[Senate Hearing 115-477]
[From the U.S. Government Publishing Office]


                                                        S. Hrg. 115-477

                    EXAMINING THE CHEMICAL FACILITY
                    ANTI-TERRORISM STANDARDS PROGRAM

=======================================================================

                               ROUNDTABLE

                               BEFORE THE

                              COMMITTEE ON
               HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
                          UNITED STATES SENATE

                     ONE HUNDRED FIFTEENTH CONGRESS


                             SECOND SESSION

                               __________

                             JUNE 12, 2018

                               __________

        Available via the World Wide Web: http://www.govinfo.gov

                       Printed for the use of the
        Committee on Homeland Security and Governmental Affairs
        
        

[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]        



                  U.S. GOVERNMENT PUBLISHING OFFICE                    
34-315 PDF                  WASHINGTON : 2019                     
          
-----------------------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center,
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free).E-mail, 
[email protected].      

        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

                    RON JOHNSON, Wisconsin, Chairman
JOHN McCAIN, Arizona                 CLAIRE McCASKILL, Missouri
ROB PORTMAN, Ohio                    THOMAS R. CARPER, Delaware
RAND PAUL, Kentucky                  HEIDI HEITKAMP, North Dakota
JAMES LANKFORD, Oklahoma             GARY C. PETERS, Michigan
MICHAEL B. ENZI, Wyoming             MAGGIE HASSAN, New Hampshire
JOHN HOEVEN, North Dakota            KAMALA D. HARRIS, California
STEVE DAINES, Montana                DOUG JONES, Alabama

                  Christopher R. Hixon, Staff Director
                Gabrielle D'Adamo Singer, Chief Counsel
              Colleen E. Berny, Professional Staff Member
                     William G. Rhodes III, Fellow
               Margaret E. Daum, Minority Staff Director
             J. Jackson Eaton IV., Minority Senior Counsel
           Julie G. Klein, Minority Professional Staff Member
                     Laura W. Kilbride, Chief Clerk
                   Bonni E. Dinerstein, Hearing Clerk

                            
                            C O N T E N T S

                                 ------                                
Opening statements:
                                                                   Page
    Senator Johnson..............................................     1
    Senator McCaskill............................................     2
    Senator Peters...............................................    16
    Senator Carper...............................................    19
Prepared statements:
    Senator Johnson..............................................    37
    Senator McCaskill............................................    38

                               WITNESSES
                         Tuesday, June 12, 2018

David Wulf, Acting Deputy Assistant Secretary for Infrastructure 
  Protection, National Protection and Programs Directorate, U.S. 
  Department of Homeland Security................................     3
Christopher P. Currie, Director, Homeland Security and Justice 
  Team, U.S. Government Accountability Office....................     5
Jesse LeGros, Jr., Vice President, Infrastructure Protection, 
  AFGE National Local #918.......................................     6
Jennifer Gibson, Vice President, Regulatory Affairs, National 
  Association of Chemical Distributors...........................     6
Randall Eppli, President and CEO, Columbus Chemical Industries, 
  Inc............................................................     7
William Erny, Senior Director, American Chemistry Council........     8
Justine Louchheim, Director, Government Affairs, The Fertilizer 
  Institute......................................................     9
Linda Menendez, Director of Operations, Austin Powder Company....    10
Debra S. Satkowiak, President, Institute of Makers of Explosives.    11

                     Alphabetical List of Witnesses

Currie Christopher P.:
    Testimony....................................................     5
    Prepared statement...........................................    53
Eppli, Randall:
    Testimony....................................................     7
    Prepared statement...........................................    67
Erny, William:
    Testimony....................................................     8
    Prepared statement...........................................    73
Gibson, Jennifer:
    Testimony....................................................     6
    Prepared statement...........................................    61
LeGros, Jesse Jr.:
    Testimony....................................................     6
    Prepared statement...........................................    57
Louchheim, Justine:
    Testimony....................................................     9
    Prepared statement...........................................    75
Menendez, Linda:
    Testimony....................................................    10
    Prepared statement...........................................    80
Satkowiak, Debra S.:
    Testimony....................................................    11
    Prepared statement...........................................    88
Wulf, David:
    Testimony....................................................     3
    Prepared statement...........................................    41

                                APPENDIX

Statements submitted for the Record:
    Agricultural Retailers Association...........................    98
    Chamber of Commerce..........................................   101
    Environmental Technology Council.............................   103
    National Association of Manufacturers........................   107
Responses to post-hearing questions for the Record:
    Mr. Wulf.....................................................   114

 
                   ROUNDTABLE EXAMINING THE CHEMICAL
               FACILITY ANTI-TERRORISM STANDARDS PROGRAM

                              ----------                              


                         TUESDAY, JUNE 12, 2018

                                     U.S. Senate,  
                           Committee on Homeland Security  
                                  and Governmental Affairs,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 10:37 a.m., in 
room 106, Dirksen Senate Office Building, Hon. Ron Johnson 
presiding.
    Present: Senators Johnson, McCaskill, Carper, Heitkamp, 
Peters, Hassan, and Harris.

             OPENING STATEMENT OF CHAIRMAN JOHNSON

    Chairman Johnson. Good morning. This roundtable will come 
to order. I want to thank everybody for your thoughtful 
testimony and your time appearing here today.
    This is an important issue. I will just consent to have my 
written statement entered into the record.\1\ I do not want to 
spend a whole lot of time because I would rather hear from you 
folks. But as I have gone through the testimonies, we have gone 
through this reauthorization once, and I really think it was a 
pretty good attempt, in 2014, to take what was originally 
authorized in 2007, recognize some of the problems with it and 
address them, and there have been improvements made. I do not 
think there is any doubt about it.
---------------------------------------------------------------------------
    \1\ The prepared statement of Senator Johnson appears in the 
Appendix on page 37.
---------------------------------------------------------------------------
    We need to consider reauthorization for 2019. It sounds 
like just about everybody here is in favor of authorization. 
But I think there are some real serious issues we need to 
discuss. And without upsetting the apple cart, without making 
dramatic changes, anything we can do to streamline this, to 
take advantage of what is already happening in other agencies.
    Coming from a manufacturing background, I was talking to 
the witnesses beforehand we extruded a very inert plastic, very 
environmentally friendly, and yet we still had an Material 
Safety Data Sheet (MSDS) book that thick. We had our local fire 
department come in to do very detailed inspections, seeing what 
kind of dangerous chemicals would certainly create a fire 
hazard. We have the Bureau of Alcohol, Tobacco, Firearms and 
Explosives (ATF) doing a pretty darn good job when you take a 
look at the history of keeping explosives out of the hands of 
people that have maligned intent.
    So as much as possible you want to take advantage of other 
governmental agencies. You want to design programs that are 
very similar, to make them as identical as possible so industry 
is not forced to really comply with the whims of multiple 
masters. So that would be certainly my goal here in any kind of 
reauthorization, is, again, not come up with something entirely 
new but take a look at the current structure, look at the 
improvements made from 2007 to 2014, and then moving forward 
for reauthorization that is due in January 2019. What can we do 
to further streamline this and take advantage of those other 
opportunities? So that is kind of what I am hoping this 
discussion will be about, and as we move forward over the next 
few months, prior to reauthorization, we can work cooperatively 
to achieve exactly that.
    With that I will turn it over to my Ranking Member, Senator 
McCaskill.

           OPENING STATEMENT OF SENATOR MCCASKILL\1\

    Senator McCaskill. I apologize to all of you. I went to the 
wrong location.
---------------------------------------------------------------------------
    \1\ The prepared statement of Senator McCaskill appears in the 
Appendix on page 38.
---------------------------------------------------------------------------
    Chemical Facility Anti-Terrorism Standards (CFATS) program, 
initially began over a decade ago when Congress authorized it 
in late 2006. It became operational shortly thereafter, in 
2007. As it is clear from the name, the CFATS program is part 
of our country's counter-terrorism efforts. It is designed to 
secure facilities with hazardous chemicals, to reduce the 
possibility of those chemicals being used in a terrorist 
attack, as they were, for example, in the Oklahoma City 
bombing.
    CFATS uses a risk-based approach to determine which 
facilities should be covered by the program. Facilities that 
must comply with CFATS must manufacture or store at least 1 of 
322 chemicals of interest, at or above a certain quantity and 
concentration.
    There are 18 risk-based performance standards (RBPS) that 
facilities must implement, from securing the perimeter to 
conducting background checks. However, it is up to each covered 
facility to determine and implement the appropriate measures 
that fit the unique needs of each facility. DHS does not 
mandate that fences be built to a certain height, for example, 
or that certain surveillance equipment must be used. The 
program is intended to be flexible and tailored to each 
facility.
    Obviously, CFATS has had a rocky start. At one point, the 
program faced an extensive inspection backlog, and as I 
understand it, the U.S. Department of Homeland Security (DHS) 
struggled to review the Site Security Plans (SSPs) in a timely 
manner. These issues were compounded by the fact that for a 
period of time, CFATS was authorized on a series of short-term 
spending measures. That is not an ideal way to structure and 
manage a regulatory program. It is very difficult for 
businesses to comply with necessary regulations. It is even 
more difficult if there is not certainty and predictability.
    The concern that the program would lapse or that Congress 
would dramatically change it prevented DHS from making long-
term adjustments to develop a sustainable and fair regulatory 
regime. I am told by both DHS and many in industry alike that 
the program has come a long way since it was reauthorized in 
2014. We secured a 4-year authorization, which turned out to be 
a game-changer. DHS had the space it needed to make adjustments 
to the program and improve the experience for covered 
facilities.
    By all accounts, CFATS is now more streamlined, user-
friendly, and less cumbersome. Moreover, companies finally 
received the regulatory certainty and stability they needed to 
make lasting investments in the security of their facilities.
    The current authorization expires in January 2019. I am 
hopeful this roundtable will help us determine what aspects are 
working well and where we need to make changes. Obviously, we 
are all interested in addressing both gaps in the regulation 
and further improving the program's applicability and 
efficiency as it relates to how easy it is for private 
businesses to manage.
    Given the tight legislative schedule remaining, this 
Committee has our work cut out for us to make sure CFATS does 
not lapse and that we go back to the old days of nobody being 
certain what is going to be or when it is going to be that.
    I am confident that we can get it done in a way that 
ensures we are keeping hazardous chemicals away from terrorists 
while also allowing businesses and communities to thrive.
    Thank you, Mr. Chairman. I look forward to hearing from our 
roundtable participants.
    Chairman Johnson. Thank you, Senator McCaskill. So we will 
just go from my left to right, and we will start with David 
Wulf, who currently serves as the Deputy Assistant Secretary 
for Infrastructure Protection of the National Protection and 
Programs Directorate (NPPD), U.S. Department of Homeland 
Security. Mr. Wulf.

