[Congressional Record Volume 160, Number 150 (Wednesday, December 10, 2014)]
[Senate]
[Pages S6481-S6486]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
PROTECTING AND SECURING CHEMICAL FACILITIES FROM TERRORIST ATTACKS ACT
OF 2014
Mrs. BOXER. I ask unanimous consent that the Senate proceed to the
[[Page S6482]]
consideration of Calendar No. 578, H.R. 4007.
The PRESIDING OFFICER. The clerk will report the bill by title.
The assistant legislative clerk read as follows:
A bill (H.R. 4007) to recodify and reauthorize the Chemical
Facility and Anti-Terrorism Standards Program.
There being no objection, the Senate proceeded to consider the bill,
which had been reported from the Committee on Homeland Security and
Governmental Affairs, with an amendment to strike all after the
enacting clause and insert in lieu thereof the following:
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Protecting and Securing
Chemical Facilities from Terrorist Attacks Act of 2014''.
SEC. 2. CHEMICAL FACILITY ANTI-TERRORISM STANDARDS PROGRAM.
(a) In General.--The Homeland Security Act of 2002 (6
U.S.C. 101 et seq.) is amended by adding at the end the
following:
``TITLE XXI--CHEMICAL FACILITY ANTI-TERRORISM STANDARDS
``SEC. 2101. DEFINITIONS.
``In this title--
``(1) the term `CFATS regulation' means--
``(A) an existing CFATs regulation; and
``(B) any regulation or amendment to an existing CFATS
regulation issued pursuant to the authority under section
2107;
``(2) the term `chemical facility of interest' means a
facility that--
``(A) holds, or that the Secretary has a reasonable basis
to believe holds, a chemical of interest, as designated under
Appendix A to part 27 of title 6, Code of Federal
Regulations, or any successor thereto, at a threshold
quantity set pursuant to relevant risk-related security
principles; and
``(B) is not an excluded facility;
``(3) the term `covered chemical facility' means a facility
that--
``(A) the Secretary--
``(i) identifies as a chemical facility of interest; and
``(ii) based upon review of the facility's Top-Screen,
determines meets the risk criteria developed under section
2102(e)(2)(B); and
``(B) is not an excluded facility;
``(4) the term `excluded facility' means--
``(A) a facility regulated under the Maritime
Transportation Security Act of 2002 (Public Law 107-295; 116
Stat. 2064);
``(B) a public water system, as that term is defined in
section 1401 of the Safe Drinking Water Act (42 U.S.C. 300f);
``(C) a Treatment Works, as that term is defined in section
212 of the Federal Water Pollution Control Act (33 U.S.C.
1292);
``(D) a facility owned or operated by the Department of
Defense or the Department of Energy; or
``(E) a facility subject to regulation by the Nuclear
Regulatory Commission, or by a State that has entered into an
agreement with the Nuclear Regulatory Commission under
section 274 b. of the Atomic Energy Act of 1954 (42 U.S.C.
2021(b)) to protect against unauthorized access of any
material, activity, or structure licensed by the Nuclear
Regulatory Commission;
``(5) the term `existing CFATS regulation' means--
``(A) a regulation promulgated under section 550 of the
Department of Homeland Security Appropriations Act, 2007
(Public Law 109-295; 6 U.S.C. 121 note) that is in effect on
the day before the date of enactment of the Protecting and
Securing Chemical Facilities from Terrorist Attacks Act of
2014; and
``(B) a Federal Register notice or other published guidance
relating to section 550 of the Department of Homeland
Security Appropriations Act, 2007 that is in effect on the
day before the date of enactment of the Protecting and
Securing Chemical Facilities from Terrorist Attacks Act of
2014;
``(6) the term `expedited approval facility' means a
covered chemical facility for which the owner or operator
elects to submit a site security plan in accordance with
section 2102(c)(4);
``(7) the term `facially deficient', relating to a site
security plan, means a site security plan that does not
support a certification that the security measures in the
plan address the security vulnerability assessment and the
risk-based performance standards for security for the
facility, based on a review of--
``(A) the facility's site security plan;
``(B) the facility's Top-Screen;
``(C) the facility's security vulnerability assessment; or
``(D) any other information that--
``(i) the facility submits to the Department; or
``(ii) the Department obtains from a public source or other
source;
``(8) the term `guidance for expedited approval facilities'
means the guidance issued under section 2102(c)(4)(B)(i);
``(9) the term `risk assessment' means the Secretary's
application of relevant risk criteria identified in section
2102(e)(2)(B);
``(10) the term `terrorist screening database' means the
terrorist screening database maintained by the Federal
Government Terrorist Screening Center or its successor;
``(11) the term `tier' has the meaning given the term in
section 27.105 of title 6, Code of Federal Regulations, or
any successor thereto;
``(12) the terms `tiering' and `tiering methodology' mean
the procedure by which the Secretary assigns a tier to each
covered chemical facility based on the risk assessment for
that covered chemical facility;
``(13) the term `Top-Screen' has the meaning given the term
in section 27.105 of title 6, Code of Federal Regulations, or
any successor thereto; and
``(14) the term `vulnerability assessment' means the
identification of weaknesses in the security of a chemical
facility of interest.
