that surround our sites. I appreciate the 
opportunity to appear this morning to provide feedback on the 
legislation being considered.
    To that end, in addition to my written comments, I would 
like to emphasize the following points. First of all, we 
support moving the CFATS regulation from an appropriations 
process to an authorization process. This bill for the most 
part codifies what is in the original 2006 spending bill, which 
established the Nation's first comprehensive chemical facility 
security regulation.
    Like the original bill, it is short and to the point and 
validates the original premise of risk-based performance model 
focusing on security. The bill does not try to reinvent the 
wheel or add complexity to the program, which seemed to doom 
previous attempts at long-term authorizations. Instead, this 
bill has some narrow fixes in a few areas, such as offering 
options to comply with the personnel surety performance 
standard. It also reiterates a part of the original regulation, 
requiring DHS to use threat, vulnerability, and consequence for 
assessing risk, which they had not been doing.
    I look at CFATS as an essay test rather than a multiple-
choice or fill-in-the-blank exam. Due to the CFATS security 
regulation being a collection of performance standards, a 
facility can implement a solution that draws from all available 
options to meet those standards tailored to address the unique 
needs of that site.
    To effectively comply with CFATS, an essay of measures has 
to be implemented. This can be perimeter-related, as well as 
other security measures, combined with operating measures such 
as process cameras and alarms. The totality or the essay 
becomes the regulation with which the facility complies. A 
long-term authorized regulation provides industry with the 
confidence to make long-term capital investments and having the 
certainty, and having that certainty, by the way, helps DHS and 
recruiting and retaining top talent to effectively oversee the 
regulation.
    Second, we support the implementation of the overarching 
findings and recommendations of the peer review panel in the 
manner mentioned in the bill. The peer review panel was 
established last year by DHS to study the methodology they use 
to tier facilities covered under CFATS. This effort resulted in 
a report setting out key findings and overarching 
recommendations to improve the consistency and transparency of 
the process. As a member of that panel, it is gratifying to see 
that the bill requires DHS to report on the progress and 
implementation of those recommendations.
    Third, Director Wulf and his team have done a tremendous 
job of turning CFATS around and moving toward an effective 
chemical facility security program. Since Mr. Wulf and his 
management team arrived, significant progress has been made in 
carrying out CFATS. For example, to streamline the process, 
they embraced the American Chemistry Council's alternate 
security plan template and are actually working with other 
stakeholders to develop similar plans.
    They significantly increased the number of approved site 
security plans and the pace of inspections without impacting 
the effectiveness of the program. BASF sites have gone through 
these authorization inspections, and I can assure you that the 
heightened pace has not reduced their effectiveness or 
compromised CFATS. Mr. Wulf and his team have also undertaken 
efforts to better identify facilities that should have 
submitted Top-Screens, but failed to do so, by coordinating 
with other agencies to identify those outliers.
    Finally, the passage of this bill by no means conflicts 
with the Executive Order 13650. If anything, it will add to 
enhancing and strengthening security throughout the sector, one 
of the goals of the EO. DHS is undertaking many of the 
activities being considered under the Executive Order. Passage 
of this bill would only complement those efforts and give CFATS 
the permanency it needs so that it does not risk lapsing as 
occurred during the Government shutdown last year.
    To summarize, CFATS has had a positive impact on enhancing 
security at U.S. chemical sites, and we support making it 
permanent. It is a robust program requiring companies to 
continually monitor their operations to ensure compliance. In 
some cases, facilities have evaluated their processes and 
security programs and have taken measures to reduce their risk 
and actually dropped out of CFATS.
    Before CFATS, BASF already had a fairly comprehensive and 
effective security program. However, for our facilities under 
the CFATS regulation, we have increased capital spending and 
operating cost to ensure that we meet or exceed the performance 
standards set out in the regulation.
    A long-term authorization with Congressional oversight will 
provide the regulatory certainty and operational stability to 
give the industry confidence that our long-term capital 
commitments to this program are appropriate. To try to reinvent 
CFATS by passing more comprehensive legislation, I am afraid, 
will have a significantly negative impact. We pledge our 
continued support as this legislation moves forward and to 
continuing to work in partnership with you and your staff. 
Thank you again for the opportunity to testify in support of 
this bill and to highlight improvements by DHS.
    I will be glad to answer any questions you may have.
    [The prepared statement of Mr. Miller follows:]
                 Prepared Statement of Clyde D. Miller
                           February 27, 2014
    Good morning, Chairman Meehan, Ranking Member Clarke, and Members 
of the committee. My name is Clyde Miller, and I am the director of 
corporate security for BASF Corporation. I am here today on behalf of 
BASF and the American Chemistry Council.
    At BASF, I am responsible for all of the security functions at our 
chemical facilities in North America and for the implementation of the 
Chemical Facility Anti-Terrorism Standards, or CFATS, at our facilities 
in the United States. I have been directly involved in that effort 
since CFATS' inception. Last year, I was asked to serve on the 
Department of Homeland Security (DHS)-commissioned Peer Review Panel 
analyzing the CFATS risk assessment methodology that was conducted by 
the Homeland Security Studies and Analysis Institute. For BASF and the 
chemical industry as a whole, security is an important aspect of our 
operations and there is no greater priority than the safety and 
security of our employees and the communities that surround our sites.
    I appreciate the opportunity to appear here this morning to provide 
feedback on the Chemical Facility Anti-Terrorism Standards Program 
Authorization and Accountability Act of 2014. To that end, I would like 
to emphasize the following points in my remarks:
   ONE.--We support moving the CFATS regulation from an 
        appropriations process to an authorization process.
   TWO.--We support the implementation of the overarching 
        findings and recommendations of the Peer Review Panel, in the 
        manner mentioned in this bill.
   THREE.--Dave Wulf and his team have done a tremendous job of 
        turning the CFATS program around and moving toward an effective 
        chemical facility security program.
   FOUR.--The passage of this bill by no means conflicts with 
        Executive Order 13650. If anything, it will add to enhancing 
        and strengthening security throughout the sector--one of the 
        goals of the EO.
    Now, I would like to elaborate on these points.
I. We support moving the CFATS program from an appropriations process 
        to an authorization process.
    This bill, for the most part, codifies what is in the original 2006 
spending bill, which established the Nation's first comprehensive 
chemical facility security regulation. Like the original bill, it is 
short and to the point and validates the original premise of 
establishing a risk-based performance model for enhancing chemical 
facility security across the Nation.
    I look at CFATS as an essay test rather than a multiple choice or 
fill-in-the-blank exam. Due to the CFATS security regulation being a 
collection of performance standards, a facility can implement a 
solution that draws from all available options to meet those standards. 