 TESTIMONY OF DAVID WULF,\1\ ACTING DEPUTY ASSISTANT SECRETARY 
 FOR INFRASTRUCTURE PROTECTION OF THE NATIONAL PROTECTION AND 
   PROGRAMS DIRECTORATE, U.S. DEPARTMENT OF HOMELAND SECURITY

    Mr. Wulf. Thank you, Mr. Chairman, thank you, Ranking 
Member McCaskill and Members of the Committee.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Wulf appears in the Appendix on 
page 41.
---------------------------------------------------------------------------
    I really appreciate the opportunity to be here to day to 
provide an update on the progress of the Chemical Facility 
Anti-Terrorism Standards program, the progress we continue to 
make in fostering security at America's highest-risk chemical 
facilities.
    When I last testified before this Committee I emphasized 
the importance of long-term authorization for this critical 
anti-terrorism program, and am very grateful for the leadership 
the Committee demonstrated in security the 4-year CFATS 
authorization that was signed into law in December 2014.
    As we now find ourselves nearly 3\1/2\ years into the 
authorization period, I am grateful that the Committee is again 
taking the lead to continue long-term authorization of CFATS, 
and maybe even give some thought to permanent authorization. 
Just a thought.
    As I am sure you will hear me say once or twice today, the 
stability that has come along with long-term authorization has 
driven unprecedented progress as we have worked with CFATS-
covered facilities to make America's high-risk chemical 
infrastructure a truly hard target, with literally tens of 
thousands of security measures having been put into place at 
high-risk facilities across the country.
    The stability afforded by long-term authorization has 
facilitated our planning and execution of important 
programmatic improvements while it has also afforded regulated 
industry stakeholders with the certainty that they deserved as 
they planned for and made significant investments in CFATS-
related security measures.
    I do also want to take this opportunity to thank the 
Committee for including, in the recent DHS authorization bill 
legislation that would transform our parent organization, the 
National Protection and Programs Directorate, into the 
Cybersecurity and Infrastructure Security Agency (CISA). This 
new agency would continue NPPD's mission of leading the 
national effort to improve critical infrastructure security, 
coordinating the protection of the Federal Government's 
networks and physical infrastructure, and helping entities 
across the public and private sectors to manage potential cyber 
risks. As the threats facing our national security grow and 
evolve every day, we look forward to continuing to work with 
this Committee to pass that critical legislation.
    Turning back to CFATS, as we are all too aware, the threat 
of chemical terrorism remains a real and very relevant one. 
Around the globe, we continue to see bad actors seeking to 
acquire and using in attacks chemicals of the sort that trigger 
coverage under CFATS, and the threat stream continues to 
reflect that chemical facilities themselves remain an 
attractive target for terrorists. So I can tell you with 
certainty that the work we are doing in concert with our 
committed stakeholders across the wide variety of industries 
and facilities that comprise the CFATS-regulated universe is 
making a real difference in protecting this Nation.
    And having had the opportunity to work closely with my 
counterparts in other countries, I can absolutely tell you that 
what we are doing here, in the United States, through CFATS, 
what you have helped us to build with your support for long-
term authorization, is absolutely the envy of the world. With 
its 18 comprehensive risk-based performance standards and it is 
non-prescriptive, flexible approach, CFATS is well suited to 
enhancing security across the very diverse universe of high-
risk chemical facilities.
    So what have we been doing to make CFATS even stronger as 
we have enjoyed the stability of long-term authorization over 
the past 3\1/2\ years? Well, we have improved processes and 
have seen unprecedented progress in the pace of inspections and 
in the review and approval of facility site security plans, 
eliminating a backlog of security plan reviews 6 years ahead of 
earlier Government Accountability Office (GAO) projections. We 
have developed and launched an improved risk assessment 
methodology that effectively accounts for all relevant elements 
of risk and have reassessed the level of risk associated with 
nearly 30,000 facilities across the Nation.
    We have implemented the CFATS Personal Surety Program, 
affording the highest tier at CFATS-covered facility, the 
ability to ensure that individuals with access to those 
facilities have been vetted for terrorist ties, and we have 
significantly reduced burden across our stakeholder community, 
having built and launched a streamlined, more user-friendly 
suite of online tools through which facilities submit risk 
assessment or top-screen surveys and develop their site 
security plans.
    So I have probably gone a minute or two long so my 
apologies for that, Mr. Chairman. But in closing, and just to 
finish on a positive note, I would like to again thank this 
Committee and your top-notch staff for your leadership in the 
CFATS reauthorization process. We are very fond of saying that 
chemical security is a shared commitment and not unlike the 
role of our industry stakeholders who have embraced and built 
this program in so many ways, and the role of our committed and 
very talented team at DHS. The role of Congress, the role of 
this Committee in shaping and authorizing CFATS for the long-
term has been hugely important, and I am looking forward to 
working further with you as we drive toward reauthorization 
this year.
    So thank you very much. I look forward to the dialog here 
today.
    Chairman Johnson. Thank you, Mr. Wulf. Now, of course, 
everybody knows that that was just a bluff about the length of 
time.
    Mr. Wulf. Sorry about that.
    Chairman Johnson. Our next witness is Christopher Currie. 
Mr. Currie currently serves as the Director of Emergency 
Management, National Preparedness, and Critical Infrastructure 
Protection, Homeland Security and Justice Team, U.S. Government 
Accountability Office. Mr. Currie.

   TESTIMONY OF CHRISTOPHER P. CURRIE,\1\ DIRECTOR, HOMELAND 
   SECURITY AND JUSTICE TEAM, U.S. GOVERNMENT ACCOUNTABILITY 
                             OFFICE

    Mr. Currie. Thank you very much, Mr. Chairman, Ranking 
Member McCaskill. As you said, I work for GAO. We have been 
assessing this program for almost a decade now. After about a 
billion dollars in taxpayer money spent, and more by the 
industry on the panel, numerous GAO recommendations, and 
heavy--and I emphasize heavy--oversight by Congress, the CFATS 
program has addressed many management challenges it faced early 
on.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Currie appears in the Appendix on 
page 53.
---------------------------------------------------------------------------
    However, just fixing the past problems is not enough today. 
As Congress considers reauthorization there are other issues, I 
think, need to be discussed here. Some of these are addressed 
in our past work, others are addressed in our ongoing work that 
we will issue later this summer, and others, I think, warrant 
conditional attention as we move forward and continue to 
evaluate this program, even if it is reauthorized.
    First, the purpose of security regulations is to improve 
security. It is critical that the program be able to measure 
how risks are being reduced and not just focus on outputs, like 
inspection numbers.
    Second, the program has to evolve with new threats, like 
cyber and staff need and training awareness to help these 
facilities evolve with the threats.
    Third, first responders, as you mentioned, the fire 
departments and others like that, need to know what they are 
responding to and how to address it at these facilities. A 
balance must be struck between sharing information with the 
communities and protecting security.
    Last, in such a regulated industry as this, the Federal 
Government should look for opportunities and efficiencies to 
leverage multiple regulatory programs as well.
    Thank you very much, and I look forward to the discussion.
    Chairman Johnson. Thank you, Mr. Currie.
    Our next witness is Jesse LeGros. Mr. LeGros is the Acting 
Vice President of Infrastructure Personnel at the American 
Federation of Governmental Employees (AFGE) National Local 918. 
Mr. LeGros also serves as a CFATS chemical security inspector 
for the Department of Homeland Security. Mr. LeGros.

      TESTIMONY OF JESSE LEGROS, JR.,\1\ VICE PRESIDENT, 
      INFRASTRUCTURE PROTECTION, AFGE NATIONAL LOCAL #918

    Mr. LeGros. Thank you, Chairman. I will be pretty quick on 
mine. I am one of the original chemical security inspectors 
that was detailed from Federal Protective Service (FPS) over, 
so I have been here through the good, the bad, the ugly, if you 
will. CFATS is a good regulation and it needs to be 
reauthorized. However, it needs to be an appropriate 
regulation, not a continuing one.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. LeGros appears in the Appendix on 
page 57.
---------------------------------------------------------------------------
    Having said that, the main reason for me being here is to 
talk about the training issues, specifically in the cyber, or 
the lack of the cyber training that we are getting. With cyber 
being such a forefront issue, it is hard for us to, as 
inspectors, to regulate cyber issues at a facility when we have 
not had any substantive training on cyber.
    I give my time back to the Director so he has extra.
    Chairman Johnson. I appreciate that.
    Our next witness is Jennifer Gibson. Ms. Gibson is the Vice 
President of Regulatory Affairs at the National Association of 
Chemical Distributors (NACD). Ms. Gibson.

  TESTIMONY OF JENNIFER GIBSON,\2\ VICE PRESIDENT, REGULATORY 
     AFFAIRS, NATIONAL ASSOCIATION OF CHEMICAL DISTRIBUTORS

    Ms. Gibson. Good morning, Mr. Chairman, Ranking Member 
McCaskill, and Committee Members. Thank you so much for 
inviting NACD to participate in this roundtable today.
---------------------------------------------------------------------------
    \2\ The prepared statement of Ms. Gibson appears in the Appendix on 
page 61.
---------------------------------------------------------------------------
    NACD and our over 440 member companies are vital to the 
chemical supply chain, providing products to over 750,000 end 
users. NACD members are leaders in health, safety, security, 
and environmental performance through implementation of 
Responsible Distribution, established in 1991 as a condition of 
membership in a third-party-verified management practice.
    While security has always been an inherent element of 
Responsible Distribution, after the September 11th terrorist 
attacks, NACD added specific security elements to the program 
and we continue to enhance these requirements.
    Chemical distribution is also a very highly regulated 
industry, as you can imagine, and that being said we are very 
strong supporters of the CFATS program. I will tell you why. 
Unlike some other agencies, DHS has taken a very collaborative 
approach in implementing CFATS. Rather than coming in with a 
find-and-fine mentality, as many agencies do, inspectors and 
headquarters staff alike have had very productive conversations 
with the industry, the regulated community, with the ultimate 
goal of improving security. This has led to greater 
efficiencies such as the development of alternative security 
programs, which allow facilities to really take advantage of 
other measures that they have in place, both regulatory and 
through industry programs such as Responsible Distribution.
    A long-term CFATS reauthorization will provide stability 
for both industry and DHS. Industry has made substantial 
investments in CFATS and a long-term reauthorization will give 
companies the certainty that this will continue and those 
investments were worthwhile. It will also allow DHS to continue 
to build on the program efficiencies that they achieved 
following the 2014 reauthorization.
    So NACD strongly supports a long-term authorization of 
CFATS and we look forward to our discussion today.
    Chairman Johnson. Thank you, Ms. Gibson.
    Our next witness is Randall Eppli. Mr. Randall is the 
President and Chief Executive Officer (CEO) of Columbus 
Chemical Industries (CCI), headquartered in Columbus, 
Wisconsin. Mr. Eppli.

  TESTIMONY OF RANDALL EPPLI,\1\ PRESIDENT AND CEO, COLUMBUS 
                   CHEMICAL INDUSTRIES, INC.

    Mr. Eppli. Good morning, Chairman Johnson, Ranking Member 
McCaskill, and distinguished Members of this Committee.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Eppli appears in the Appendix on 
page 67.
---------------------------------------------------------------------------
    Columbus Chemical Industries is a chemical distributor 
headquartered in Columbus, Wisconsin, and as Senator Johnson 
indicated, we are about 20 minutes outside of Madison. I want 
to thank you for allowing me to participate in this important 
roundtable and I am pleased to provide input to the CFATS 
program.
    CCI is a 40-year-old, family owned manufacturer and 
distributor of chemicals and chemical solutions for industries 
such as semiconductor, medical device, pharmaceutical, 
laboratory, and various other applications. CCI is a small 
business. Our 70-person team serves customers throughout North 
America, Europe, and Asia, from our facility in Wisconsin and 
our facility in Phoenix, Arizona. We have been an active member 
of the National Association of Chemical Distributors for 25 
years.
    From the beginning, DHS generally took a non-adversarial, 
consultative and reasonable approach in implementing the CFATS 
regulations. It has been our experience that the DHS staff, in 
both the field and at headquarters, have generally been 
knowledgeable, professional, and courteous. Additionally, we 
have appreciated that DHS arranges their site visits with us in 
advance, unlike many other government agencies.
    I believe the CFATS program has made the chemical industry 
and our Nation more secure. Since the program's establishment 
in 2007, we have invested significant capital and training 
resources toward enhanced security measures at our facilities. 
While these resources did not necessarily help us improve our 
business or grow our business, they were nonetheless important 
to ensure the security of my company, of our employees, and the 
community.
    CCI, as a company, supports the long-term authorization of 
CFATS. Thank you.
    Chairman Johnson. Thank you, Mr. Eppli.
    Our next witness is William Erny. Mr. Erny currently serves 
as Senior Director at the American Chemistry Council (ACC).