``SEC. 2102. CHEMICAL FACILITY ANTI-TERRORISM STANDARDS
PROGRAM.
``(a) Program Established.--
``(1) In general.--There is in the Department a Chemical
Facility Anti-Terrorism Standards Program.
``(2) Requirements.--In carrying out the Chemical Facility
Anti-Terrorism Standards Program, the Secretary shall--
``(A) identify--
``(i) chemical facilities of interest; and
``(ii) covered chemical facilities;
``(B) require each chemical facility of interest to submit
a Top-Screen and any other information the Secretary
determines necessary to enable the Department to assess the
security risks associated with the facility;
``(C) establish risk-based performance standards designed
to address high levels of security risk at covered chemical
facilities; and
``(D) require each covered chemical facility to--
``(i) submit a security vulnerability assessment; and
``(ii) develop, submit, and implement a site security plan.
``(b) Security Measures.--A facility, in developing a site
security plan as required under subsection (a), shall include
security measures that, in combination, appropriately address
the security vulnerability assessment and the risk-based
performance standards for security for the facility.
``(c) Approval or Disapproval of Site Security Plans.--
``(1) In general.--
``(A) Review.--Except as provided in paragraph (4), the
Secretary shall review and approve or disapprove each site
security plan submitted pursuant to subsection (a).
``(B) Bases for disapproval.--The Secretary--
``(i) may not disapprove a site security plan based on the
presence or absence of a particular security measure; and
``(ii) shall disapprove a site security plan if the plan
fails to satisfy the risk-based performance standards
established pursuant to subsection (a)(2)(C).
``(2) Alternative security programs.--
``(A) Authority to approve.--
``(i) In general.--The Secretary may approve an alternative
security program established by a private sector entity or a
Federal, State, or local authority or under other applicable
laws, if the Secretary determines that the requirements of
the program meet the requirements under this section.
``(ii) Additional security measures.--If the requirements
of an alternative security program do not meet the
requirements under this section, the Secretary may recommend
additional security measures to the program that will enable
the Secretary to approve the program.
``(B) Satisfaction of site security plan requirement.--A
covered chemical facility may satisfy the site security plan
requirement under subsection (a) by adopting an alternative
security program that the Secretary has--
``(i) reviewed and approved under subparagraph (A); and
``(ii) determined to be appropriate for the operations and
security concerns of the covered chemical facility.
``(3) Site security plan assessments.--
``(A) Risk assessment policies and procedures.--In
approving or disapproving a site security plan under this
subsection, the Secretary shall employ the risk assessment
policies and procedures developed under this title.
``(B) Previously approved plans.--In the case of a covered
chemical facility for which the Secretary approved a site
security plan before the date of enactment of the Protecting
and Securing Chemical Facilities from Terrorist Attacks Act
of 2014, the Secretary may not require the facility to
resubmit the site security plan solely by reason of the
enactment of this title.
``(4) Expedited approval program.--
``(A) In general.--A covered chemical facility assigned to
tier 3 or 4 may meet the requirement to develop and submit a
site security plan under subsection (a)(2)(D) by developing
and submitting to the Secretary--
``(i) a site security plan and the certification described
in subparagraph (C); or
``(ii) a site security plan in conformance with a template
authorized under subparagraph (H).
``(B) Guidance for expedited approval facilities.--
``(i) In general.--Not later than 180 days after the date
of enactment of the Protecting and Securing Chemical
Facilities from Terrorist Attacks Act of 2014, the Secretary
shall issue guidance for expedited approval facilities that
identifies specific security measures that are sufficient to
meet the risk-based performance standards.
``(ii) Material deviation from guidance.--If a security
measure in the site security plan of an expedited approval
facility materially deviates from a security measure in the
guidance for expedited approval facilities, the site security
plan shall include an explanation of how such security
measure meets the risk-based performance standards.