And since not all facilities are the same, plans can also be tailored 
to address the unique needs of individual sites. To effectively comply 
with CFATS, an ``essay'' of measures has to be implemented. This can be 
perimeter-related measures as well as other security measures, combined 
with operating measures such as process cameras and alarms. The 
totality, or ``essay,'' becomes the regulation with which the facility 
complies and is given a pass or no-pass grade when undergoing a 
compliance inspection by DHS. A long-term authorized regulation 
provides industry with the confidence to make long-term capital 
investments. Further, having that certainty helps DHS in recruiting and 
retaining top talent to effectively oversee the regulation.
    The bill does not try to reinvent the wheel or add complexity to 
the program, which seemed to doom previous attempts at long-term 
authorizations. Instead, this bill has some narrow fixes in a few areas 
that need to be addressed, such as a simplified Alternative Security 
Program, similar to that used by the U.S. Coast Guard under the 
Maritime Transportation Security Act, implementation of third-party 
inspectors and some simplified solutions to the personnel surety 
program. Concerning the Personnel Surety Program, the bill requires DHS 
to accept other well-established Federal credentials that currently 
continually vet their holders against the Terrorist Screening Database 
with no further obligation required of the facility.
    This bill reiterates a part of the original regulation, using 
threat, vulnerability, and consequence for assessing risk, which DHS 
had not been doing, as we discovered during the previously-mentioned 
peer review process. The Peer Review Panel recommended DHS evaluate all 
three elements to fully assess risk, which is also required by the 
National Infrastructure Protection Program of 2009 and 2013. Finally, 
the bill sets up an oversight process to ensure the program continues 
to make improvements and establishes accountability by setting a time 
line for the Secretary of DHS to report to Congress on its progress 
with implementation of recommendations made by the Peer Review Panel.
II. We support the implementation of the overarching findings and 
        recommendations of the Peer Review Panel, in the manner 
        mentioned in this bill.
    A peer review panel was established last year by the Homeland 
Security Studies and Analysis Institute to study the methodology used 
by DHS to tier facilities covered under CFATS. This panel was made up 
of subject-matter experts covering 15 areas of expertise, including 
industrial security, risk analysis, toxicology, process safety, 
infrastructure security, and other pertinent areas. This effort 
resulted in a report setting out key findings and over-arching 
recommendations. As a member of that panel, it is gratifying to see 
that the effort is mentioned in this bill and requires DHS to report on 
the progress in implementation of those recommendations.
III. Since Dave Wulf and his team have arrived at DHS; they have done a 
        tremendous job of turning around the program and moving CFATS 
        toward an effective chemical facility security program.
    First, recognizing that the Chemical Security Assessment Tool 
(CSAT) process could be streamlined, they embraced the American 
Chemistry Council's Alternative Security Plan (ASP) template, which 
provides an alternate path for developing and submitting site security 
plans.
    Second, they significantly increased the number of approved site 
security plans, having recently passed the 500th approved security 
plan.
    Third, they have greatly increased the pace of inspections, up to 
100 inspections per month. They have completed nearly all of the Tier 1 
and 2 high-risk facilities and have started reaching into the Tier 3 
and Tier 4 sites. BASF has had sites that have gone through these 
authorization inspections and I can assure you that the heightened pace 
has not reduced their effectiveness or compromised the program.
    Fourth, they recognized that implementing a new regulatory program 
required significant outreach to the regulated community. As a result, 
they have enhanced their outreach efforts, engaging with industry via 
sector councils and other means. They've increased the number of 
Compliance Assistance Visits and inspectors regularly participate in 
introductory meetings with owners and operators of CFATS-regulated or 
potentially-regulated facilities.
    Finally, DHS has undertaken efforts to better identify ``outlier'' 
facilities that should have submitted Top-Screens but have failed to do 
so by coordinating with other agencies such as EPA, the U.S. Coast 
Guard, and State and local authorities.
IV. The passage of this bill by no means conflicts with Executive Order 
        13650. If anything, it will add to enhancing and strengthening 
        security throughout the sector--one of the goals of the EO.
     As just mentioned, DHS is undertaking many of the activities being 
considered under the Executive Order. Passage of this bill will allow 
DHS to increase these activities that go to the heart of their 
mission--ensuring chemical facility security throughout the sector. It 
is precisely these efforts, without any changes to the program that 
might hamper efficiency or speed, that the EO--and Congress--should be 
encouraging and supporting. Passing this bill will give the program the 
permanency it needs so that it does not risk lapsing as occurred during 
the Government shutdown last year.
                               conclusion
    CFATS has had a positive impact on enhancing security at U.S. 
chemical sites, and we support making this a permanent program for the 
approximately 4,500 sites that are regulated under CFATS. It is a 
robust program, for example at BASF we already had a fairly 
comprehensive and effective security program. However, for facilities 
under the CFATS regulation, we have seen increased capital spending and 
operating costs to ensure we meet or exceed the performance standards 
set out in the regulation.
    In complying with CFATS facilities have evaluated their processes 
and security programs and in some cases taken measures to reduce their 
risk and dropped out of the program. The previously-mentioned Peer 
Review made recommendations to make some process changes to make the 
program more transparent and consistent. To try to reinvent CFATS by 
passing more comprehensive legislation, I'm afraid, would have a 
significantly negative impact on the program.
    Congressional oversight via authorization would help DHS continue 
to address some of the challenges they have faced implementing the 
program, even as the agency has made progress with a new management 
team. The industry has seen considerable increased activity from DHS, 
including improved quality of inspections and faster authorizations. 
Most importantly, DHS leadership has demonstrated a commitment to 
working with stakeholders to improve the implementation of the CFATS 
program. A long-term authorization will provide the regulatory 
certainty and operational stability to give the industry confidence 
that our long-term capital commitments to this program are appropriate, 
and provide a stronger foundation for the overall success of the 
program.
    We support and share in your efforts to provide a long-term 
authorization for CFATS. We pledge our continued support as this 
legislation moves forward, and look forward to continuing to work in 
partnership with you and your staff as this process moves forward. 
Thank you again for the opportunity to testify in support of this bill. 
I'll be glad to answer any questions you may have.

    Mr. Meehan. Thank you, Mr. Miller.
    The Chairman now recognizes Ms. Hampford Donahue.

    STATEMENT OF KATE HAMPFORD DONAHUE, PRESIDENT, HAMPFORD 
  RESEARCH, INC., AND MEMBER, BOARD OF GOVERNORS, SOCIETY OF 
         CHEMICAL MANUFACTURERS AND AFFILIATES (SOCMA)

    Ms. Hampford Donahue. Good afternoon, Chairman Meehan, 
Ranking Member Clarke, and Members of the subcommittee. My name 
is Kate Hampford Donahue, and I am president of Hampford 
Research, a specialty chemical manufacturer located in 
Stratford, Connecticut. We are a second-generation family-owned 
business with 30 employees.