    TESTIMONY OF WILLIAM ERNY,\1\ SENIOR DIRECTOR, AMERICAN 
                       CHEMISTRY COUNCIL

    Mr. Erny. Thank you, Chairman, Ranking Member, and other 
Members of the Committee.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Erny appears in the Appendix on 
page 73.
---------------------------------------------------------------------------
    So I am a Senior Director with America Chemistry Council 
and ACC represents the major chemical producers across the 
United States, all of which are involved in the business of 
chemistry. The business of chemistry is a $760 billion 
enterprise and we are growing. We support roughly 800,000 jobs 
across the United States, good-paying, skilled, American jobs. 
And it is because of our role in the economy chemical security 
is a top priority for ACC and our members.
    This year marks the 30th anniversary of ACC's Responsible 
Care Program. Responsible Care is the leading chemical industry 
stewardship program and it has become the gold standard in the 
industry. It is international in scope and serves as a model 
for regulatory programs. ACC members have invested more than 
$17 billion in security under the program.
    ACC also supports long-term authorization of the CFATS 
program. We agreed that DHS, over the past 4 years, has really 
made some significant strides and improvements in implementing 
the program, and I think this is mostly as a result of their 
demonstrated commitment to listen and work with the regulated 
community in a collaborative fashion.
    And while DHS has made some significant progress, ACC would 
like to throw out several recommendations for additional 
improvement. The first is they need to improve the transparency 
in their DHS risk-tiering determinations. Second, we need to 
eliminate the requirement for terrorist screen at these lower-
risk Tier 3 and 4 sites. And third, we need to establish a 
CFATS recognition program that provides regulatory recognition 
for responsible operators that go above and beyond mere 
regulatory compliance.
    In closing, CFATS has helped make our industry and our 
community safer and more secure. We encourage the Committee to 
consider these proposed changes and to reauthorize the program. 
Doing so will provide the needed regulatory certainty and 
stability for companies to make long-term investments and sound 
risk management decisions.
    Thank you and I look forward to our future discussions.
    Chairman Johnson. Thank you, Mr. Erny.
    Our next witness is Justin Louchheim. Mr. Louchheim is the 
Director of Governmental Affairs at The Fertilizer Institute 
(TFI). Mr. Louchheim.

TESTIMONY OF JUSTIN LOUCHHEIM,\1\ DIRECTOR, GOVERNMENT AFFAIRS, 
                    THE FERTILIZER INSTITUTE

    Mr. Louchheim. Thank you. Good morning, Chairman Johnson, 
Ranking Member McCaskill, Members of the Committee. My name is 
Justin Louchheim. I work for The Fertilizer Institute. TFI 
represents the Nation's fertilizer industry, which includes 
companies that are engaged in all aspects of the fertilizer 
supply chain. This ranges from large production facilities to 
thousands of small agricultural retailers.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Louchheim appears in the Appendix 
on page 75.
---------------------------------------------------------------------------
    So in terms of how we fit into the program, Dave, down the 
table, is going to tell me I am wrong in a second, but DHS 
estimates that there is about 3,500 facilities presently 
subject to CFATS program. TFI estimates that this includes 
about 1,500 fertilizer manufacturers and agricultural retail 
facilities, with the retail facilities accounting for the 
overwhelming majority.
    Retail facilities typically are generally located in rural 
communities, interface directly with farmers, typically employ 
about 5 to 10 individuals per facility. So safe and secure 
handling of fertilizers is top priority for The Fertilizer 
Institute and our members. We actively participate, sponsor 
numerous safety initiatives. One example is ResponsibleAg. Mr. 
Erny talked about stewardship programs. ResponsibleAg would be 
our stewardship program. This exists to enhance compliance for 
agricultural retailers with a variety of Federal regulations.
    To date we have about 2,500 facilities registered with the 
ResponsibleAg program, over 1,000 facilities certified, 185 
auditors have been trained, and about 2,000 audits have been 
completed. I am very proud of this industry stewardship program 
and invite you and your staff to come out and visit any time.
    So regarding the CFATS program, our members support the 
program. We recognize its importance and we would support a 
multi-year reauthorization.
    A couple of thought about where we could go forward. We 
have heard transparency talked about. That would be at the top 
of my list. We believe that implementation of the program will 
benefit from a bit more transparency between DHS and the 
regulated community. This includes the re-tiering process for 
facilities and chemicals covered under Appendix A. We think 
ultimately this will bolster the quality of site security plans 
around the country.
    Information sharing. We believe facility owner-operators 
should retain the discretion to determine how site security 
plans and related information is shared. I think that is very 
important. And then we have heard this discussed previously, 
the Personal Surety Program. We do not believe this obligation 
to check employee records against the terrorist screening 
database (TSDB) should currently be expanded to facilities and 
risk groups at Tier 3 and 4. Just in terms of numbers, this is 
a huge expansion of that program. Currently you have about less 
than 200 in Tiers 1 and 2 facilities, your most sort of at-risk 
facilities. To take it to 3 and 4 would take it from that 200 
to about 3,500.
    So we think if we want to look at this, perhaps a study 
would be a step to see if this makes sense, to see how it has 
worked for Tiers 1 and 2 first, before we expand it a great 
deal. Thank you.
    Chairman Johnson. Just a real quick question. Of your 
members, how many are Tier 1, 2, 3, and 4? Do you have a 
breakdown on that?
    Mr. Louchheim. Yes.
    Chairman Johnson. Like are all the retail stores, are they 
Tier 4?
    Mr. Louchheim. Sure. I want to follow up in writing to make 
sure I am certain of this, but it would be, we are talking 
about 1,500 manufacturer retail facilities for the fertilizer 
industry at large. I would say about 1,400 of those are 
agricultural retailers. The bulk of those are going to be 3 and 
4, those 1,400.
    Chairman Johnson. OK. Thank you, Mr. Louchheim.
    Our next witness is Linda Menendez. Ms. Menendez is the 
Director of Operations for Austin Powder Company, headquartered 
in Cleveland, Ohio. Ms. Menendez.

TESTIMONY OF LINDA MENENDEZ,\1\ DIRECTOR OF OPERATIONS, AUSTIN 
                         POWDER COMPANY

    Ms. Menendez. Chairman Johnson, Ranking Member McCaskill, 
and Members of the Committee, on behalf of Austin Powder 
Company thank you for the opportunity to discuss the CFATS 
program and how this program can be improved.
---------------------------------------------------------------------------
    \1\ The prepared statement of Ms. Menendez appears in the Appendix 
on page 80.
---------------------------------------------------------------------------
    My name is Linda Menendez. I am the Director of Operations 
for Austin Powder Company, a 185-year-old privately held 
commercial explosives manufacturer headquartered in Cleveland, 
Ohio. I have worked for Austin Powder for over 30 years, 10 
years in the field operations.
    As you are aware, commercial explosives are used today in 
mining, quarry, construction, pipeline trenching, avalanche 
prevention, and the like. Commercial explosives play a 
significant role in improving our quality of life. Our license 
to operate our sites is based on our compliance with the 
regulations of ATF. Not only do I represent Austin Powder 
Company, I also represent the boots on the ground, Austin 
Powder's 1,200 employees, cleared by ATF as employee possessors 
or responsible persons, transporting and using explosives 
daily. Our employees are critical contributors to our safety, 
security, and compliance.
    It has been my experience that persons responsible to 
direct the management of an ATF-licensed facility rely on this 
orange book, 27 Code of Federal Regulation (CFR) 555, to plan 
their sites and comply with ATF regulations for the safe and 
secure storage of explosives.
    My testimony today addresses the following points.
    First, additional regulations under the CFATS program for 
the same products, for the same purpose has resulted in 
additional expense and time and money without benefit. An 
example of this is one of our ATF-licensed facilities, a 
guarded former Navy ammunition depot with bunker-type military 
constructed magazines, required to install additional fencing, 
cameras, and monitor detection devices with over a cost of 
$300,000.
    Second, duplicative regulation really detracts the 
compliance efforts of those seeking to be confident that they 
understand these laws.
    As you reconsider the reauthorization of CFATS, I urge you 
to evaluate the overlapping burden placed on the explosives 
industry and exclude ATF federally licensed facilities from the 
CFATS bill. Thank you.
    Chairman Johnson. Thank you, Ms. Menendez.
    Let me just quickly ask you a question. Did you fight for 
that in the original authorization and the 2014 
reauthorization? Did you fight to be excluded?
    Ms. Menendez. Yes, we did.
    Chairman Johnson. You fought it and lost.
    Ms. Menendez. And lost.
    Chairman Johnson. OK.
    Our next and final witness is Debra Satkowiak?
    Ms. Satkowiak. Yes. Good morning.
    Chairman Johnson. Ms. Satkowiak currently serves as the 
President of the Institute of Makers of Explosives (IME). Ms. 
Satkowiak.