``(iii) Process.--In developing and issuing, or amending,
the guidance for expedited approval facilities under this
subparagraph and in collecting information from expedited
approval facilities, the Secretary--
``(I) shall consult with--
``(aa) Sector Coordinating Councils established under
sections 201 and 871(a); and
``(bb) appropriate labor organizations; and
``(II) shall not be subject to section 553 of title 5,
United States Code, the National Environmental Policy Act of
1969 (42 U.S.C. 4321 et
[[Page S6483]]
seq.), subchapter I of chapter 35 of title 44, United States
Code, or section 2107(b) of this title.
``(C) Certification.--The owner or operator of an expedited
approval facility shall submit to the Secretary a
certification, signed under penalty of perjury, that--
``(i) the owner or operator is familiar with the
requirements of this title and part 27 of title 6, Code of
Federal Regulations, or any successor thereto, and the site
security plan being submitted;
``(ii) the site security plan includes the security
measures required by subsection (b);
``(iii)(I) the security measures in the site security plan
do not materially deviate from the guidance for expedited
approval facilities except where indicated in the site
security plan;
``(II) any deviations from the guidance for expedited
approval facilities in the site security plan meet the risk-
based performance standards for the tier to which the
facility is assigned; and
``(III) the owner or operator has provided an explanation
of how the site security plan meets the risk-based
performance standards for any material deviation;
``(iv) the owner or operator has visited, examined,
documented, and verified that the expedited approval facility
meets the criteria set forth in the site security plan;
``(v) the expedited approval facility has implemented all
of the required performance measures outlined in the site
security plan or set out planned measures that will be
implemented within a reasonable time period stated in the
site security plan;
``(vi) each individual responsible for implementing the
site security plan is fully aware of the requirements
relevant to the individual's responsibility contained in the
site security plan and is competent to carry out those
requirements; and
``(vii) the owner or operator has committed, or, in the
case of planned measures will commit, the necessary resources
to fully implement the site security plan.
``(D) Deadline.--
``(i) In general.--Not later than 120 days after the date
described in clause (ii), the owner or operator of an
expedited approval facility shall submit to the Secretary the
site security plan and the certification described in
subparagraph (C).
``(ii) Date.--The date described in this clause is--
``(I) for an expedited approval facility that was assigned
to tier 3 or 4 under existing CFATS regulations before the
date of enactment of the Protecting and Securing Chemical
Facilities from Terrorist Attacks Act of 2014, the date that
is 210 days after the date of enactment of that Act; and
``(II) for any expedited approval facility not described in
subclause (I), the later of--
``(aa) the date on which the expedited approval facility is
assigned to tier 3 or 4 under subsection (e)(2)(A); or
``(bb) the date that is 210 days after the date of
enactment of the Protecting and Securing Chemical Facilities
from Terrorist Attacks Act of 2014.
``(iii) Notice.--An owner or operator of an expedited
approval facility shall notify the Secretary of the intent of
the owner or operator to certify the site security plan for
the expedited approval facility not later than 30 days before
the date on which the owner or operator submits the site
security plan and certification described in subparagraph
(C).
``(E) Compliance.--
``(i) In general.--For an expedited approval facility
submitting a site security plan and certification in
accordance with subparagraphs (A), (B), (C), and (D)--
``(I) the expedited approval facility shall comply with all
of the requirements of its site security plan; and
``(II) the Secretary--
``(aa) except as provided in subparagraph (G), may not
disapprove the site security plan; and
``(bb) may audit and inspect the expedited approval
facility under subsection (d) to verify compliance with its
site security plan.
``(ii) Noncompliance.--If the Secretary determines an
expedited approval facility is not in compliance with the
requirements of the site security plan or is otherwise in
violation of this title, the Secretary may enforce compliance
in accordance with section 2104.
``(F) Amendments to site security plan.--
``(i) Requirement.--
``(I) In general.--If the owner or operator of an expedited
approval facility amends a site security plan submitted under
subparagraph (A), the owner or operator shall submit the
amended site security plan and a certification relating to
the amended site security plan that contains the information
described in subparagraph (C).
``(II) Technical amendments.--For purposes of this clause,
an amendment to a site security plan includes any technical
amendment to the site security plan.
``(ii) Amendment required.--The owner or operator of an
expedited approval facility shall amend the site security
plan if--
``(I) there is a change in the design, construction,
operation, or maintenance of the expedited approval facility
that affects the site security plan;
``(II) the Secretary requires additional security measures
or suspends a certification and recommends additional
security measures under subparagraph (G); or
``(III) the owner or operator receives notice from the
Secretary of a change in tiering under subsection (e)(3).