    We supply complex compounds to Fortune 500 companies 
serving the electronics, personal care, printing and 
lithography, and industrial adhesives industries. Some of our 
customers are chemical giants, and some are high-tech firms 
that develop and use engineered materials, but who lack the 
ability or desire to manufacture those materials themselves.
    Hampford Research is a member of the Society of Chemical 
Manufacturers and Affiliates, or SOCMA, where I also serve on 
the board of governors. SOCMA has been and continues to be the 
leading trade association representing the batch, custom, and 
specialty chemical industry. I am proud today to provide 
testimony on behalf of SOCMA in support of H.R. 4007, the CFATS 
Authorization and Accountability Act of 2014.
    SOCMA strongly supports the CFATS program and is wholly 
supportive of H.R. 4007. The program requires chemical 
facilities Nation-wide, including mine, to develop security 
enhancements. It protects facilities against attack without 
impairing the industry's ability to remain innovative. Hampford 
Research takes the security of our facilities and our products 
very seriously, as it does the safety of our employees and our 
communities. We have literally bought into this program.
    We received notice last year that our final CFATS 
authorization inspection was scheduled for October 1. We 
prepared as thoroughly as possible for the audit, but then our 
inspection was delayed due to the Government shutdown. To make 
matters worse, during the shutdown, we learned that the 
legislative authorization for the CFATS program had expired.
    These are the kinds of disruptions and regulatory 
uncertainty that Congress should do its best to avoid. Even 
under ideal circumstances, it costs companies, especially small 
businesses, time and money to plan for, pay for, prepare for, 
and clear days off calendars for multiple employees to comply 
with the full scope of the program. Responsible companies like 
Hampford want the CFATS program, but we want a stable and 
predictable one.
    In our re-scheduled final authorization inspection, we had 
two inspectors who were knowledgeable, professional, courteous, 
and practical. They engaged us in a real dialogue during the 
inspection and continued that dialogue after they left. Their 
focus was on creating layers of deterrent. They offered lots of 
suggestions on options we might consider, but were clear that 
we were the experts on our facility and only we could create a 
plan that would work for us.
    They were very responsive to follow-up questions from us, 
as well. In addition, the entire process, from the time when we 
were inspected on October 23 until we got final approval for 
our plan just February 14 last week was extremely timely and 
efficient.
    The CFATS program went through a difficult period, but we 
believe that our positive experience is an example of the 
broader success story that the CFATS program has become. For 
its part, DHS is making good progress in implementing the 
reforms identified by Deputy Director David Wulf. SOCMA 
applauds the work of Mr. Wulf and his team. We also thank him 
for his quick response in developing a resource at SOCMA's 
request called ``What to Expect from the Inspectors,'' that 
will explain what companies should anticipate for final 
authorization. This is a great example of chemical companies 
wanting to do the right thing and DHS working well with them 
for compliance. We are meeting mutual goals.
    CFATS is reducing risk in a market-based way. Over 3,000 
facilities have changed processes or inventories in ways to 
screen out of the program. CFATS is driving facilities to 
reduce inherent hazards, relying not on regulatory mandates, 
but on the company's expert judgment to do so where it makes 
sense, where it can be done without reducing product quality or 
transferring risk to some other point in the supply chain.
    The CFATS program is working, but would help my company and 
others like it if Congress could ensure CFATS's continued 
stability through a longer-term authorization like H.R. 4007. 
This bill codifies what was in the original 2006 spending bill 
and removes the program from annual funding fire drills. This 
bill also makes a few fixes in areas where legislative change 
could improve the program, including allowing facilities the 
flexibility in satisfying their obligation to help screen 
employees and visitors for terrorist ties if the facilities 
rely on Federal credentials that are vetted against the 
Terrorist Screening Database.
    H.R. 4007 is a simple bill and a strong solution to help 
DHS and facilities like mine concentrate on implementing the 
CFATS regulations without worrying about the future of the 
program. It would help me and my 30 employees of Hampford 
Research significantly.
    The chemical sector is united in support of this bill. Per 
his testimony before the full committee in this room yesterday, 
Secretary Jeh Johnson supports it, as well. Thank you very much 
for this opportunity to testify, and I look forward to your 
questions.
    [The prepared statement of Ms. Hampford Donahue follows:]
              Prepared Statement of Kate Hampford Donahue
                           February 27, 2014
    Good morning Chairman Meehan, Ranking Member Clarke, and Members of 
the subcommittee. My name is Kate Hampford Donahue and I am the 
president of Hampford Research, Inc., a specialty chemical manufacturer 
headquartered in Stratford, Connecticut. We are a second-generation, 
family-owned business with 30 employees. We supply high-purity, complex 
compounds to Fortune 500 companies serving the electronics, dental, 
personal care, printing & lithography, and industrial adhesives 
industries. Some of our customers are chemical giants, and some are 
high-tech firms that develop and use engineered materials but lack the 
ability or desire to manufacture those materials themselves. Hampford 
Research is a member of the Society of Chemical Manufacturers and 
Affiliates, or SOCMA, where I also serve on the board of governors.
    For 90 years, SOCMA has been and continues to be the leading trade 
association representing the batch, custom, and specialty chemical 
industry. SOCMA's 220-plus member companies employ more than 100,000 
workers across the country and produce some 50,000 products--valued at 
$60 billion annually--that help make our standard of living possible. 
Over 80% of SOCMA's members are small businesses and many are covered 
by the CFATS program. I am proud today to provide testimony on behalf 
of SOCMA in support of H.R. 4007, The CFATS Authorization and 
Accountability Act of 2014.
    SOCMA strongly supports the CFATS program and is wholly supportive 
of H.R. 4007. The program requires chemical facilities Nation-wide, 
including mine, to develop security enhancements. Its performance-based 
approach protects facilities against attack without impairing the 
industry's ability to remain innovative and to maintain some of the 
Nation's highest-paying manufacturing jobs. Like most other specialty 
chemical manufacturers covered by CFATS in our industry, Hampford 
Research takes the security of our facilities and our products very 
seriously, as it does the safety of our employees and communities. We 
have quite literally ``bought in'' to the program.