  TESTIMONY OF DEBRA S. SATKOWIAK,\1\ PRESIDENT, INSTITUTE OF 
                      MAKERS OF EXPLOSIVES

    Ms. Satkowiak. Thank you. Chairman Johnson, Ranking Member 
McCaskill, and Members of the Committee, on behalf of the 
Institute of Makers of Explosives and the commercial explosives 
industry, thank you for the opportunity to discuss DHS CFATS 
and to be part of the process to improve the program.
---------------------------------------------------------------------------
    \1\ The prepared statement of Ms. Satkowiak appears in the Appendix 
on page 88.
---------------------------------------------------------------------------
    My name is Debra Satkowiak and I am the President of IME. 
Our association was founded in 1913, at the request of the U.S. 
Government, to develop industry best practices and to promote 
explosive safety. To this day, we remain the safety and 
security association for the commercial explosives industry.
    Over 5 billion pounds of explosives materials are consumed 
in the United States annually in the operations that Linda just 
recently mentioned. Explosives underpin our economy, and as 
Linda said, they improve and they keep us in the quality of 
life that we have today. IME is proud of our industry's safety 
and security record and we continuously work with our member 
company experts to improve our best practices, many of which 
are adopted into regulation by Federal, State, and local 
entities. We also work closely with those government agencies 
that regulate us to keep explosives out of the hands of those 
who would do us harm.
    My testimony addresses the following points.
    First, duplicative regulations. IME members are regulated 
by ATF and the DHS CFATS programs for precisely the same 
purpose, to prevent theft and diversion of explosives. There 
has been no justification provided for the duplication of DHS 
over ATF's jurisdiction.
    Second, the millions spent on CFATS compliance by IME 
members have not had a measurable impact on security, according 
to the U.S. Government data.
    Third, CFATS duplicative regulations have caused conflict 
with other Federal regulations, leaving our members to de-
conflict and clarify jurisdictional and policy interpretations.
    Finally, the lack of transparency in CFATS' tiering impedes 
the ability of businesses to proactively plan and adapt 
operations.
    As a solution to the duplicative regulations, IME is 
requesting that ATF be given the same deference as U.S. Coast 
Guard (USCG), the Departments of Defense (DOD) and Energy 
(DOE), and the Nuclear Regulatory Commission (NRC) in the CFATS 
statutory exemptions.
    In closing, IME is not against regulation. Indeed, in the 
world of commercial explosives, smart regulation promotes good 
business. We only seek relief from redundant regulation.
    Thank you once again, and I look forward to answering your 
questions and being a resource for the Committee.
    And I do have to quickly take one moment to correct our 
written testimony, to adjust the hours estimated to complete a 
Top-Screen in accordance with the GAO's 6-hour estimate and the 
update to the IME member company time spent that is mentioned 
in our testimony to 357 hours to fill out Top-Screens for their 
facilities.
    Chairman Johnson. OK. I appreciate that and we will have 
the staff make that correction.
    Again, I am here for the duration so what I will do is turn 
it over to our Ranking Member for questions first. But let me, 
so I do not forget, I do want to commend DHS. I think it is a 
really positive sign the number of businesses saying that you 
have approached this very cooperatively. I just think that is 
the best way to go, whether it is Occupational Safety and 
Health Administration (OSHA) or Environmental Protection Agency 
(EPA) or, in this case, DHS with CFATS. Businesses also want a 
secure America, and doing it cooperatively, I think, is just 
going to absolutely get the best results.
    So I really do appreciate hearing the fact that that is the 
way DHS has approached this, and I would encourage you to 
continue along that path.
    Mr. Wulf. Absolutely.
    Chairman Johnson. With that, Senator McCaskill.
    Senator McCaskill. Sure. Just briefly a few questions for 
everyone. Just raise your hand if you disagree. CFATS should be 
reauthorized. Anybody think it should not be? Raise your hand 
if you think we should not reauthorize CFATS.
    OK. If you would go down the panel and give me an ideal 
length of time you think it should be reauthorized for.
    Mr. Wulf.
    Mr. Wulf. We would certainly prefer a permanent 
reauthorization, though recognizing the progress of permanent 
is not in the cards, we would be hoping for something 
significantly longer than the 4-years we received in 2014, so 
10 years.
    Senator McCaskill. Mr. Currie.
    Mr. Currie. All right, ma'am. From GAO's perspective, and 
we do not have an opinion, but I will say I can understand the 
benefits of having permanent reauthorization. It makes some 
sense for predictability and budgeting. However, I do think 
that the consistent reauthorizations every 4 years have brought 
a lot of additional oversight that have, frankly, improved the 
program. I think that is a big reason for the improvements.
    Senator McCaskill. Mr. LeGros.
    Mr. LeGros. I agree with the Director, permanent, and I 
disagree with GAO as far as the oversight, because I think, as 
any legislation, you can always have the governmental oversight 
no matter what the timeframe is on the regulation.
    Senator McCaskill. Ms. Gibson.
    Ms. Gibson. NACD would support a multi-year 
reauthorization, somewhere between 5 and 7 years.
    Senator McCaskill. OK. Mr. Eppli.
    Mr. Eppli. A minimum of 4 years.
    Senator McCaskill. Minimum of 4 years.
    Chairman Johnson. What about maximum? I think it is 
interesting. The industry all of a sudden went from five to 
seven. I mean, do you also agree that reauthorization is 
important?
    Mr. Eppli. I do. The concern I would have is if it is 
permanent, is there a chance to do the kind of thing we are 
doing here today to re-evaluate.
    Senator McCaskill. OK.
    Mr. Erny. Yes, I would agree, and we think the oversight 
function here is really important. So to the extent that we can 
continue to have these discussions, I would say ACC would 
support a longer-term authorization, minimum of 4 years.
    Senator McCaskill. But what would be the longest you think 
would still be good without being counterproductive to 
oversight?
    Mr. Erny. Right. I will just be frank. I think it depends 
on if we can see some of the changes made to the program that 
we are talking about here today, to help better streamline 
this, remove some of the regulatory burden associated on the 
regulatory community.
    Senator McCaskill. OK.
    Mr. Erny. So I think it all depends.
    Senator McCaskill. OK.
    Mr. Louchheim. Thank you for the question. I would say, 
similar to some of the other comments, 4 to 6 years. I would 
probably prefer if we could get to an--whatever authorization 
period is, that we can get to an off-election year, for when it 
needs to be revised.
    Senator McCaskill. They all want everything to be in an 
off-election year. Trust me when I say that. Ms. Menendez.
    Ms. Menendez. Thank you. I believe that the reauthorization 
should be a 4-year period, as long as duplicative regulations 
are removed.
    Ms. Satkowiak. Yes, of course. Assuming that ATF-regulated 
facilities are exempted from the program, we would support 4-
year reauthorization.
    Senator McCaskill. OK. Is there anyone who would like to 
speak up and say that some of the chemicals that we are 
regulating here should be removed from the list? Does everyone 
agree that chlorine, hydrogen fluoride, and ammonia nitrate 
should stay on the list? Does anybody disagree with that?
    [No response.]
    OK. What is your analysis, Director Currie, of the 
facilities communication and planning with local first 
responders as it stands today?
    Mr. Currie. Yes. That is something we are addressing and we 
will be reporting on later this summer. But what I can tell 
you, preliminarily, is that--I mean, the CFATS program has done 
a lot, when they go out and do inspections, to verify that the 
facilities are working with the local emergency planning 
community, so that is the formal mechanism.
    What we are looking at, though, is do first responders--the 
firefighters, the policemen--do they have access to everything 
that is at that facility? That is our biggest concern right 
now, from a safety perspective. I mean, real-world incidents 
have shown that people have died responding to things that they 
were not prepared to respond to.
    So we are looking at what DHS is doing, how they are 
working with EPA, how they are working with the States to 
figure out, do responders know exactly what is at that facility 
beforehand.
    Senator McCaskill. For any of the actual people who have 
companies that are here, thinking that it is too duplicative, 
is there anything specifically as it relates to first 
responders' responsibilities and their role in this that you 
would like to see changed? Ms. Menendez.
    Ms. Menendez. Thank you. We always reach out to our local 
responders. We are in their remote areas. Most of our first 
responders are volunteers. We had one instance where one of our 
managers, trying to reach out to a local fire department, said 
the only way to get their attention is to call 911. So that is 
really what we are dealing with, is that you have very remote 
facilities with volunteer organizations that are not available 
to spend the time to understand what chemicals are in their 
back yards.
    Senator McCaskill. Is this common among the explosives 
industry, that you are in remote areas?
    Ms. Menendez. Yes, it is.
    Senator McCaskill. Because of the nature of what you do.
    Chairman Johnson. That is a good thing.
    Senator McCaskill. And that is a good thing, but it is also 
a big challenge for first responders. First of all, volunteer 
departments, in terms of the resources for training and the 
applicability of all of the technical knowledge that you would 
have to have here. That is really a challenge. I think that is 
something that we need to take a look at. Thank you.
    Ms. Satkowiak. Senator, if I may add to that.
    Senator McCaskill. Sure.
    Ms. Satkowiak. ATF requires that we notify the first 
responders, the fire authority, where we have explosives 
storage, because it is important to us that those first 
responders know where our materials are. However, on the flip 
side, for security proposes, we do not want the general public 
to know where explosives are stored. And IME, as an 
association, we are asking ATF to make sure that that 
notification to the local fire authorities is done on an annual 
basis, and ATF has taken up that rulemaking on our behalf.
    Senator McCaskill. OK. Thank you, Mr. Chairman.
    Chairman Johnson. Before I go to Senator Heitkamp, you 
asked about ammonium nitrate. Mr. Louchheim, you made the 
distinction between ammonium nitrate and urea ammonium nitrate 
(UAN). Correct? Can you talk about the distinction and how big 
a difference that is, and how big a problem that is if we 
maintain urea ammonium nitrate under CFATS?
    Mr. Louchheim. Sure. Thank you for that. So ammonium 
nitrate would be more in prill solid form. Urea ammonium 
nitrate would be a liquid. Those are the key sort of physical, 
how you see it, differences.
    Yes, in the written testimony we sort of make some 
reference to some of this. So a little bit of background, I 
guess, is probably relevant for here. It is a little outside 
the scope of CFATS in some of this background here. DHS had 
this obligation still on the books to create a track-and-trace 
program for ammonium nitrate, purchase of ammonium nitrate. 
This is a decades-old directive from Congress. It has not yet 
been implemented.
    Sort of along the lines of this directive they, last year, 
commissioned a study by the National Academy of Sciences (NAS) 
to more broadly explore the use of improvised explosive 
chemicals and make recommendations on how they should be 
managed in commerce.
    So the NAS issued a report in late 2017. They identified 28 
chemicals for further consideration by DHS. One such chemical 
is urea ammonium nitrate, which is a liquid form. It is a 
widely used fertilizer. TFI believes that this product was a 
little mischaracterized as in the highest-risk category in this 
report, and one of our reasons is it has never been used as an 
explosive.
    And, so our focus here is we think DHS should focus its 
limited resources on those chemicals that have historically 
been used.
    Chairman Johnson. Tell me why that is a problem, and then I 
want somebody to either confirm what he is saying or defend why 
we would continue to regulate it under CFATS. Does it 
essentially put retailers into Tier 1 position? Or, what is the 
problem here?
    Mr. Louchheim. Part of the problem is, depending on what 
you are trying to track and trace. I guess, you could try to 
track and trace everything out there in the world, right? And, 
you can only track and trace so much.
    UAN is very widely used. Ammonium nitrate is sort of a 
shadow of what it once was in terms of usage and consumption 
right now by farmers. It has a valuable environmental role, as 
a fertilizer for crops, but its use is not what it used to be. 
And so UAN, being so widely used, would be a serious challenge 
to implement.
    Chairman Johnson. So you are saying urea ammonium nitrate 
is not a problem. It is not a dangerous chemical.
    Mr. Louchheim. And it is also never been used.
    Chairman Johnson. Does anybody want to confirm that or 
challenge that?
    Mr. Wulf. So if I could, Mr. Chairman. So urea ammonium 
nitrate liquid is not regulated--is not covered under CFATS 
right now, so I think what Justin is referring to is and he 
mentioned a separate framework that we were asked to put into 
place under the secure handling of ammonium nitrate provisions 
of the 2008 Appropriations Act.
    And, I think this, in many ways, is a good government 
story. So what the law asked us to try to do was to put in 
place a regulatory framework specific to ammonium nitrate that 
would have required registration and vetting against the 
terrorist screening database of all purchasers and sellers of 
ammonium nitrate. And we worked through the rulemaking 
progress. We pushed out notices of proposed rulemaking (NPR), 
did the whole notice and comment process. But we could not 
arrive at a proposed final rule that, in our view, struck an 
appropriate balance between cost and benefits and, importantly, 
the burdens that would have accrued to potentially regulated 
industry.
    So unlike CFATS, which is a facility security-focused 
regulatory framework, this would have been, or this would be a 
framework focused on commerce in ammonium nitrate, on the 
purchase and sale of ammonium nitrate. Our view is that in as 
much as ammonium nitrate is one of perhaps a dozen high-threat 
improvised explosive device (IED) precursor chemicals, it would 
not make sense to implement such a burdensome regulatory scheme 
for a single chemical.
    So what we did, we came to Congress, we talked with our 
industry stakeholders, and we are looking at a fresh start 
here, and that is why we sponsored this National Academy of 
Sciences study. And so that is the document to which Justin is 
referring. And so their recommendation was that urea ammonium 
nitrate is a chemical with which we should be concerned going 
forward. It is probably another discussion for another day. 
But, we are very open to that feedback. And those are 
recommendations from the National Academy.
    Chairman Johnson. So you are just trying to head something 
off at the pass. OK.
    Mr. Wulf. Yes.
    Chairman Johnson. Senator Heitkamp. Oh, sorry about that. 
Senator Peters.