``(iii) Deadline.--An amended site security plan and
certification shall be submitted under clause (i)--
``(I) in the case of a change in design, construction,
operation, or maintenance of the expedited approval facility
that affects the security plan, not later than 120 days after
the date on which the change in design, construction,
operation, or maintenance occurred;
``(II) in the case of the Secretary requiring additional
security measures or suspending a certification and
recommending additional security measures under subparagraph
(G), not later than 120 days after the date on which the
owner or operator receives notice of the requirement for
additional security measures or suspension of the
certification and recommendation of additional security
measures; and
``(III) in the case of a change in tiering, not later than
120 days after the date on which the owner or operator
receives notice under subsection (e)(3).
``(G) Facially deficient site security plans.--
``(i) Prohibition.--Notwithstanding subparagraph (A) or
(E), the Secretary may suspend the authority of a covered
chemical facility to certify a site security plan if the
Secretary--
``(I) determines the certified site security plan or an
amended site security plan is facially deficient; and
``(II) not later than 100 days after the date on which the
Secretary receives the site security plan and certification,
provides the covered chemical facility with written
notification that the site security plan is facially
deficient, including a clear explanation of each deficiency
in the site security plan.
``(ii) Additional security measures.--
``(I) In general.--If, during or after a compliance
inspection of an expedited approval facility, the Secretary
determines that planned or implemented security measures in
the site security plan of the facility are insufficient to
meet the risk-based performance standards based on
misrepresentation, omission, or an inadequate description of
the site, the Secretary may--
``(aa) require additional security measures; or
``(bb) suspend the certification of the facility.
``(II) Recommendation of additional security measures.--If
the Secretary suspends the certification of an expedited
approval facility under subclause (I), the Secretary shall--
``(aa) recommend specific additional security measures
that, if made part of the site security plan by the facility,
would enable the Secretary to approve the site security plan;
and
``(bb) provide the facility an opportunity to submit a new
or modified site security plan and certification under
subparagraph (A).
``(III) Submission; review.--If an expedited approval
facility determines to submit a new or modified site security
plan and certification as authorized under subclause
(II)(bb)--
``(aa) not later than 90 days after the date on which the
facility receives recommendations under subclause (II)(aa),
the facility shall submit the new or modified plan and
certification; and
``(bb) not later than 45 days after the date on which the
Secretary receives the new or modified plan under item (aa),
the Secretary shall review the plan and determine whether the
plan is facially deficient.
``(IV) Determination not to include additional security
measures.--
``(aa) Revocation of certification.--If an expedited
approval facility does not agree to include in its site
security plan specific additional security measures
recommended by the Secretary under subclause (II)(aa), or
does not submit a new or modified site security plan in
accordance with subclause (III), the Secretary may revoke the
certification of the facility by issuing an order under
section 2104(a)(1)(B).
``(bb) Effect of revocation.--If the Secretary revokes the
certification of an expedited approval facility under item
(aa) by issuing an order under section 2104(a)(1)(B)--
``(AA) the order shall require the owner or operator of the
facility to submit a site security plan or alternative
security program for review by the Secretary review under
subsection (c)(1); and
``(BB) the facility shall no longer be eligible to certify
a site security plan under this paragraph.
``(V) Facial deficiency.--If the Secretary determines that
a new or modified site security plan submitted by an
expedited approval facility under subclause (III) is facially
deficient--
``(aa) not later than 120 days after the date of the
determination, the owner or operator of the facility shall
submit a site security plan or alternative security program
for review by the Secretary under subsection (c)(1); and
``(bb) the facility shall no longer be eligible to certify
a site security plan under this paragraph.
``(H) Templates.--
``(i) In general.--The Secretary may develop prescriptive
site security plan templates with specific security measures
to meet the risk-based performance standards under subsection
(a)(2)(C) for adoption and certification by a covered
chemical facility assigned to tier 3 or 4 in lieu of
developing and certifying its own plan.
``(ii) Process.--In developing and issuing, or amending,
the site security plan templates under this subparagraph,
issuing guidance for implementation of the templates, and in
collecting information from expedited approval facilities,
the Secretary--
``(I) shall consult with--
``(aa) Sector Coordinating Councils established under
sections 201 and 871(a); and
``(bb) appropriate labor organizations; and
``(II) shall not be subject to section 553 of title 5,
United States Code, the National Environmental Policy Act of
1969 (42 U.S.C. 4321 et seq.), subchapter I of chapter 35 of
title 44, United States Code, or section 2107(b) of this
title.