    We received notice last year that our final CFATS authorization 
inspection was scheduled for October. We prepared as thoroughly as 
possible for compliance--but then our inspection was delayed, due to 
the Government shutdown in October. To make matters worse, during the 
shutdown, we learned that on October 4, the legislative authorization 
for the CFATS program had expired, albeit briefly. These are the kinds 
of disruptions and regulatory uncertainty that Congress should do its 
best to avoid. Even under ideal circumstances, it costs companies, 
especially small businesses, time and money to plan for, pay for, 
prepare for, and clear days off of calendars of multiple employees to 
comply with a program like CFATS. Responsible companies like Hampford 
want the CFATS program--but we want a stable and predictable program.
    In our rescheduled final authorization inspection, we had two 
inspectors who were knowledgeable, professional, courteous, and 
practical. They engaged us in a real dialogue during the inspection--
and continued that dialogue after they left. Their focus was on 
creating layers of deterrent. They offered lots of suggestions on 
options we might consider but were clear that we were the experts on 
our facility and only we could create a plan that would work for us. 
They were very responsive to follow up questions from us. In addition, 
the entire process (from when we were inspected on October 23-24 until 
we got approval for our plan on February 14) was very timely and 
efficient.
    The CFATS program went through a difficult period, but we believe 
that our positive experience is an example of the broader success story 
that the CFATS program has become. As a result of the chemical sector's 
strong cooperation with DHS, there has been 100% compliance by industry 
with the requirements to submit Top-Screens, Security Vulnerability 
Assessments and Site Security Plans. For its part, DHS is making good 
progress in implementing the reforms identified by Deputy Director 
David Wulf. SOCMA applauds the work of Mr. Wulf and his team. We also 
thank him for his quick response in developing a resource called ``What 
to Expect from the Inspectors'' that will explain what companies should 
anticipate for final authorizations.
    The Chemical Sector Coordinating Council suggested this idea to Mr. 
Wulf last year and he enthusiastically endorsed it. While it will come 
too late for Hampford Research, we expect that the tool will be very 
helpful to other facilities like ours. This is a great example of 
chemical companies wanting to do the right thing, and DHS working well 
with them for compliance. We are meeting mutual goals.
    CFATS is reducing risks in a market-based way. Over 3,000 
facilities have changed processes or inventories in ways that have 
enabled them to screen out of the program. CFATS is thus driving 
facilities to reduce inherent hazards, relying not on regulatory 
mandates but on the company's expert judgment to do so where it makes 
sense--where it can be done without reducing product quality or 
transferring risk to some other point in the supply chain.
    The CFATS program is working, but it would help my company and 
others like it if Congress would ensure CFATS's continued stability 
through a longer-term authorization like H.R. 4007 would provide. This 
bill simply codifies what was in the original 2006 spending bill that 
established the program, and removes the program from the annual 
funding fire drills. The bill also makes a few simple fixes in areas 
where legislative change can improve the program:
   First, it clarifies that DHS can approve generic alternative 
        security programs that facilities can opt into, rather than 
        having to approve ASPs facility-by-facility. This approach has 
        worked well for the maritime security program and should be 
        extended to CFATS.
   Second, it clearly authorizes DHS to rely on third parties 
        to conduct authorization inspections. DHS has stepped up the 
        pace of inspections, but at the current rate it will still take 
        years and years to get through all the tier 3 and 4 facilities. 
        Leveraging third parties could be the key to dramatically 
        shortening that time table.
   Third, the bill confirms that facilities can satisfy their 
        obligation to help screen employees and visitors for terrorist 
        ties if the facilities rely on Federal credentials that are 
        vetted against the terrorist screening database--without having 
        to supply any other information to DHS.
    H.R. 4007 is a simple bill and strong solution that will allow DHS 
and facilities like mine to concentrate on implementing the CFATS 
regulations without worrying about the future of the program. It would 
help me, and the 30 employees of Hampford Research, significantly. The 
chemical sector is united in support of this bill.
    Thank you for the opportunity to testify, and I look forward to 
your questions.

    Mr. Meehan. Thank you, Ms. Hampford Donahue.
    The Chairman now recognizes Ms. Fendley for her testimony.

 STATEMENT OF ANNA FENDLEY, LEGISLATIVE REPRESENTATIVE, UNITED 
                          STEELWORKERS

    Ms. Fendley. Thank you, Chairman Meehan and Ranking Member 
Clarke, and Members of the subcommittee, for the opportunity to 
testify today.
    I am here on behalf of the United Steelworkers. We 
represent 850,000 workers in many sectors, including the 
majority of organized workers in the chemical industry.
    The massive explosion nearly a year ago in West, Texas, 
brought acute National attention to the vulnerabilities in our 
communities and the potential for the same or much worse is 
present at other facilities across the country.
    CFATS was intended to be an interim measure when DHS was 
given statutory authority during the 109th Congress. Subsequent 
appropriations have not addressed recognized problems with the 
implementation and scope of the CFATS program, and H.R. 4007 
also neglects to address many of the inherent weaknesses of 
CFATS, five of which I will cite today.
    First, H.R. 4007 does not extend CFATS coverage to 
chemicals shipped or stored outside of a facility's fence line 
in nearby rail yards or elsewhere that may have little or no 
security measures. Our members cite rail cars full of hazardous 
chemicals parked outside fence lines near homes and other 
businesses.
    Employers may engage in this form of risk-shifting to be 
taken off the list of high-risk facilities, or it could be 
unintentional. DHS claims that ``more than 3,000 facilities 
removed, reduced, or modified holdings of chemicals of 
interest,'' but maintains no information as to how these 
reductions in holdings were achieved.
    Second, H.R. 4007 does not change the prohibition within 
CFATS of any particular security measure by DHS, including a 
fence in a particular area, a specific control on a unit, or 
any other measure that is well-documented through past practice 
to prevent catastrophic incidents.
    Third, H.R. 4007 does not develop or promote the most 
effective means of reducing a catastrophic chemical incident, 
which is the use of safer chemical processes. Some companies 
have made these changes. According to DHS, nearly 1,300 
facilities have completely removed their chemicals of interest, 
and approximately 600 decreased quantities of chemicals of 
interest to below the threshold. But many companies will never 
even look into innovating with safer processes without a legal 
requirement to do so. A provision addressing this would be a 
particularly effective addition to H.R. 4007.
    Fourth, the personnel surety program under CFATS has the 
potential for unintended consequences. H.R. 4007 does not 
prevent the collection of unnecessary personal employee data by 
employers or third parties that may be inaccurate. There is not 
an adequate appeals process for workers who are wrongly 
discriminated against during the PSP process. DHS statements 
that employers are expected to follow all laws are inadequate 
to protect workers in this regard.
    Many have expressed concern about the duplication of 
efforts and the burden for multiple background checks under the 
PSP. The Transportation Worker Identification Credential, TWIC, 
is an option, but it is not without concerns.