              OPENING STATEMENT OF SENATOR PETERS

    Senator Peters. Thank you, Mr. Chairman.
    A question I have is related to cybersecurity threat. Mr. 
Currie, you mentioned that in your comments. Mr. LeGros, you 
did as well. Certainly when we are talking about critical 
infrastructure here and potentially dangerous chemicals that 
are being produced, and we all have to agree that cyber is a 
major threat to that. I would like to have both of you talk a 
little bit more about that, deficiencies that currently exist, 
things that we may be thinking about.
    Mr. Currie, if you could elaborate on your comments. My 
understanding is that a lot of these facilities do not have 
full-time folks on staff. Often it is contracted out. It may 
not have the kind of intensity of supervision that is necessary 
to make sure that these sites are secure. But if you could tell 
us a little bit about more of your findings, what you think we 
should be doing, and then, Mr. LeGros, talk about the 
inspectors. You mentioned that in your testimony as well.
    Mr. Currie. Sure. I can start. I agree with you. This is a 
huge concern. It is not something that we have specifically 
studied or drilled down into in the CFATS program, although we 
have been working with staff on the Committee to do some future 
work.
    But I would just say that building cybersecurity expertise 
in the training is a huge challenge across all critical 
infrastructure sectors. It is a huge challenge at DHS in 
general, for them to just recruit and retain cyber 
professionals in their primary cyber missions, let alone 
getting inspectors trained. So I think you are absolutely 
right. This is something that we need to focus on, on this 
program, or else it is not going to be able to continue to 
evolve to address what is probably growing to be the biggest 
security challenge these facilities are going to face.
    Senator Peters. Mr. LeGros.
    Mr. LeGros. And I agree. Understand, I am not a cyber 
expert, by no means. I am more of a physical security expert. 
So back as far as the cyber goes, it depends on the facility. 
Cyber is what it is. It refers to everything in our daily 
lives. But on one side, as far as the CFATS go, a lot of times 
what we call chemical of interest (COI), has no cyber functions 
with it. A good example is like chlorine. A lot of facilities 
use chlorine to treat the water. It is basically a manual 
system, a standalone. They hook it up, they turn on the valve, 
and as the water goes by it sucks the chlorine out.
    So from that standpoint, under the CFATS, it is not really 
a cyber issue. However, it is being made into it because now 
headquarters is looking at emails, the other processes that a 
facility does. Because a facility could have five chemicals. 
Four of them, or all five of them be chemicals of interest 
under our regulation. However, they are not tiered for those 
other four chemicals. They are only tiered, like in this case, 
for the chlorine.
    So if DHS, with CFATS inspectors, are going to look more at 
the cyber section of it, we, the inspectors, have to have valid 
training, not what we have had in the past as far as training, 
which is basically how to fill out our inspection reports in 
order for it to get approved up to headquarters.
    Senator Peters. Mr. Wulf, do you want to comment, your 
thoughts on this matter?
    Mr. Wulf. Sure. Yes, I appreciate the opportunity. So cyber 
is certainly an important concern across the chemical sector, 
really across all 16 of our critical infrastructure sectors. In 
the chemical sector, as Jay alluded to, you see varying degrees 
of integration of cyber systems, with chemical processes, with 
facility security networks. And so, we have varying degrees of 
engagement on the cyber front.
    All of our inspectors are equipped to engage and address 
our risk-based performance standard focused on cybersecurity at 
the facilities where we have what we call minimal integration 
of cyber systems, where cyber systems are basically used to run 
the email but are not connected to the processes involving the 
chemicals, they are not connected to the facility's security 
system, closed-circuit TV, or what have you.
    We have done some advanced training for about half of our 
inspector cadre, equipping them to get out and inspect the more 
fully integrated facilities and their cyber systems and to work 
with facilities as they think through ways in which they can 
better secure those cyber systems. We have cyber subject matter 
experts in our headquarters office who are available to work 
with inspectors, who tee up the questions that should be asked, 
based upon their review of facility site security plans.
    So cyber very much at the top of our minds, and I think in 
many ways CFATS is at kind of the leading edge of cybersecurity 
in putting into the CFATS framework 10 years ago a risk-based 
performance standard focused on cybersecurity. Certain we can, 
on the training front, always improve, and I appreciate, 
really, Jay's feedback on that front. We are always looking to 
expand and enhance our training for our really top-notch 
inspector cadre. So very much appreciate it.
    Senator Peters. Right.
    Chairman Johnson. Thank you.
    Mr. LeGros. Senator, can I ask a question of the Director?
    Chairman Johnson. Yes.
    Mr. LeGros. So when you are referring to half the 
inspectors being trained, are you referring to partial or 
significant levels of cyber?
    Mr. Wulf. I think when I am talking about the half I am 
talking about the half who have gone through the more advanced 
cyber training.
    Mr. LeGros. OK. The problem we are having as inspectors, or 
the lead inspector, when I go into our database, which is 
ChemSec, to schedule an inspection, because we have the three 
levels of cyber integration--the minimum, the partial, and the 
significant--as the Director said, and I put it in my notes, 
there are the four questions that we ask for a minimum. Do they 
have cyber policies, do they conduct cyber training, etc.
    If I receive a facility that has a partial, when I go in 
there and click inspector with cyber training, the list that it 
gives me is the exact same list as a general inspector. I am on 
that list. I cannot do it. When you do a significant, it 
plainly states that it will be assigned by headquarters. And as 
I referred to in my statement, they are actually coming out 
with a new guidance document that it does talk about minimum, 
partial, and significant, and especially significant being done 
by a headquarters cyber subject matter expert (SME). But when 
you actually look at the other paragraphs under it, it says it 
will be determined by the branch chief for compliance, which is 
basically what they are doing is they are trying to push all 
this stuff onto us. And I understand that they say other 
inspectors have had training, but even the ones that I know 
have had training, they were not sent by headquarters. They 
have done it on their own time. They signed up for these 
classes because they have the interest on it. But as far as 
headquarters providing the training, they have not.
    And I will be honest with you. The way our schedule is, 
with so many inspections, because of the stuff that is being 
dumped on us, we do not have the time to do this stuff. As I 
explained in my statement, there are weeks that go by where I 
have inspections on Mondays and Thursdays. So when I have an 
inspection on Tuesday, Monday I am preparing for an inspection, 
on Wednesday I am preparing for the inspection on Thursday, and 
it is a revolving door effect. And with so much being dumped on 
us--and I hate to use the word ``dump,'' but dumped on us--it 
is hard for the inspectors to complete the inspections in the 
time given, and, honestly, to be able to get the training. We 
do not have enough inspectors. Apparently we do not have enough 
people at headquarters to do what they need to do as far as the 
reports go.
    Senator Peters. So if I gather from your comments, when it 
comes to reviewing the types of cybersecurity protections at a 
facility, given the lack of training, given the time 
constraints, other things that you have mentioned, basically 
inspectors--it is just a box that is being checked. There is 
not a deep dive as to whether or not this facility is secure?
    Mr. LeGros. Well, the ones that are partial, again, it is, 
like I said, there are four questions but two are actually to 
the facility. The other two is based on our opinion. And I am 
not a cyber one, and it is hard for me to honestly say, are 
they able to thwart the ability. I do not know. A lot of times 
it is a conversation with the cyber person at the facility who 
either has a bachelor's degree, a master's degree in computer 
science, or some kind of certificate for cybersecurity, and 
that sort of thing. So my opinion is based on their opinion.
    Senator Peters. Right. So you are asked to give an opinion 
based on--without any training, and you have to rely on what 
you are being told by the facility, basically.
    Mr. LeGros. Well, the right training.
    Senator Peters. Right. OK.
    Mr. LeGros. At cyber things change daily, yearly, whatever. 
But we have not had the basic in-depth training on 
cybersecurity and cyber systems that we need. And, I am sorry, 
what was the other part of the question?
    Senator Peters. No, that is it. I appreciate that. Thank 
you.
    Thank you, Mr. Chairman.
    Chairman Johnson. I think one thing we really need to be 
concerned about is mission creep, and I think CFATS is meant to 
address a particular problem. Cyber is incredibly complex and 
it is changing all the time. I think it is unrealistic to think 
that CFATS inspectors can be cyber trained and really ought to 
be doing a deep dive. I think it is just kind of outside the 
scope of what CFATS ought to be. That is my own personal 
opinion.
    So what I would recommend is focusing the efforts on the 
task at hand, prioritizing things, and kind of let the cyber 
issue be 
dealt by other people within DHS. I just do not think you can 
address--just because you are going in inspecting these sites, 
you should be addressing every possible risk that these 
businesses are subjected to. That is my own personal opinion. 
Senator Carper.