``(iii) Rule of construction.--Nothing in this subparagraph
shall be construed to prevent a covered chemical facility
from developing and certifying its own security plan in
accordance with subparagraph (A).
``(I) Evaluation.--
[[Page S6484]]
``(i) In general.--Not later than 18 months after the date
of enactment of the Protecting and Securing Chemical
Facilities from Terrorist Attacks Act of 2014, the Secretary
shall take any appropriate action necessary for a full
evaluation of the expedited approval program authorized under
this paragraph, including conducting an appropriate number of
inspections, as authorized under subsection (d), of expedited
approval facilities.
``(ii) Report.--Not later than 18 months after the date of
enactment of the Protecting and Securing Chemical Facilities
from Terrorist Attacks Act of 2014, the Secretary shall
submit to the Committee on Homeland Security and Governmental
Affairs of the Senate and the Committee on Homeland Security
of the House of Representatives a report that contains--
``(I) any costs and efficiencies associated with the
expedited approval program authorized under this paragraph;
``(II) the impact of the expedited approval program on the
backlog for site security plan approval and authorization
inspections;
``(III) an assessment of the ability of expedited approval
facilities to submit facially sufficient site security plans;
``(IV) an assessment of any impact of the expedited
approval program on the security of chemical facilities; and
``(V) a recommendation by the Secretary on the frequency of
compliance inspections that may be required for expedited
approval facilities.
``(d) Compliance.--
``(1) Audits and inspections.--
``(A) Definitions.--In this paragraph--
``(i) the term `nondepartmental'--
``(I) with respect to personnel, means personnel that is
not employed by the Department; and
``(II) with respect to an entity, means an entity that is
not a component or other authority of the Department; and
``(ii) the term `nongovernmental'--
``(I) with respect to personnel, means personnel that is
not employed by the Federal Government; and
``(II) with respect to an entity, means an entity that is
not an agency, department, or other authority of the Federal
Government.
``(B) Authority to conduct audits and inspections.--The
Secretary shall conduct audits or inspections under this
title using--
``(i) employees of the Department; or
``(ii) nondepartmental or nongovernmental personnel
approved by the Secretary.
``(C) Support personnel.--The Secretary may use
nongovernmental personnel to provide administrative and
logistical services in support of audits and inspections
under this title.
``(D) Reporting structure.--
``(i) Nondepartmental and nongovernmental audits and
inspections.--Any audit or inspection conducted by an
individual employed by a nondepartmental or nongovernmental
entity shall be assigned in coordination with a regional
supervisor with responsibility for supervising inspectors
within the Infrastructure Security Compliance Division of the
Department for the region in which the audit or inspection is
to be conducted.
``(ii) Requirement to report.--While an individual employed
by a nondepartmental or nongovernmental entity is in the
field conducting an audit or inspection under this
subsection, the individual shall report to the regional
supervisor with responsibility for supervising inspectors
within the Infrastructure Security Compliance Division of the
Department for the region in which the individual is
operating.
``(iii) Approval.--The authority to approve a site security
plan under subsection (c) or determine if a covered chemical
facility is in compliance with an approved site security plan
shall be exercised solely by the Secretary or a designee of
the Secretary within the Department.
``(E) Standards for auditors and inspectors.--The Secretary
shall prescribe standards for the training and retraining of
each individual used by the Department as an auditor or
inspector, including each individual employed by the
Department and all nondepartmental or nongovernmental
personnel, including--
``(i) minimum training requirements for new auditors and
inspectors;
``(ii) retraining requirements;
``(iii) minimum education and experience levels;
``(iv) the submission of information as required by the
Secretary to enable determination of whether the auditor or
inspector has a conflict of interest;
``(v) the proper certification or certifications necessary
to handle chemical-terrorism vulnerability information (as
defined in section 27.105 of title 6, Code of Federal
Regulations, or any successor thereto);
``(vi) the reporting of any issue of non-compliance with
this section to the Secretary within 24 hours; and
``(vii) any additional qualifications for fitness of duty
as the Secretary may require.
``(F) Conditions for nongovernmental auditors and
inspectors.--If the Secretary arranges for an audit or
inspection under subparagraph (B) to be carried out by a
nongovernmental entity, the Secretary shall--
``(i) prescribe standards for the qualification of the
individuals who carry out such audits and inspections that
are commensurate with the standards for similar Government
auditors or inspectors; and
``(ii) ensure that any duties carried out by a
nongovernmental entity are not inherently governmental
functions.