    Fifth, CFATS and H.R. 4007 lack the requirement for a 
meaningful role for workers in chemical security. Workers who 
operate and maintain chemical facilities know the most about 
what needs to be done to reduce vulnerabilities. CFATS should 
require meaningful involvement of plant employees in developing 
security plans and participating in the agency's inspections at 
a facility. Additionally, whistleblower protections should be 
added for workers or others who report vulnerabilities to the 
Secretary of Homeland Security.
    As the first panel cited, there have been a number of 
challenges with implementing the CFATS program. The OIG and GAO 
reports are important documents for serious consideration. 
Another current activity to consider is the report that DHS 
must provide to the House and Senate Appropriations Committees 
by April.
    After the explosion in West, Texas, President Obama signed 
Executive Order 13650 on Improving Chemical Facility Safety and 
Security. The EO's working group has been gathering stakeholder 
input and is currently requesting public comments on policy 
regulation and standards modernization, including issues 
specific to CFATS. A status report is due to the President in 
May. These documents will be very valuable to consider.
    Any legislation authorizing the CFATS program must be 
responsive to the identified shortcomings and challenges of 
CFATS, the oversight recommendations, and other activities at 
the Federal level. Congress should not merely require more 
metrics from an inadequate program when there is consensus 
about problems. Legislative action based on the recommendations 
from OIG, GAO, the EO working group, and other stakeholders is 
necessary to address the gaps in CFATS that leave millions of 
American workers and communities at risk.
    Thank you again for the opportunity to be here today.
    [The prepared statement of Ms. Fendley follows:]
                   Prepared Statement of Anna Fendley
                           February 27, 2014
    Chairman Meehan, Ranking Member Clarke, and Members of the 
committee, thank you for the opportunity to testify today. My name is 
Anna Fendley. I am here on behalf of the United Steel, Paper and 
Forestry, Rubber, Manufacturing, Energy, Allied Industrial, and Service 
Workers International Union--USW for short. We represent 850,000 
workers in the sectors I just mentioned and many others, including the 
majority of unionized workers in the chemical industry and hundreds of 
thousands of men and women whose workplaces use and store large 
quantities of industrial chemicals.
    A massive explosion nearly a year ago at the West Fertilizer 
Company's storage and distribution facility in West, TX killed 15 
people and injured hundreds more. The blast also destroyed a nursing 
home, an apartment complex, schools, and private homes. This incident 
has brought acute National attention to the vulnerabilities in our 
communities. As devastating as the West explosion was, the potential 
for much worse is present at other facilities across the country.
    Our members are well aware of the hazards and the potential for 
wide-spread damage to critical infrastructure and the communities where 
they work and live. Small accidental releases occur more often than the 
public realizes, and it is only a matter of time before the next large 
explosion or release. In one example, our members at a chemical plant 
on the West Coast cite a normal procedure that turned abnormal last 
year and caused a release of sulfuric acid that sent workers at the 
warehouse next door to the hospital. Luckily this release was stopped 
relatively quickly. However, that may not be the case in every 
situation.
    CFATS was intended to be an interim measure when the 109th Congress 
passed legislation providing the Department of Homeland Security (DHS) 
with statutory authority to regulate chemical facilities for security 
purposes. Since that time subsequent Congresses have continued to 
extend the authority to DHS for the CFATS program through 
appropriations. These appropriations have not addressed recognized 
problems within the implementation and scope of the CFATS program and 
have instead allowed an inadequate and ineffective status quo. H.R. 
4007 also neglects to address many of the inherent weaknesses of CFATS, 
five of which of which I will cite today.
    First, H.R. 4007 does not extend CFATS coverage to chemicals 
shipped or stored outside of a facility's fence line in nearby rail 
yards or elsewhere that may have little or no security measures. 
Currently CFATS does not prevent this risk shifting from one location 
to another. I have seen pictures and gotten accounts from our members 
of rail cars full of hazardous chemicals parked for days outside the 
fence line within yards of a busy road near homes and other businesses. 
Employers may engage in this form of risk shifting to be taken off the 
list of high-risk facilities, or risk shifting could be an established 
practice occurring for years because workers and management do not 
recognize the hazard and the potential for a criminal act. Under CFATS 
there is no way of knowing if and how these risks are being shifted, 
which leaves communities in danger. DHS claims that ``more than 3,000 
facilities removed, reduced, or modified holdings of chemicals of 
interest'' but maintains no information as to how these reductions in 
holdings were achieved.\1\ The program does not know or track whether 
the risk was shifted to just over the fence-line.
---------------------------------------------------------------------------
    \1\ http://www.dhs.gov/sites/default/files/publications/
CFATS%20Update_February2014.pdf.
---------------------------------------------------------------------------
    Second, HR 4007 does not change the prohibition within CFATS of any 
``particular security measure'' by DHS including a fence in a 
particular area, a specific control on a unit, or any other measure 
that is well-documented through past practice to prevent catastrophic 
incidents. This capacity-building measure would require covered 
facilities to conduct a structured review of options that avoid 
catastrophic chemical hazards in well-documented assessments and plans 
that are reported to DHS. My colleagues and I work with employers every 
day. Many take safety measures that go above and beyond, but there are 
always some that will only do the minimum required by law and, as we 
all know, some who refuse to even do the minimum required.
    Third, H.R. 4007 does not develop or promote the most effective 
means of reducing a catastrophic chemical incident, which is the use of 
safer chemical processes. DHS,\2\ EPA,\3\ and the U.S. Chemical Safety 
Board \4\ have all highlighted the effectiveness of assessing and, 
where feasible, implementing safer alternatives at high-risk 
facilities. Some companies have shifted to safer processes or reduced 
their inventory of hazardous chemicals so they are no longer listed as 
high-risk. In fact, according to a report from DHS to the Coalition to 
Prevent Chemical Disasters, since the inception of the CFATS program 
nearly 1,300 facilities have completely removed their Chemicals of 
Interest and approximately 600 no longer possess a Chemical of Interest 
at the threshold that requires submission of a Top-Screen to DHS. But 
many companies will never even look into innovating with safer chemical 
processes without a legal requirement to do so. Past legislation in the 
House has included the requirement that covered facilities ``assess 
alternatives, in particular `the technical feasibility, costs, avoided 
costs (including liabilities), personnel implications, savings, and 
applicability of implementing each method to reduce the consequences of 
a terrorist attack'.''\5\ This provision would be a particularly 
effective addition to H.R. 4007.
---------------------------------------------------------------------------
    \2\ http://www.dhs.gov/news/2011/03/30/written-testimony-nppd-
house-committee-energy-and-commerce-hearingtitled-hr-908.