              OPENING STATEMENT OF SENATOR CARPER

    Senator Carper. Mr. Chairman, a number of years ago I was 
fortunate enough to become Chairman of this Committee, and Tom 
Coburn became the Ranking Member of this Committee. There was 
an article in, I do not know, Washington Post, one of these 
papers, that talked about the new leadership of the Committee, 
who was Chair and Ranking Member. They mentioned that I was 
going to be the new Chairman of Homeland Security, and the 
article went on to describe me as the Senate expert on 
cybersecurity. And I took the article and I showed it to my 
wife and I said, ``Your husband is now the expert on 
cybersecurity in the Senate,'' and she said, ``In the land of 
the blind the one-eyed man is king, and you are that one-eyed 
man.'' To your point.
    What I want to do is just briefly ask, just to go down the 
list, and we will just start with Debra, and just give us, 
quickly, one thing you think you all agree on. Just one thing 
in the conversation here. What is one thing you all agree on?
    Ms. Satkowiak. We all agree that protecting the security of 
our great nation is of absolute importance, and particularly in 
today's environment.
    Senator Carper. Thank you. Ms. Menendez.
    Ms. Menendez. I think that you will hear that theme across 
the board, but I do agree that we are all responsible for the 
security.
    Senator Carper. OK.
    Mr. Louchheim. I will echo that. I will add that Mr. Wulf 
and his team do a great job to also forward that mission and 
deserve those accolades.
    Senator Carper. Mr. Wulf, are you going to sit there and 
take that?
    Mr. Wulf. I will gladly take that.
    Senator Carper. All right. Mr. Erny.
    Mr. Erny. I think we can all agree that the approach that 
DHS has taken over the history of their program has really made 
a big impact, and I think they should continue with this 
collaborative approach with the industry. Everybody benefits by 
this. We all have the same goal here, right? We want to improve 
security of our facilities, our operations, and the communities 
where we live.
    Senator Carper. Thank. Mr. Mr. Eppli.
    Mr. Eppli. I would echo that the security of this country 
is critical and CFATS is focused on that. I would also echo a 
comment that was just made that DHS has done a great job of 
being collaborative in working with us to get to that goal.
    Senator Carper. Thank you. Ms. Gibson.
    Ms. Gibson. I think we all agree that regulatory certainty 
is needed, and in that light I think we all--although one of 
our groups has a caveat--would support the multi-year 
reauthorization.
    Senator Carper. Thank you, ma'am. Mr. LeGros.
    Mr. LeGros. I agree that CFATS regulation is a great 
regulation. It just has its areas that it needs to be tweaked, 
if you will.
    Senator Carper. All right. Thank you.
    Mr. Currie. I think we all agree that the security of 
chemical facilities is critical. Like aviation, this is one of 
the things that has actually been used in terrorist attacks in 
this country, so it is still a huge concern. But I think we all 
agree that the Federal Government needs to continue working 
across its departments and its programs to make sure that their 
oversight is sufficient.
    Senator Carper. Good. Mr. Wulf.
    Mr. Wulf. And I would just pile on, I think we all agree 
that the chemical security threat is a real one. It is a very 
relevant one. I think we agree, as well, that CFATS is well 
suited to the task of securing our highest-risk chemical 
infrastructure and that its strength, as a program, really lies 
in the commitment of the entire community. This is not 
something that DHS can do alone without the buy-in of our 
industry stakeholders who have been great across the board.
    Senator Carper. Thank you all.
    I want to go back to something Mr. Erny said. I think he 
suggested maybe three ideas, one dealing with transparency, 
second, I think, there was the term ``elimination'' was used in 
one of your suggestions. I think a third one you used the word 
``establish.'' But just go back to your three recommendations, 
and very briefly say what they were.
    Mr. Erny. Sure. Thank you.
    Senator Carper. And what I am going to do is ask anybody 
else on the Committee panel to comment, favorably or not.
    Mr. Erny. Sure. So the three top changes I think that would 
really do a big job in improving CFATS would--one is improve 
the transparency with the tiering determinations that are made. 
Often times I hear from our members that they are not directly 
engaged on what the risk factors are associated with their 
tiering. And so, there is no reason that the security manager 
of a site should not understand the details of the threat that 
he is supposed to be protecting against. This is the guy that 
has the responsibility for it. He has the authority, the 
resources to be able to put into it.
    So I think DHS has done a better job----
    Senator Carper. I am going to ask you--go ahead. I do not 
want to run out of time.
    Mr. Erny. Just real quick----
    Senator Carper. Your next two ideas.
    Mr. Erny. You got me on a roll, so----
    Senator Carper. Yes. Thank you.
    Mr. Erny. And then, second, eliminate the requirement for 
this tariff screening personal surety item for the lower-risk 
tiers. And then, third, is establish a CFATS recognition 
program. This would essentially look at the industry 
stewardship programs in a way that would offer some regulatory 
recognition for those sites that are in full compliance.
    Senator Carper. OK. And let me just ask the other members 
of the panel, anyone have a concern with any of the three 
points that Mr. Erny has made? If so, please share those with 
us.
    Ms. Satkowiak. Senator, if I may comment, please. I do want 
to mention--so I do agree, obviously, with transparency. Our 
member companies seem to feel that DHS, they are very friendly, 
very professional, and they will have that conversation with 
you, and we provide them the data, and then there is some delay 
as they go back to headquarters and they make decisions and 
then they provide a response, and then we have the opportunity 
to make adjustments, and then the process starts over. But we 
do not have that because it is not prescriptive. We do not have 
that ability to plan ahead. And so we would very much support 
some changes that way.
    In regards to eliminating TSDB screening, I just want to 
remind the Committee that as ATF-regulated facilities, every 
single one of our employees and responsible persons must be 
screened in order to engage in the explosives business, whether 
it is constructive possession or whether it is physical 
possession. They must be screened against all prohibited person 
factors as ATF has established them. Now, ATF does screen 
against TSDB, although it is not considered a prohibitive 
factor. They do screen against it and then they will make 
referrals if there is a hit against TSDB.
    And then I do want to support, if there is any recognition 
for CFATS programs. So IME, we developed these safety library 
publications that are actually looked at globally, not just 
here in the United States but globally, and these are 
established by the member company experts, the people that have 
expertise in the industry with explosives specifically. And so 
our compliance with these has always, as an industry, you 
always have the minimum basic regulations that have been 
established by ATF and then our best practices that are piled 
on top.
    Senator Carper. All right.
    Ms. Satkowiak. But thank you for the opportunity.
    Senator Carper. And finally, Mr. Wulf, and then I think I 
need to step aside.
    Mr. Wulf. Thank you, Senator. I appreciate it. I will say 
with respect to transparency in tiering, it is something that 
we have strived to foster. In building the new risk-tiering 
methodology, we did this as a community with the participation 
of our industry stakeholders. We have published tiering fact 
sheets in an effort to inform companies about the types of 
factors that inform tiering.
    We are certainly available to talk directly to facilities 
that have questions about their tiering, and for that matter, 
have, and continue to work with facilities as they are thinking 
about designing, building new facilities, to run a hypothetical 
risk assessment, a hypothetical top screen, to give them some 
feedback as to risk decisions they might be able to make to 
lower their risk profile and hopefully not find themselves 
covered by CFATS. But always eager to talk about ways in which 
we can do more. But in developing the new risk-tier 
methodology, we are very eager to try to do away with the 
historic black box that had been the perception of how our 
tiering was working.
    With respect to the personnel surety program, the checks 
for terrorist ties that are now applied to Tier 1 and 2 
facilities, we are open to working on this issue, but the thing 
I would note is that across the other 16 critical 
infrastructure sectors many of the stakeholders in those 
sectors find themselves without the authority to access the 
terrorist screening database and to ensure that those who have 
access to their critical infrastructure have been vetted for 
terrorist ties. And in those sectors they are pretty much 
clamoring for that authority.
    So, I would worry a little bit about keeping that ability, 
that access to the terrorist screening database away from the 
vast majority of America's highest risk chemical facilities, 
but certainly open to discussing that.
    And with regard to a recognition program, across our 
community, and, those who are sitting at this table 
representing some fine organizations--NACD, ACC, IME--have in 
place stewardship programs and they do great work, and they 
raise the bar for security, not only at the 10 percent or so of 
facilities that find themselves covered under CFATS but at 
those other 90 percent. So, very interested in working with the 
Committee on prospects for ways in which we can recognize those 
programs within CFATS, whether that is the ability to place 
facilities that are in good standing with those programs on a 
less frequent inspection cycle, or other ways of recognizing.
    I think one thing we would want to ensure is that those 
programs are more or less in alignment with the 18 
comprehensive risk-based performance standards that form the 
core of the CFATS program.
    Senator Carper. Mr. Chairman, I just wanted to thank you 
again. I thanked him privately and Senator McCaskill, for 
hosting this roundtable. When Dr. Coburn and I and our staffs 
worked 
on this 4 or 5 years ago--we actually worked on it for quite a 
while--and I was not sure we were going to be able to come to a 
consensus and pass legislation that would be signed into law. 
But I am proud of the really collegial effort that we are 
privileged to take part in.
    At the time we realized that this is not the Ten 
Commandments. It is not written in stone, and we are going to 
learn some things as we go through the last 4 years, and learn 
some more things as we go through the next 4 or 5 years. But 
you have given us some wonderful feedback and it is 
interesting. Senator Johnson and I, a lot of times when we have 
these hearings we ask the witnesses, like, ``What can we do to 
be helpful'' in whatever issue we are dealing with. Almost 
always they say, ``More oversight. More oversight.'' And one of 
the nice things about having reauthorization period is it 
actually compels the oversight, and I think this has been 
actually most helpful. So thank you, one and all. Thank you.
    Chairman Johnson. Let me just say, Senator Carper, I think 
you and Dr. Coburn ought to be commended. When you did 
reauthorize this you improved it. You did not make it more 
complex. We actually started to streamline it, which really is 
the purpose of a reauthorization. Let us take a look at what we 
have learned, utilize that information, and let us make this 
even better moving forward. And that is exactly what you did in 
2014 and that is the goal here, so appreciate that.
    In terms of streamlining, let me go right to the explosive 
industries and why did they lose that battle? Why were they not 
exempt like some of these other areas in our economy? And I 
will go to you, Mr. Wulf.
    Mr. Wulf. Yes. So I was not at DHS to fight that battle. In 
fact, I was over at ATF at the time, so I am not sure I can 
comment on the battle.
    I was fighting some other battles.
    Chairman Johnson To me it makes perfect sense. It seems 
like ATF, from what I have read, has done a really good job at 
keeping explosives out of the hands of line actors. Why would 
we not just carve them out and say, you are not going to serve 
two masters. In this instance we are going to just leave you 
under ATF.
    Mr. Wulf. ATF, absolutely great organization with a long 
history of regulating explosives, explosives commerce, and they 
have a focus on a number of aspects of safety, in particular, 
security as well. I certainly do not want to get into the 
relative strengths of the program. They are different in many 
respects. And, I am not sure that CFATS is not an inappropriate 
supplement to ATF regulations at the highest-risk facilities.
    Chairman Johnson. OK. Tell me what CFATS adds in terms of 
the security of this Nation by doubly regulating the 
explosives.
    Mr. Wulf. Yes. I think we are sympathetic to the 
duplicative regulation situation, and, there are by our count, 
about 30 or 31 facilities that are regulated under CFATS only 
for explosives, that, if I am sort of counting things that I 
would not lose much sleep about exiting the program that would 
be pretty far up there.
    Chairman Johnson. So let me just say, barring a really 
strong justification for having both regulatory agencies, I am 
going to be strongly supportive of exempting explosive 
industries from CFATS. So I would need more information to 
actually convince me that is not the right thing to do.
    Mr. Wulf. Yes. So I think there are some complexities and 
nuances among other things. ATF regulations do not cover IED 
precursor chemicals. So, the security and/or safety regulations 
that apply to explosives under ATF are not there for 
precursors. So I think, while we are certainly open to talking 
about the exit of explosives from the program, there is not 
similar coverage at ATF for the precursors.
    Chairman Johnson. Can you explain what that means?
    Ms. Satkowiak. That is a fair statement, actually. So ATF 
is very clear that they only have jurisdiction over explosive 
materials. And so if there is the materials, before they are 
mixed together and become an explosive material, they do not 
have jurisdiction there.
    Chairman Johnson. So are those precursors also in and of 
themselves dangerous?
    Ms. Satkowiak. No. Not in and of themselves.
    Chairman Johnson. But combined, I mean, they can be made 
dangerous very quickly.
    Ms. Satkowiak. Correct. I must point out here that there 
are materials that are on the retail market that do not fall 
under DHS CFATS such as the binary exploding targets that those 
are not our members' materials, and they are available via the 
Internet, retail store, that are not explosive materials until 
they are mixed. Those are precursors.
    Chairman Johnson. OK. So again, I am very sympathetic to 
what they are making----
    Mr. Wulf. And we are sympathetic.
    Chairman Johnson. I will ask you both to argue your case, 
and give me your best shot. Give the Committee staff your best 
shot on that.
    Mr. Wulf, why four tiers? As we are talking about here, we 
are already basically breaking them into two tiers. You have 1 
and 2, you have 3 and 4.
    Mr. Wulf. Yes.
    Chairman Johnson. So why not just 1 and 4, or 1 and 2?
    Mr. Wulf. Yes. That is the way the program was historically 
arranged. It is fair to say there is----
    Chairman Johnson. Is it time to fix it, maybe?
    Mr. Wulf. We are open----
    Chairman Johnson. That is why I am asking.
    Mr. Wulf. We are open to that. I do not think there is too 
much difference in the way Tier 1s are treated versus Tier 2s, 
or the way Tier 3s are treated versus Tier 4s.
    Chairman Johnson. So again, in reauthorizing, I am trying 
to simplify this. Can anybody think of a reason why we have 
four tiers? Would it be every bit as safe and would it 
streamline things to just have, you have this tier and you 
have, number 1, you have number 2, and leave it at that? Is 
there any justification for having four, other than we just set 
it up that way?
    Mr. LeGros. I think some facilities would have an issue 
with it, and actually doing it, because the way our RBPS 
guidance document, the way it is set up to where, for Tier 1 
must have, Tier 2 should have, examples like that.
    So as far as a tiering level is one thing, but when it 
comes to the implementation of security measures, if that was 
not also changed to coincide with those tiering levels----
    Chairman Johnson. Again, I am concerned about 
overcomplicating these things, and, just because you are just 
below this threshold we are not going to make you do this. 
Maybe it would be just a lot easier for industry itself to say, 
no, I mean, if you are above this--everybody above that 