``(2) Personnel surety.--
``(A) Personnel surety program.--For purposes of this
title, the Secretary shall establish and carry out a
Personnel Surety Program that--
``(i) does not require an owner or operator of a covered
chemical facility that voluntarily participates in the
program to submit information about an individual more than
one time;
``(ii) provides a participating owner or operator of a
covered chemical facility with relevant information about an
individual based on vetting the individual against the
terrorist screening database, to the extent that such
feedback is necessary for the facility to be in compliance
with regulations promulgated under this title; and
``(iii) provides redress to an individual--
``(I) whose information was vetted against the terrorist
screening database under the program; and
``(II) who believes that the personally identifiable
information submitted to the Department for such vetting by a
covered chemical facility, or its designated representative,
was inaccurate.
``(B) Personnel surety program implementation.--To the
extent that a risk-based performance standard established
under subsection (a) requires identifying individuals with
ties to terrorism--
``(i) a covered chemical facility may satisfy its
obligation under the standard by using any Federal screening
program that periodically vets individuals against the
terrorist screening database, or any successor program,
including the Personnel Surety Program established under
subparagraph (A); and
``(ii) the Secretary may not require a covered chemical
facility to submit any information about an individual unless
the individual--
``(I) is to be vetted under the Personnel Surety Program;
or
``(II) has been identified as presenting a terrorism
security risk.
``(3) Availability of information.--The Secretary shall
share with the owner or operator of a covered chemical
facility any information that the owner or operator needs to
comply with this section.
``(e) Responsibilities of the Secretary.--
``(1) Identification of chemical facilities of interest.--
In carrying out this title, the Secretary shall consult with
the heads of other Federal agencies, States and political
subdivisions thereof, relevant business associations, and
public and private labor organizations to identify all
chemical facilities of interest.
``(2) Risk assessment.--
``(A) In general.--For purposes of this title, the
Secretary shall develop a security risk assessment approach
and corresponding tiering methodology for covered chemical
facilities that incorporates the relevant elements of risk,
including threat, vulnerability, and consequence.
``(B) Criteria for determining security risk.--The criteria
for determining the security risk of terrorism associated
with a covered chemical facility shall take into account--
``(i) relevant threat information;
``(ii) potential economic consequences and the potential
loss of human life in the event of the facility being subject
to a terrorist attack, compromise, infiltration, or
exploitation; and
``(iii) vulnerability of the facility to a terrorist
attack, compromise, infiltration, or exploitation.
``(3) Changes in tiering.--
``(A) Maintenance of records.--The Secretary shall document
the basis for each instance in which--
``(i) tiering for a covered chemical facility is changed;
or
``(ii) a covered chemical facility is determined to no
longer be subject to the requirements under this title.
``(B) Required information.--The records maintained under
subparagraph (A) shall include information on whether and how
the Secretary confirmed the information that was the basis
for the change or determination described in subparagraph
(A).
``(4) Semiannual performance reporting.--Not later than 6
months after the date of enactment of the Protecting and
Securing Chemical Facilities from Terrorist Attacks Act of
2014, and not less frequently than once every 6 months
thereafter, the Secretary shall submit to the Committee on
Homeland Security and Governmental Affairs of the Senate and
the Committee on Homeland Security of the House of
Representatives a report that describes, for the period
covered by the report--
``(A) the number of covered chemical facilities in the
United States;
``(B) the average number of days spent reviewing site
security or an alternative security program for a covered
chemical facility prior to approval;
``(C) the number of covered chemical facilities inspected;
``(D) the average number of covered chemical facilities
inspected per inspector; and
``(E) any other information that the Secretary determines
will be helpful to Congress in evaluating the performance of
the Chemical Facility Anti-Terrorism Standards Program.
``SEC. 2103. PROTECTION AND SHARING OF INFORMATION.
``(a) In General.--Notwithstanding any other provision of
law, information developed under this title, including
vulnerability assessments, site security plans, and other
security related information, records, and documents shall be
given protections from public disclosure consistent with the
protection of similar information under section 70103(d) of
title 46, United States Code.
``(b) Sharing of Information With States and Local
Governments.--Nothing in this section shall be construed to
prohibit the sharing of information developed under this
title, as the Secretary determines appropriate, with State
and local government officials possessing a need to know and
the necessary security clearances, including law enforcement
officials and first responders, for the purpose of carrying
out this title.