    \3\ http://www.epa.gov/ocir/hearings/testimony/111_2009_2010/
2010_0728_ccd.pdf.
    \4\ http://www.nytimes.com/2014/01/29/opinion/the-next-accident-
awaits.html?smid=pl-share&_r=0.
    \5\ HR 2868--111th Congress. http://beta.congress.gov/bill/111th-
congress/house-bill/2868.
---------------------------------------------------------------------------
    Fourth, the Personnel Surety Program (PSP) under CFATS has the 
potential for unintended consequences. Within the current context of 
the CFATS program, individual chemical facilities are responsible for 
clearing workers under their PSP. H.R. 4007 does not prevent the 
collection of unnecessary personal employee data by employers or third 
parties that may be full of inaccuracies due to errors in reporting. 
CFATS does not include an adequate appeals process for workers who are 
wrongly discriminated against during the PSP process. In a February 3, 
2014 Federal Register notice, DHS stated that employment decisions 
based on background checks are outside of the scope of CFATS and that 
DHS expects employers to comply with applicable Federal, State, and 
local law regarding employment and privacy.\6\ On the whole this is 
inadequate. Workers need an appeals process and whistleblower 
protections under the CFATS.
---------------------------------------------------------------------------
    \6\ http://www.gpo.gov/fdsys/pkg/FR-2014-02-03/pdf/2014-02082.pdf 
(page 6436).
---------------------------------------------------------------------------
    Many have expressed concerns about duplication of efforts and the 
burden for multiple background checks. The Transportation Worker 
Identification Credential (TWIC) is an option, but it is not without 
concerns. What protections would be in place for workers who would 
suddenly be required to secure TWICs to continue working? What 
financial and operational burdens would the installation of biometric 
readers put on facilities? Relying on the TWIC program in this way 
could be problematic, particularly since the Coast Guard has not issued 
a final rule for TWIC readers, it will not be fully deployed in ports 
across the country, and there are examples of some problems with the 
appeals process.
    And fifth, CFATS lacks the requirement for a meaningful role for 
workers in chemical security, and H.R. 4007 does not provide it. 
Workers who operate and maintain chemical facilities know the most 
about what needs to be done to reduce vulnerability and protect against 
a terrorist attack. They would be hurt first and worst in an attack on 
a facility, and therefore have the largest stake in ensuring safety. 
CFATS should require meaningful involvement of plant employees in 
developing security plans. DHS should also be required to include an 
employee representative when the agency does inspections at a facility. 
The Occupational Safety and Health Administration \7\ and the 
Environmental Protection Agency \8\ both have policies that could be 
used as a model for DHS to include workers in inspections. 
Additionally, whistleblower protections should be added for workers or 
others who report problems, deficiencies, and vulnerabilities to the 
Secretary of Homeland Security.
---------------------------------------------------------------------------
    \7\ https://www.osha.gov/Firm_osha_data/100006.html.
    \8\ http://www.epa.gov/compliance/resources/policies/monitoring/
caa/caa112r-rmpguide.pdf.
---------------------------------------------------------------------------
    As the first panel cited, there have been a number of challenges 
with implementing the CFATS program. In a March 2013 report, the Office 
of Inspector General (OIG) found that the program continued to face 
challenges in the areas of submission tools and processes, 
representation and oversight, human capital, and fiscal stewardship.\9\ 
OIG made 24 recommendations to improve implementation of the CFATS 
program, and those recommendations should be considered. Additionally 
the recommendations in the April 2013 Government Accountability Office 
(GAO) report titled ``Critical Infrastructure Protection: DHS Efforts 
To Assess Chemical Security Risk and Gather Feedback on Facility 
Outreach Can Be Strengthened'' should be considered as the committee 
considers risk assessment under the CFATS program.\10\
---------------------------------------------------------------------------
    \9\ http://www.oig.dhs.gov/assets/Mgmt/2013/OIG_13-55_Mar13.pdf.
    \10\ http://www.gao.gov/products/GAO-13-353.
---------------------------------------------------------------------------
    Another current activity to consider is that the Joint Explanatory 
Statement for the Consolidated Appropriations Act, 2014 included a 
requirement that DHS provide a report to the House and Senate 
Appropriations Committees, the House Committee on Energy and Commerce, 
and this committee, the House Committee on Homeland Security by April 
2014.\11\ This report will outline how DHS is using existing resources 
and infrastructure to avoid duplication within the program and how DHS 
is working to ensure that that a facility meets the personnel surety 
standard. The information included in this report will be valuable to 
incorporate into any legislation concerning the CFATS program.
---------------------------------------------------------------------------
    \11\ http://docs.house.gov/billsthisweek/20140113/113-HR3547-JSOM-
D-F.pdf.
---------------------------------------------------------------------------
    After the explosion in West, TX, President Obama signed Executive 
Order (EO) 13650 on Improving Chemical Facility Safety and 
Security.\12\ The EO set up a working group to improve operational 
coordination with State and local partners; enhance Federal agency 
coordination and information sharing; modernize policies, regulations, 
and standards; and work with stakeholders to identify best practices. 
The working group is co-chaired by the Department of Homeland Security, 
the Environmental Protection Agency, and the Department of Labor. It 
has been meeting regularly and has held listening sessions at locations 
across the country to gather stakeholder input about how the agencies 
can more effectively reduce the risks to workers and communities. 
Additionally, there is also a document out for public comment until 
March 31, 2014 requesting public input on policy, regulation, and 
standards modernization. As a part of that public comment, DHS is 
asking for input from stakeholders about the following issues specific 
to CFATS:
---------------------------------------------------------------------------
    \12\ http://www.whitehouse.gov/the-press-office/2013/08/01/
executive-order-improving-chemical-facility-safety-and-security.
---------------------------------------------------------------------------
   Options to improve the secure storage, handling, and sale of 
        ammonium nitrate;
   Potential updates to the CFATS chemicals of interest list 
        and the screening threshold quantities of certain substances 
        contained on that list;
   Options for improving the coverage of reactive substances 
        and reactivity hazards;
   Options for addressing security of chemicals at agricultural 
        production facilities;
   Opportunities to leverage industry best practices in 
        chemical facility security;
   Methods for identifying economically and mission-critical 
        chemical facilities;
   Opportunities to harmonize facility security standards 
        across different programs; and
   Approaches to identifying potential high-risk chemical 
        facilities that have not yet complied with their initial CFATS 
        obligations.\13\
---------------------------------------------------------------------------
    \13\ https://www.osha.gov/chemicalexecutiveorder/
Section_6ai_Options_List.html.