threshold is doing these things, rather than try and slice it 
and dice it so many different ways that it just makes it 
complex, and it makes it more difficult for industry. Again, I 
am asking industry on this thing.
    Mr. Eppli. So, Senator, candidly, when we look at new 
opportunities, currently we are Tier 3 at both of our 
facilities. When we look at new opportunities for customers and 
there is a potential that it may pop us into a Tier 2, we will 
push back really hard and probably not say yes to that 
opportunity, because of the tiering requirements and the 
additional work that we will have to do with DHS. We see there 
is a break, maybe, in 3 and 4 and 1 and 2.
    Chairman Johnson. Anybody else want to chime in on that 
one?
    Ms. Menendez. Chairman Johnson, I would like to express my 
concern over the tiering transparency that we have, and if you 
are going to go to a 1 and 2 tier, the tiering transparency 
really has to be clear as to where you fit in those tierings.
    As an example, we had a facility, the one that I opened up 
with on the former naval ammunition depot, that was previously 
tiered a 2, requiring us to implement all of these security 
measures. When CFATS 2.0 came about we had to re-tier. We 
dropped to a Tier 3, with no explanation. We had no change in 
the facility, no change in the chemicals, no change in the 
quantity of the chemicals, and we dropped down to a Tier 3.
    Chairman Johnson. And there was not a criteria that showed 
you, even though you did not change, we changed our criteria so 
this is why you are a 3?
    Ms. Menendez. Correct. And so, of course, my management 
wants to know if capital investment was necessary.
    Chairman Johnson. Mr. Wulf, how can that be? I mean, 
honestly. How can we have these four tiers, and industry does 
not even know what the definition is?
    Mr. Wulf. So we do, as I mentioned, publish, and somewhere 
in my pile of papers I have a tiering fact sheet that outlines 
the factors that inform tiering.
    Chairman Johnson. How many pages is the tiering fact sheet?
    Mr. Wulf. It a single page. Single page. Maybe double-
sided.
    Chairman Johnson. Is that not sufficient?
    Ms. Menendez. It is not prescriptive.
    Chairman Johnson. So this is one example where you actually 
want a little bit more information from the Federal Government.
    Mr. Wulf. So I would say, as well, and I think I have said 
it before, that we are very open to talking directly, and we 
talk almost on a daily basis to facilities about their tiers, 
and again, to running prospective facilities through 
hypothetical tiering. So we appreciate that feedback and our 
goal is to provide maximum transparency.
    Chairman Johnson. So here is task number two. The first one 
is we have to figure out what we do with explosive companies. 
The second task, industry and DHS, we need to figure out what 
we are going to do with the tiering system, and, how do we 
define it and whether we really should have four tiers, three 
tiers, or two tiers. What can we do to make that completely 
transparent, where the criteria is incredibly obvious, and it 
actually matches what the risk is and what the reaction would 
be. This should have been done sooner, but let us do it--with 
this reauthorization, let us get this thing nailed. OK? I think 
that makes perfect sense.
    Mr. Wulf. I think that is fair. And, I think important to 
note, though, that we have a new and improved risk-tiering 
methodology that now accounts more fully for all elements of 
risk. So while there has been some change in tiering as we have 
rerun everyone through that we are very eager to ensure that 
regulated facilities understand why tiers might have been 
changing.
    Chairman Johnson. OK. Well, I do not think they do, and I 
am always concerned, too, the mission creep and the greater 
complexity. Again, what I am trying to do in this 
reauthorization would be to simplify this, without risking 
safety. And, by the way, I think when you simplify things you 
are going to make it more safe and secure anyway.
    Yes, Ms. Gibson.
    Ms. Gibson. I guess the only concern I would have is that 
DHS did just go through this whole re-tiering process with the 
new methodology, and facilities are settled into that now, and 
if we change the tiers we would have to go through that process 
yet again.
    Chairman Johnson. But did you understand what it was when 
you re-tiered them?
    Ms. Gibson. From the association perspective, I heard a 
couple of comments from our members, but they were able to talk 
to people at DHS headquarters and talk through it, so it was 
more of an individualized basis where they had questions and 
they hooked up with the right people to give them some answers.
    Chairman Johnson. Mr. Erny, you are with the chemistry 
society. I mean, is that similar as well?
    Mr. Erny. Yes.
    Chairman Johnson. I do not want to force something----
    Mr. Erny. I think you have hit on a good thread here. I 
mean, we have an opportunity. There are probably a lot of good 
ideas like this, simplifying the tiering levels, reducing the 
number of COIs.
    Chairman Johnson. But again, if simplifying is to have to 
go through the entire process again, it may not be worth the 
simplification.
    Mr. Erny. Yes.
    Chairman Johnson. OK?
    Mr. Erny. Yes. There are going to be some rumbling about 
going through this process again. There is no doubt. I agree 
with Jennifer.
    Chairman Johnson. So again, I want to get a better 
assessment of exactly where we are in terms of definition, the 
criteria, the transparency of it, and if it really does make 
sense. Again, I do not want to upset the apple cart. I really 
do not. Even if it may be flawed, if it is working well--keep--
if it ain't broke at this point, do not fix it. OK?
    Ms. Satkowiak. Mr. Chairman, if I may add one more thing in 
terms of simplification. When you asked about the precursor 
materials, in the commercial explosives industry we treat 
precursor materials just like they are explosives, in terms of 
distribution. So if you are not qualified in the same way that 
an explosives licensee or permittee is to receive explosive 
materials, our industry members do not transfer those precursor 
materials to you.
    Chairman Johnson. OK. I am just looking at my notes I made 
with each witness here. Again, I need to underscore again, 
because I am asking tougher questions, how much I appreciate 
the fact that DHS really does approach this cooperatively.
    Now, that being said, when I talked about the Stockholm 
syndrome earlier, one of the things I will ask industry to do 
is view yourself potentially as whistleblowers and provide us--
because, again, there is concern. I mean, you would be crazy 
not to be a little worried about something you might say that 
might rub DHS the wrong way, and potentially retaliation. I see 
that all the time in government. I am not accusing--OK. So I do 
want a completely open format for you to convey suggestions, 
complaints to our staff, not in an open hearing, not for 
publication, but really under the protection of whistleblower 
protection this Committee affords. OK? That would be the best 
way to actually get this done.
    So you may not be free to say everything you want to say on 
the record here today, but you are completely free to, and I 
encourage you to provide that kind of information to the staff. 
OK? Again, underscored by the fact that I truly do appreciate, 
and I do not doubt for a second that this is one example of 
government working 
cooperatively with industry--and I think your track record 
proves it--working together with that shared goal of keeping 
this Nation safe. I mean, this is actually a pretty good story 
from that standpoint.
    I want to ask, Mr. Erny, so, listen, I love awards for 
things, the leg lamp. But other than getting a leg lamp, what 
would be the purpose of a CFATS recognition program?
    Mr. Erny. So one thing that a lot of us have here in common 
are the stewardship programs, right, and we all have a security 
component to that, and we are largely doing the same--a lot of 
the same things that you see in the CFATS program--the 
requirement to do vulnerability assessments, establish site 
security plans, implement measures, all that kind of thing.
    We think there is a real opportunity here for CFATS to be 
able to leverage those programs. So some ideas about what kind 
of recognition could you give companies. I mean, you would have 
to lay out some criteria. We have some very definitive ideas 
about what kinds of criteria should be embedded in CFATS that 
outlines sort of this minimum performance for these programs. 
And so some of the incentives could be things like risk tiering 
credit for companies that are in compliance with these industry 
stewardship programs.
    Chairman Johnson. So it would not be for a leg lamp. It 
would be for----
    Mr. Erny. Regulatory recognition.
    Chairman Johnson [continuing]. Exemption of certain more 
onerous regulatory burdens.
    Mr. Erny. Absolutely.
    Chairman Johnson. So you would be self-certifying in that 
type of thing.
    Mr. Erny. Yes.
    Chairman Johnson. OK. I kind of figured that but I wanted 
you to get that on the record.
    Mr. Erny. Yes.
    Chairman Johnson. Again, I come from industry where you had 
International Organization for Standardization (ISO) 
certification, based on that, if you were ISO certified at a 
certain level, when medical device manufacturers came in there 
were just things you did not have to go through----
    Mr. Erny. Correct.
    Chairman Johnson [continuing]. In terms of your audit again 
because you had done that yourself.
    Mr. Erny. There are some good example out there in this 
regard. I mean, this is not a unique idea. And I think we just 
have not broken into the CFATS realm yet.
    Chairman Johnson. Mr. Wulf, do you have any problem with 
that?
    Mr. Wulf. No. Not----
    Chairman Johnson. Do not you think that is a really good 
idea?
    Mr. Wulf. I do not have a problem with it, conceptually. I 
think we actually have the authority now to do that. I 
certainly would not have a problem with the recognition in a 
statute.
    Again, and we have certainly talked about this openly 
across CFATS industry stakeholder community, we would want to 
work, and I know that our industry stakeholders are committed 
to working to ensure that those stewardship programs, if they 
were to be recognized under some sort of CFATS recognition 
program, would align, in effect, with the 18 risk-based 
performance standards of CFATS.
    Chairman Johnson. So again, in industry they do that for 
their own benefit. Again, the medical device industry. Things 
like ship to stock type of certification programs. That saves 
their auditors time. But they go and they have surveillance, 
those types of things, but it just is a far more efficient and 
effective method of doing it. So I think that is something, 
staff, we ought to seriously take a look into, if you even have 
the authority, something in this reauthorization to spur you on 
to actually using that authority to create those types of 
things.
    Mr. Wulf. Thank you.
    Mr. Eppli. Mr. Chairman, as an operator in the industry, we 
would be fully supportive of this. It would help us 
tremendously reduce the amount of duplicative work that we have 
to do, from the governmental side as well as from our own 
internal industry standards, which are really stringent.
    Chairman Johnson. No. It is bad for business to have 
chemicals stolen and used for nefarious purpose.
    Mr. Eppli. That is exactly right.
    Chairman Johnson. We are kind of nibbling around a cost 
benefit. According to my briefing, CFATS costs about $70 
million per year to the government. Actually, it surprised me. 
In the briefing it said some businesses have spent $100,000 to 
comply. I would think some businesses spend a whole lot more 
than $100,000 to comply. Does industry have any estimates in 
terms of the cost of complying with this so far?
    Mr. Eppli. So I can give a little update. This year alone, 
to increase our site security cameras and our electronic 
security for our buildings, again, two facilities, one that is 
66,000 square feet and one that is 44,000 square feet, we spent 
between $25,000 and $35,000 on each facility, just this year. 
That is just for capital equipment. That is not the training. 
That is not our own internal personnel.
    Chairman Johnson. And no offense, but you are a small 
business.
    Mr. Eppli. And we are a small business.
    Chairman Johnson. Yes. So I would think the larger 
businesses spent far more than $100,000, which is, again--I 
think my briefing is just off here. I would think the industry 
has spent tens if not hundreds of millions. Ms. Gibson.
    Ms. Gibson. That is a tough question because a lot of it 
depends on what the facilities already had in place before they 
became CFATS regulated. For example, a lot of the companies 
that are members of NACD practice Responsible Distribution. 
They already implemented security measures, as did others. So I 
think it is across the board, depending on what their status 
was before CFATS.
    Chairman Johnson. OK.
    Mr. Erny. Yes. And from ACCs perspective, we do an annual 
survey, and it is not CFATS specific. But we estimate that 
companies annually spend anywhere from $50,000, depending on 
the size and complexity, up to about a half a million dollars a 
year.
    Chairman Johnson. So I think, to a certain extent, what 
your answers are confirming to me is industry is already doing 
an awful lot. This may organize the efforts but you are just 
kind of utilizing what resources you have already--what 
controls you have already put in place, and getting them to 
comply with what CFATS is asking you to do.
    Along those same lines, what other methods of control are 
there? Other agencies--OSHA, EPA, local fire departments, 
insurance models. I mean, are we using CFATS and are we trying 
to leverage all these different control agencies to accomplish 
the same goal?
    Ms. Satkowiak. No. I would argue that we are not, 
particularly in the explosives arena. DHS specifically does not 
recognize the jurisdiction, not only--in our case--ATF, but 
DOD, the Pipeline Hazardous Materials Safety Administration 
(PHMSA), the Department of Transportation (DOT), and our 
members have had to layer on top of already--if you were to 
manufacture one type 1 magazine, you are already looking at a 
cost of $100,000, and then add on $700,000 for fencing around a 
400-acre site.
    We have one member company that is DOD regulated, plus ATF 
regulated, and they were looking at options that they had to 
comply with DHS suggestions, which ranged from between $300,000 
to $3 million, because it is in a very remote area, and to have 
the type of monitoring system which DHS was suggesting, and 
even to include a cell phone tower to send the signals back. 
That member company is a small, woman-owned business. They have 
20 employees and they are spending $150,000 a year, which he 
figured was a bargain to have some security guard come through 
at the number of hours that DHS has prescribed. That is really 
hard on a 20-employee member company.
    Chairman Johnson. Yes. My own experience is government 
often is not particularly sympathetic with the cost of 
compliance to their regulations.
    Does anybody else want to chime in in terms of leveraging, 
or lack of leveraging, with some of these other control 
agencies?
    Mr. Eppli. Yes, Mr. Chairman, if I could. First of all, I 
want to reiterate, we have appreciated DHS's position, so I 
want to state that, David. But we are regulated by DOT, EPA, 
OSHA, the Drug Enforcement Agency (DEA), U.S. Food and Drug 
Administration (FDA), and those are the Federal programs, and 
there are a number of State programs and then a number of local 
programs, including the first responders, which we have a great 
relationship with. But we do not see any collaboration amongst 
those organizations to help reduce our burden.
    Chairman Johnson. Talk about the local responders. I am 
assuming you are basically talking about police, but mainly, in 
this case, fire department.
    Mr. Eppli. Mainly fire.
    Chairman Johnson. Again, I have had experience, and Oshkosh 
local fire department really does a great job of just educating 
everybody, in terms of what they need to do, because if 
something were to happen, they need to know where things are. 
It was interesting, particularly in rural locations, the 
volunteer fire departments, you do not get that type of, I will 
call it attention, like we got from very professional, full-
time firefighting force in Oshkosh. But what is your experience 
in Columbus?
    Mr. Eppli. So in Columbus they do have a volunteer fire 
department. That is part of the staff. We have a close 
relationship with them. One of the things we realized is we 
needed to help them learn about our business, so we actually 
collaboratively worked with them, and they worked with us in 
scheduling an onsite training session about 2 years ago. They 
brought in all types of other agencies and we worked together 
so they could understand the chemicals we have onsite. Because, 
candidly, one of the things we want to do is manage any 