``(c) Sharing of Information With First Responders.--
``(1) Requirement.--The Secretary shall provide to State,
local, and regional fusion centers
[[Page S6485]]
(as that term is defined in section 210A(j)(1)) and State and
local government officials, as the Secretary determines
appropriate, such information as is necessary to help ensure
that first responders are properly prepared and provided with
the situational awareness needed to respond to security
incidents at covered chemical facilities.
``(2) Dissemination.--The Secretary shall disseminate
information under paragraph (1) through a medium or system
determined by the Secretary to be appropriate to ensure the
secure and expeditious dissemination of such information to
necessary selected individuals.
``(d) Enforcement Proceedings.--In any proceeding to
enforce this section, vulnerability assessments, site
security plans, and other information submitted to or
obtained by the Secretary under this title, and related
vulnerability or security information, shall be treated as if
the information were classified information.
``(e) Availability of Information.--Notwithstanding any
other provision of law (including section 552(b)(3) of title
5, United States Code), section 552 of title 5, United States
Code (commonly known as the `Freedom of Information Act')
shall not apply to information protected from public
disclosure pursuant to subsection (a) of this section.
``SEC. 2104. CIVIL ENFORCEMENT.
``(a) Notice of Noncompliance.--
``(1) Notice.--If the Secretary determines that a covered
chemical facility is not in compliance with this title, the
Secretary shall--
``(A) provide the owner or operator of the facility with--
``(i) not later than 14 days after date on which the
Secretary makes the determination, a written notification of
noncompliance that includes a clear explanation of any
deficiency in the security vulnerability assessment or site
security plan; and
``(ii) an opportunity for consultation with the Secretary
or the Secretary's designee; and
``(B) issue to the owner or operator of the facility an
order to comply with this title by a date specified by the
Secretary in the order, which date shall be not later than
180 days after the date on which the Secretary issues the
order.
``(2) Continued noncompliance.--If an owner or operator
continues to be in noncompliance with this title after the
date specified in an order issued under paragraph (1)(B), the
Secretary may enter an order in accordance with this section
assessing a civil penalty, an order to cease operations, or
both.
``(b) Civil Penalties.--
``(1) Violations of orders.--Any person who violates an
order issued under this title shall be liable for a civil
penalty under section 70119(a) of title 46, United States
Code.
``(2) Non-reporting chemical facilities of interest.--Any
owner of a chemical facility of interest who fails to comply
with, or knowingly submits false information under, this
title or the CFATS regulations shall be liable for a civil
penalty under section 70119(a) of title 46, United States
Code.
``(c) Emergency Orders.--
``(1) In general.--Notwithstanding subsection (a) or any
site security plan or alternative security program approved
under this title, if the Secretary determines that there is a
reasonable likelihood that a violation of this title or the
CFATS regulations by a chemical facility could result in
death, serious illness, severe personal injury, or
substantial endangerment to the public, the Secretary may
direct the facility, effective immediately or as soon as
practicable, to--
``(A) cease some or all operations; or
``(B) implement appropriate emergency security measures.
``(2) Limitation on delegation.--The Secretary may not
delegate the authority under paragraph (1) to any official
other than the Under Secretary for the National Protection
and Programs Directorate.
``(d) Right of Action.--Nothing in this title confers upon
any person except the Secretary or his or her designee a
right of action against an owner or operator of a covered
chemical facility to enforce any provision of this title.
``SEC. 2105. WHISTLEBLOWER PROTECTIONS.
``(a) Procedure for Reporting Problems.--
``(1) Establishment of a reporting procedure.--Not later
than 180 days after the date of enactment of the Protecting
and Securing Chemical Facilities from Terrorist Attacks Act
of 2014, the Secretary shall establish, and provide
information to the public regarding, a procedure under which
any employee or contractor of a chemical facility may submit
a report to the Secretary regarding problems, deficiencies,
or vulnerabilities at a covered chemical facility that are
associated with the risk of a chemical facility terrorist
incident.
``(2) Confidentiality.--The Secretary shall keep
confidential the identity of an individual who submits a
report under paragraph (1) and any such report shall be
treated as a record containing protected information to the
extent that the report does not consist of publicly available
information.
``(3) Acknowledgment of receipt.--If a report submitted
under paragraph (1) identifies the individual making the
report, the Secretary shall promptly respond to the
individual directly and shall promptly acknowledge receipt of
the report.
``(4) Steps to address problems.--The Secretary shall--
``(A) review and consider the information provided in any
report submitted under paragraph (1); and
``(B) take appropriate steps under this title if necessary
to address any substantiated problems, deficiencies, or
vulnerabilities associated with the risk of a chemical
facility terrorist incident identified in the report.