---------------------------------------------------------------------------
    A status report from the working group to the President is due on 
May 1, 2014 along with a comprehensive and integrated standard 
operating procedure that unifies the Federal approach for identifying 
and responding to risks. These documents will be very valuable to 
consider as a part of CFATS reform.
    Any legislation authorizing the program must be responsive to the 
identified shortcomings and challenges of CFATS, the oversight 
recommendations, and other activities at the Federal level regarding 
the CFATS program. Congress should not merely require more metrics from 
an inadequate program when there is consensus about problems in the 
program. Legislative action based on the recommendations from OIG, GAO, 
the EO working group, and other stakeholders is necessary to address 
the gaps in CFATS that leave millions of American workers and 
communities at risk.
    Thank you again for the opportunity to testify today.

    Mr. Meehan. I thank you, Ms. Fendley. I thank each of the 
panelists.
    Let me begin with you, Mr. Miller, representing larger 
industry in this. There has been major investment that has been 
made by the industry in response to the call and a sense of 
responsibility to try to meet the challenge of securing our 
chemicals against the threat of potential use for terrorist 
activity.
    That investment has been made under the basis that there be 
some kind of certainty with regard to the program. What does it 
mean to business to have a question of certainty? How is it 
that people make calculations about the kinds of investments 
and planning that they are going to do in larger organizations 
where oftentimes you can have numerous facilities and literally 
millions of dollars at stake, so to speak, in the decisions 
that you make?
    Mr. Miller. Thank you, Mr. Chairman, for that question.
    It does certainly play into the considerations of capital 
planning. The reality of it is, money spent for security 
measures may be money that was taken away from some other 
process that we wanted to make an improvement on. But knowing 
that the money that we are spending is not necessarily going to 
be--I don't want to say wasted, but certainly the money that is 
spent trying to comply with the program should be spent for a 
good cause. Knowing that this program is going to be around and 
it is going to be something that we will be complying with for 
a number of years would be helpful.
    Mr. Meehan. So the absence of some kind of certainty with 
regard to it may in these times of difficult decision making at 
a corporate level lead people to say, well, if we don't know, 
resources could be shifted until there is certainty into 
another area, leaving some measure of potential vulnerability 
as we move forward?
    Mr. Miller. Well, I think that we as an industry try to be 
responsible in that area and we want to make sure that we are 
doing what we should be doing in the security arena. However, 
having that uncertainty can cause, I think, some companies to 
proverbially kick the can down the road and wait to see what is 
going to happen as to whether this regulation is going to 
continue or not.
    Mr. Meehan. Thank you.
    Ms. Donahue, you represent many of the smaller participants 
in the business. We recognize that there are numerous 
components, and that may be the very place where, you know, we 
have got smaller companies, smaller abilities to be responsive 
to mandates and other kinds of things, and yet a similar 
interest in trying to be responsive to our goal of protecting 
the homeland.
    What does it mean to--you used the word flexibility. What 
about this legislation enables you to have some measure of 
flexibility while still fulfilling the obligations that you 
think the law creates?
    Ms. Hampford Donahue. Well, in general, I mean, in the 
course of our plan being approved, it was a real dialogue with 
the inspectors. They were in our facility. They could see some 
of the space limitations we were dealing with and other issues.
    We talked about how we created more layers of security. 
They had some ideas for us that hadn't occurred to us before, 
and we had some, actually, some insights that they added to 
their list, so it was it was a very collaborative process that 
ended up with a plan that we could execute within our means--
again, goes back to this capital planning--I would echo it is 
probably even more important for a small facility to be able to 
plan capital spending, because we have fewer dollars to spend, 
and chemical manufacturing is an extremely capital-intensive 
business, extremely.
    So the more we can plan for what is going to be required to 
meet the commitments for CFATS, the better it is for us. I 
mean, if we are talking about putting some new camera system 
in, I need to know that that is going to be an investment that 
will be able to keep for years to come and that, in 2 years, I 
won't have some new set of standards that I have to meet, that 
now the candid cameras aren't a good investment.
    So flexibility to look at the standards and create 
solutions that are executable in my facility is important, but 
also this ability to plan long-term.
    Mr. Meehan. That flexibility, as well, is--there is an 
engagement that is taking place, in the sense of you are 
collaboratively looking at the kinds of things that may be 
being requested of you, but there is also a dialogue about 
things, where and how you store your chemicals and otherwise. 
Would it be conceivable you would be asked questions about 
whether you have materials outside of the boundaries of your 
particular plant?
    Ms. Hampford Donahue. Absolutely.
    Mr. Meehan. Would there then be an opportunity for DHS to 
engage with you about ways to assure that they are at least 
either in transit or you could shift things if necessarily to 
assure that they are otherwise secure?
    Ms. Hampford Donahue. Absolutely.
    Mr. Meehan. So this is the part of the flexibility and the 
ability to move forward is the on-going dialogue that takes 
place, so when issues are raised with respect to security of 
these, there is a capacity with the way things are being 
constructed in this bill to be responsive and to take 
appropriate steps to assure that they are taken.
    Ms. Hampford Donahue. Based on what we have seen so far, 
yes.
    Mr. Meehan. Okay.
    Ms. Hampford Donahue. I mean, we have an open dialogue with 
the inspectors that were there, that as we implement our plan, 
should, you know, you hit a speed bump that you weren't 
anticipating, you know, we will be absolutely picking up the 
phone to talk to them about how we best resolve, you know, any 
forthcoming issues. So the dialogue that was created during the 
audit was the cornerstone of this for us.
    Mr. Meehan. Thank you. My time is expired, and I turn to 
the Ranking Member for questions she may have.
    Ms. Clarke. Thank you, Mr. Chairman. Let me thank Mr. 
Miller, Ms. Hampford Donahue, and Ms. Fendley for your expert 
testimony here today.
    My question is to you, Ms. Fendley: In your testimony, you 
mentioned that chemical security measures rarely address 
capacity-building measures that would require covered 
facilities to conduct a structured review of options that would 
help avoid catastrophic chemical hazards and that are reported 
to DHS. I know that you and your organization work with 
employers every day to improve the safety and security of 
workers. We also know that many companies take their corporate 
responsibility to work with the citizens who live nearby 
seriously and take safety measures that go above and beyond.
    But there are always bad actors who do the minimum required 
by law or less. Can you give us some examples of how we can 
help the CFATS program and coverage avoidance of catastrophic 
chemical hazard?
    Ms. Fendley. Sure. Thank you for that question. The most 
effective means, we believe, to avoid these catastrophic 
incidents is to promote and develop the use of safer chemical 
processes. As I included in my testimony, there are many 
facilities that have done that, but that dramatically mitigates 
the risk, should an act of terror take place.