hazardous issues we have internally. So we have our own hazmat 
team, probably better trained than the local fire departments.
    Chairman Johnson. So let me ask the two industry 
association reps, in terms of your experience with the 
cooperation between these different control agencies, but even 
local fire departments. It does not sound like it is as 
professionally prevalent as I experienced in Oshkosh.
    Ms. Gibson. Yes. It depends on the area, because some are 
volunteer, as Randy said. One of our Responsible Distribution 
codes is coordinating with local responders, so all of our 
members are required to do that to the extent they can under 
our program.
    But yes, really, it depends on the area. Some, areas are 
very active groups and responders, but it is just a resource 
issue on their end, in some cases. But it is a top priority for 
our members.
    Chairman Johnson. Mr. Erny.
    Mr. Erny. Yes. I mean, I would largely echo what Jennifer 
just said, with the only exception many of the large chemical 
complexes are self-responding. They have their own fire 
brigades right onsite. They interact with some of the locals, 
but most of them are self-sufficient in this regard, or like 
down around the Gulf Coast region, where there is a high 
density of chemical processing, oil and gas, they are involved 
in these co-op initiatives down there.
    So we are probably a little bit different in this regard. 
We do not have a lot of the small operators out in remote 
America that are dealing with volunteer fire companies.
    Chairman Johnson. OK.
    Ms. Menendez. May I comment as well?
    Chairman Johnson. Sure.
    Ms. Menendez. With regard to working with the local 
responders, I do agree. It really depends on the site. Every 
site is--whether it is in a large community, some of our 
employees, because it is such a small community, they are 
members, or their families are members of the local responders, 
so they are aware of what we do because of their family 
members. We reach out to them every year. We are required to 
report, under the Right to Know Act, the chemicals that we have 
in place, and we invite our members of the local fire 
departments to come out and learn what we do, see what we have 
onsite, understand how to respond properly. But it is difficult 
when you are dealing with a voluntary fire department.
    Chairman Johnson. So my last question, and then I will go 
down the table here and ask you for anything that you just have 
to get off your chest. But, the big chemical guys, they are 
going to have all the security, all these programs in place. It 
is really the smaller folks that are going to be more 
vulnerable, and do not have the resources to do that. To me, 
probably the best defense against that is a really good 
reporting system, because even small guys, hopefully, will 
notice if something is missing, and they will be concerned 
about inventory shrinkage, or whatever.
    As part of this, do we have a really good reporting system 
when that happens, kind of a no-fault, with no penalties, but 
literally a small operator out in a rural area going ``I am a 
little concerned because we are just missing three pallets of 
this dangerous chemical.'' Is that a very streamlined reporting 
system up to DHS?
    Ms. Menendez. Interesting enough, we account for every 
movement of our explosive materials. We double-count four in 
four different instances. So eight times a day we are counting, 
when we acquire the material, when we put it on our trucks, 
when we send it out to the customer sites, when we arrive at 
the customer site, when we use it, when we put it back in the 
trucks, and then put it back into our magazines. It is counted 
by two people every step along the way.
    So we feel that when we do incur a theft or a loss of 
explosives, while ATF requires us to report within 24 hours, we 
report by the end of the day. And we may have to amend if we 
discover where that product was, but we report immediately to 
ATF, we report immediately to our law enforcement, and we fill 
out a form and send that in to the bomb center.
    Chairman Johnson. OK. But again, you are an exception in 
this category, a good exception. What about in just basic 
chemistry?
    Mr. Louchheim. Well, I will take a stab first here, sort of 
with a lot of smaller facilities around the country in rural 
America. Like I said earlier, we probably estimate around 6 to 
6,500 agricultural retail facilities around the country. About 
1,500 facilities, or 1,400 of those, approximately, are CFATS-
regulated facilities.
    I would kind of circle back on our ResponsibleAg program, 
actually. This is, I think--which, along with recognition 
programs I think has a place to be part of a CFATS 
reauthorization in some fashion. For ResponsibleAg, for our 
industry, it is a third-party-audited system with auditors that 
go through these facilities. Like I said before these 
facilities typically only have 5 to 10 employees at them. So I 
think in your comments previously you mentioned, there is not 
always the same sophistication in those settings as there would 
be at a major billion-dollar production facility.
    So ResponsibleAg. That is working with these facilities to 
comply with OSHA, DOT, EPA, DHS regulations, to make these 
facilities safer, help them work to be safer and comply with 
basically a myriad of Federal regulations that are out there.
    Yes, the agencies could sometimes work together a little 
better to streamline things, but we are going to work to make 
sure our industry is as safe as possible through ResponsibleAg, 
and other initiatives. Theft and diversion, knowing your 
customer is essential. We preach that to our members, and our 
members already know it.
    Chairman Johnson. But again, the main point of CFATS is if 
these chemicals are stolen, to be used by maligned actors. 
Right? So again, I am just asking, as part of this, do we have 
a really good, well-communicated and well-executed reporting 
structure, even to the small guys, because, quite honestly, 
they are the ones that are going to be more vulnerable. If I 
wanted to steal chemicals, I would go to a little guy that does 
not have the million-dollar security system.
    Mr. Wulf. Mr. Chairman, I think that is where CFATS makes a 
big difference. So, for high-risk chemical facilities, one of 
the risk-based performance standards is RBPS-9, focused on 
response. And under that standard, facilities connect with 
their local responders, establish those reporting chains. In 
many cases we will help them to facilitate that contact, and I 
think that goes a long way.
    Chairman Johnson. But in order to have to comply with RBPS-
9 do they have to be a Tier 1 or 2?
    Mr. Wulf. No. That applies across the board. And I would 
mention, also, that, our detection and monitoring standards are 
aimed at ensuring that facilities have in place measures that 
enable them to detect thefts or diversions in near-real time, 
so as to promote an effective law enforcement response. We are 
certainly sensitive to the costs that those sorts of measures 
can bring to a facility, but we pride ourselves on compliance 
assistance. So our inspectors are not out there just doing 
compliance inspections. They are available, our headquarters 
staff is available to work with facilities, to talk through 
what, in many cases, can be lower-cost options to meet the 
spirit of the risk-based performance standards.
    Chairman Johnson. OK. Why do not we close this thing out, 
and we will start with Ms. Satkowiak.
    Ms. Satkowiak. Thank you again, Mr. Chairman, for this 
opportunity. IME has been asking for years. We have been 
seeking for regulatory relief to remove explosives from the 
chemicals of interest, Appendix A, and getting, again, relief 
from that duplicative regulation. We have been asking for data 
to show justification as to why explosives materials were 
included under the program.
    Certainly, again, the government data that is out there 
shows that in the bombings that have happened here in the 
United States, only between 1 and 2 percent of those have 
involved commercial explosives materials, and the number of 
thefts are so low, they have plummeted since 1985. In the years 
leading up to CFATS, they have plummeted more than 80 percent, 
and it was industry and ATF regulations that brought that down. 
So CFATS program did not have any demonstrated improvement in 
that security, despite the millions of dollars that our member 
companies have incurred.
    So I just also want to reinforce, as you are considering 
the removal of explosives materials through a statutory 
exemption, which is what we are looking for, is that by ATF 
requirements, which I sometimes get the feeling are being 
discounted by DHS, we have accountability for every single 
trace amount of explosives materials. There is no threshold. It 
is any amount of explosives materials, they are accounted for. 
I have heard the term ``track and trace.'' It is not exactly 
what it is called under ATF. We have accountability for every 
single movement. So we know if any piece has been missing, 
diverted, or has fallen into the wrong hands. Every single of 
our employees and responsible persons, again, are vetted.
    So for these reasons we feel that these duplicative 
regulations can be removed off of the explosives industry, and 
thank you again. Appreciate your time.
    Chairman Johnson. Ms. Menendez.
    Ms. Menendez. Thank you. Each business has its own 
regulatory environment applicable and beneficial to its 
operations. It is with confidence that Austin Powder relies on 
the Federal explosives laws and regulations and 27 CFR 555, 
Commerce and Explosives, to remain compliant as we build our 
business.
    We respect those that appreciate the CFATS oversight in 
otherwise unregulated or minimally regulated businesses, but my 
testimony today was meant to provide evidence that in a highly 
regulated industry like the commercial explosives industry, 
layering additional DHS regulation on top of existing ATF 
regulation has proven to keep commercial explosives secure, is 
unnecessary and very confusing.
    Chairman Johnson. OK. I understand. Mr. Louchheim.
    Mr. Louchheim. Sure. Thank you, Mr. Chairman, for holding 
the roundtable today. I appreciate your kicking off the process 
and getting things moving. Like I said earlier, we support a 
multi-year reauthorization of the CFATS program. Four to 6 
years seems to make sense.
    In general, the program provides a good framework for 
security measures for a number of our members' facilities, and 
we think that is helpful and valuable. We think transparency is 
important to look at as we do reauthorization. We think that 
the Personal Surety Program, as has been mentioned, should be 
limited right now to Tiers 1 and 2. And we think stewardship 
programs have a valuable place in the program, to bolster our 
Nation's security.
    Chairman Johnson. Again, you do not have to restate what 
you have already stated, but this is for new information. Mr. 
Erny.
    Mr. Erny. Yes. They stole all my thunder. I think I 
probably would have said exactly the same thing. Appreciate the 
opportunity. I look forward to working with your staff to find 
more ideas about how we can streamline and make this program 
better. Thank you.
    Chairman Johnson. Mr. Eppli.
    Mr. Eppli. Thank you for the opportunity to be here. We do 
want a safe country. For business, we need certainty, so we 
would like some certainty. I think that ties to how long this 
should be reauthorized. We believe it should be reauthorized. I 
would stick with at least a minimum of 4 years. DHS has been 
good to work with.
    I would like to get some recognition of some of the other 
duplicate work that we do, with either agencies or with the 
recognition of the stewardship programs that we have in place 
through Responsible Distribution, with NACD, or Responsible 
Care at ACC.
    Chairman Johnson. OK. Ms. Gibson.
    Ms. Gibson. Yes. Thank you, Mr. Chairman, for holding this 
roundtable today. I would echo what my colleagues here have 
said and just want to reiterate that even though chemical 
distribution is very highly regulated by many agencies and we 
have a 28-page regulatory resource guide and checklist for our 
members; we do still strongly support the CFATS program and 
DHS's approaches to implementing it. We think that should be a 
role model for other agencies, and we look forward to working 
with you and the Committee on reauthorization.
    Chairman Johnson. Mr. LeGros.
    Mr. LeGros. Thank you, Chairman, for having me here today. 
I would just like to reiterate the reauthorization of the CFATS 
program, and again, the reason why I am here is as far as the 
cyber and the training issues that need to be addressed by the 
agency.
    Chairman Johnson. Mr. Currie.
    Mr. Currie. Two quick adds to the discussion. One, I think 
we have been looking, at GAO, at this holistically across the 
country, and I think measuring risk reduction or the security 
benefit is really difficult. It is hard to do that with just 
outputs. So I think we need to continue to push DHS to try to 
measure across the country how we are reducing risk.
    The second piece is we have done a lot of work on 
overlapping Federal regulatory programs in a lot of areas, and 
the Federal fatigue that can set in when that happens. And I 
think there is a lot that can be done at the agency level, and 
with the States, to coordinate behind the scenes, to actually 
make a big impact on a lot of that.
    Chairman Johnson. Mr. Wulf.
    Mr. Wulf. Excellent. Thank you. I thank you so much, Mr. 
Chairman. I think this has been a great dialogue. I think we 
are in agreement that CFATS does make America more secure, that 
long-term authorization affords important stability to the 
program, important certainty for our industry stakeholders. I 
would note that I am certainly not averse to, even during a 
longer term, 
10-, 20-, 30-year authorization period----
    Chairman Johnson. That will never happen. I am just telling 
you, it would never happen. I am sorry.
    Mr. Wulf. But I will say changes can be made.
    Chairman Johnson. Unfortunately, we have so many things to 
look into. The only reason we are looking at this today is 
because we have to reauthorize it.
    Mr. Wulf. Yes. I appreciate that. And I also appreciate the 
active engagement of our industry stakeholder community. I 
think, as you have seen today, they are not a shy group, not 
shy about telling us how they think the program can improve. 
And, this is a shared enterprise, and I think it is a program 
that is well tailored to the task at hand. It is narrowly 
targeted to America's highest-risk chemical facilities, and 
really do appreciate your leadership on reauthorization.
    Chairman Johnson. OK. Again, thank you for your service in 
leading an effort that really is recognized as being one that 
is cooperative.
    Just to reiterate, we would not be having this roundtable 
if it were not for the reauthorization. Permanency is, from my 
standpoint, off the table. It is really what is the proper 
length of time.
    Again, we have an opportunity here, and you have a Chairman 
who comes from industry, who looks with a great deal of 
skepticism, of government control over anything. But the goal 
that you laid out there, we all want a safe, secure America. 
And we face threats. It is a very unpleasant reality but it is 
one that we have to face.
    So I am encouraged by the cooperation. I am encouraged by 
the fact the last reauthorization honed this program a little 
bit better. I think there is definitely room for improvement. I 
come from a manufacturing background, continuous improvement. 
So I am really encouraging everybody at this table, I think the 
roundtable itself was very cooperative. But also recognize I 
have the folks here that could potentially be suffering from 
Stockholm syndrome.
    I want you to be completely honest with whistleblower 
protections contacting our Committee. For the same thing, the 
GAO, as well as the Department. Let us be as honest and 
forthright as possible. Let us produce a better reauthorization 
than what is in law today. And again, let us not fix what is 
not broken. Let us not upset the apple cart just because it 
might be a little bit better. I think we have to really take a 
look at the cost of changing something versus the benefit of 
making it a little bit better. OK?
    So again, this is a really good opportunity. We have the 
time. This looks like a very cooperative group. I just really 
encourage you to work very closely with staff, be completely 
honest, and let us end up with a reauthorization that just 
makes this a lot better program. OK?
    With that, the roundtable record will remain open for 15 
days, until June 27th, at 5 p.m., for the submission of 
statements and questions for the record, although you can 
always contact our staff. OK?
    With that, the roundtable is adjourned.
    [Whereupon, at 12:24 p.m., the Committee was adjourned.]

                            A P P E N D I X

                              ----------                              


[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]

                                 [all]