    There has been legislation in past congresses that 
addresses that and included some requirements that facilities 
at a minimum assess the financial and technological feasibility 
to implement those kinds of processes. I think the second thing 
I would add is that the CFATS program does a very good job of 
hearing from industry as a stakeholder, but workers and 
communities also ought to be at the table as stakeholders in 
this process. Workers specifically at facility sites would be 
incredibly useful in creating site security plans and 
participating in inspections, because they are the people who 
are really on the process every day and they understand the 
true vulnerabilities.
    Ms. Clarke. Ms. Hampford Donahue, you are a smaller 
company, and you mentioned that part of what has sort-of 
enabled you to wrap your arms around this process is the 
consultative process with inspection. Part of the challenge 
that we are facing right now is the outlying organization; 
based on the West Virginia--excuse me, the West, Texas, model, 
it seemed to be a small company, as well.
    Through your trade association, have you been able to sort-
of get to those far-flung organizations to have them become a 
part of your association? What are the challenges that we face 
as a Nation in sort of locating those outliers? Because it 
seems to me that that process of collaboration and inspection 
helps those companies that may be isolated to come into 
compliance and have a certain level of comfort in that 
interaction.
    Ms. Hampford Donahue. I am not sure that I can speak 
specifically to the issue of outliers. I can speak to the kind 
of dialogue that we have within the SOCMA membership. I can 
tell you that when we received the call that we were going to 
be inspected, that was the first call I made was to SOCMA, to 
reach out to the staff there and to my fellow board of 
governors, members, to find out who else had been inspected. So 
it is, you know, an active engagement that we have talking 
about, you know, all sorts of issues, but--CFATS being one of 
them.
    Beyond--I mean, talk about outliers. I don't know of any. I 
mean, everybody that is in SOCMA that I know of is compliant 
with whatever Government regulations they need to be.
    Ms. Clarke. I guess my question to you was, have you seen 
in your experience, I guess, the willingness or an ability to 
identify a company that may be out there that sees your 
organization as a place where they can find a home and then 
ultimately become far more engaged in a trade association, 
thereby getting the access to the information they would need 
to be in compliance with CFATS?
    I mean, I am sure there are companies that are coming on-
line every day, but there may be older ones out there that, you 
know, get access to the web and see your organization. Have you 
seen that as an avenue?
    Ms. Hampford Donahue. Well, SOCMA has--you know, got a very 
strong outreach effort to its members. Certainly, legislative 
and regulatory issues are a cornerstone of that. If you go to 
any SOCMA meeting, board meeting or, you know, other seminar or 
session that they have, there is always a regulatory or 
legislative component to what we are talking about.
    So I think for us, certainly, that is one of the benefits 
of SOCMA membership, is that that is the way that I make sure 
that my company is always compliant with what is going on or 
what we need to be, so I would assume that is why other 
organizations would join, as well.
    Ms. Clarke. Very well. Thank you very much, Mr. Chairman. I 
yield back.
    Mr. Meehan. I thank the Ranking Member.
    I just have one sort-of follow-up question that I would 
like to ask for some insight on. I know we have mentioned a 
couple of times the personnel surety performance, and I am 
aware that there is continuing difficulty with some of this. 
Mr. Miller, our committee appreciates that DHS has taken some 
steps. Some have called them a little overly burdensome or 
invasive at times. We also want to make sure that progress in 
this regard that has been made isn't retarded in a way that it 
becomes difficult to do the thing we want to do, which is to 
attest to the ability of somebody who is in a facility to 
appropriately be there.
    With these twin concerns of mine, how would you think you 
would like to see the personnel surety requirement developed?
    Mr. Miller. Thank you, Mr. Chairman. The personnel surety 
performance standard is a tough one, because there is a certain 
element of that performance standard having to do with 
vetting--or vetting people against the Terrorist Screening 
Database, that there is only one way that can be accomplished, 
and that can only be accomplished by submitting data in some 
manner to the Federal Government for them to bounce it off of 
that database.
    So that makes it a little bit of a challenge to say that we 
should have various options to be able to comply, when you have 
that restriction. So I think that is the reason for the 
consideration of having--recognizing multiple credentials that 
are already out there that do that thing to comply with this 
performance standard.
    Another option, though, too, is--and certainly it is 
something that we look at our facilities--is the true issue 
here is allowing people having access to the chemicals of 
interest. Where we have the ability to isolate those materials 
so that we can reduce the number of people that have access to 
that, and we take advantage of that, that way, that reduces the 
total population that we have to submit to DHS. The 
simplification and the reduction of the number of people that 
have access to those types of materials is what we are driving 
for there.
    If I might add one more thing, in some of the other 
questioning--and I apologize for being so bold--but there has 
been a lot of discussion about the facilities and the 
population of facilities that almost sounds like this is a 
static program, but it is not. All of my facilities at any 
given time may decide to change a process. They may decide to 
expand their processes. We have to have a process in place 
where we are continually monitoring what our facilities are 
doing, so that if they suddenly trigger the need for a Top-
Screen, we know about it and we can have that facility to do 
that.
    Same way with our warehouses and so forth, in kind-of going 
to Ranking Member Clarke's question. We make sure that our 
suppliers and that our warehouses and so forth recognize they 
may have to comply with CFATS, because the last thing we need 
is to have a warehouse or a supplier get shut down by DHS and 
we can't get that--can't have that working material there.
    So that is one of the ways that outreach can be done. This 
is a dynamic regulation, in that it is always changing as far 
as the population of facilities that are out there.
    Mr. Meehan. Well, I thank you for that observation about 
not only the dynamism, but we used the word flexibility before 
as with anything, and one of the real objectives of this 
legislation was to make it structured enough that we could be 
able to accomplish the very real objectives that we share, but 
also not to make it so prescriptive or to be introducing so 
many new variables into these that we start to get in the way 
of the very specific objective that we have now, recognizing 
that that concept of flexibility always opens the door to, if 
there is another kind of need, it can be included, but if we 
don't have a baseline that allows us to get started, we are 
going to continue to wallow in the mud and find ourselves 
potentially down here 2 or 3 years later looking at the next 
West, Texas, and saying, why didn't we do something to make the 
difference?
    I want to thank you for your testimony. I want to thank you 
for your work in this very, very important area. We appreciate 
the value of the information you have been able to bring to us 
in deliberations about this important bill. So I thank the 
witnesses.
    The Members of the committee may have some additional 
questions for you, and if they do, I ask that you respond in 
writing. So, thank you.
    Pursuant to committee rule 7(e), the record of this hearing 
will be held open for 7 days. Without objection, the 
subcommittee stands adjourned.
    [Whereupon, at 12:32 p.m., the subcommittee was adjourned.]

                                 [all]