``(5) Retaliation prohibited.--
``(A) In general.--An owner or operator of a covered
chemical facility or agent thereof may not discharge an
employee or otherwise discriminate against an employee with
respect to the compensation provided to, or terms,
conditions, or privileges of the employment of, the employee
because the employee (or an individual acting pursuant to a
request of the employee) submitted a report under paragraph
(1).
``(B) Exception.--An employee shall not be entitled to the
protections under this section if the employee--
``(i) knowingly and willfully makes any false, fictitious,
or fraudulent statement or representation; or
``(ii) uses any false writing or document knowing the
writing or document contains any false, fictitious, or
fraudulent statement or entry.
``(b) Protected Disclosures.--Nothing in this title shall
be construed to limit the right of an individual to make any
disclosure--
``(1) protected or authorized under section 2302(b)(8) or
7211 of title 5, United States Code;
``(2) protected under any other Federal or State law that
shields the disclosing individual against retaliation or
discrimination for having made the disclosure in the public
interest; or
``(3) to the Special Counsel of an agency, the inspector
general of an agency, or any other employee designated by the
head of an agency to receive disclosures similar to the
disclosures described in paragraphs (1) and (2).
``(c) Publication of Rights.--The Secretary, in partnership
with industry associations and labor organizations, shall
make publicly available both physically and online the rights
that an individual who discloses information, including
security-sensitive information, regarding problems,
deficiencies, or vulnerabilities at a covered chemical
facility would have under Federal whistleblower protection
laws or this title.
``(d) Protected Information.--All information contained in
a report made under this subsection (a) shall be protected in
accordance with section 2103.
``SEC. 2106. RELATIONSHIP TO OTHER LAWS.
``(a) Other Federal Laws.--Nothing in this title shall be
construed to supersede, amend, alter, or affect any Federal
law that regulates the manufacture, distribution in commerce,
use, sale, other treatment, or disposal of chemical
substances or mixtures.
``(b) States and Political Subdivisions.--This title shall
not preclude or deny any right of any State or political
subdivision thereof to adopt or enforce any regulation,
requirement, or standard of performance with respect to
chemical facility security that is more stringent than a
regulation, requirement, or standard of performance issued
under this section, or otherwise impair any right or
jurisdiction of any State with respect to chemical facilities
within that State, unless there is an actual conflict between
this section and the law of that State.
``SEC. 2107. CFATS REGULATIONS.
``(a) General Authority.--The Secretary may, in accordance
with chapter 5 of title 5, United States Code, promulgate
regulations or amend existing CFATS regulations to implement
the provisions under this title.
``(b) Existing CFATS Regulations.--
``(1) In general.--Notwithstanding section 4(b) of the
Protecting and Securing Chemical Facilities from Terrorist
Attacks Act of 2014, each existing CFATS regulation shall
remain in effect unless the Secretary amends, consolidates,
or repeals the regulation.
``(2) Repeal.--Not later than 30 days after the date of
enactment of the Protecting and Securing Chemical Facilities
from Terrorist Attacks Act of 2014, the Secretary shall
repeal any existing CFATS regulation that the Secretary
determines is duplicative of, or conflicts with, this title.
``(c) Authority.--The Secretary shall exclusively rely upon
authority provided under this title in--
``(1) determining compliance with this title;
``(2) identifying chemicals of interest; and
``(3) determining security risk associated with a chemical
facility.
``SEC. 2108. SMALL COVERED CHEMICAL FACILITIES.
``(a) Definition.--In this section, the term `small covered
chemical facility' means a covered chemical facility that--
``(1) has fewer than 100 employees employed at the covered
chemical facility; and
``(2) is owned and operated by a small business concern (as
defined in section 3 of the Small Business Act (15 U.S.C.
632)).
``(b) Assistance to Facilities.--The Secretary may provide
guidance and, as appropriate, tools, methodologies, or
computer software, to assist small covered chemical
facilities in developing the physical security,
cybersecurity, recordkeeping, and reporting procedures
required under this title.
``(c) Report.--The Secretary shall submit to the Committee
on Homeland Security and Governmental Affairs of the Senate
and the Committee on Homeland Security of the House of
Representatives a report on best practices that may assist
small covered chemical facilities in development of physical
security best practices.
``SEC. 2109. OUTREACH TO CHEMICAL FACILITIES OF INTEREST.
``Not later than 90 days after the date of enactment of the
Protecting and Securing Chemical Facilities from Terrorist
Attacks Act of 2014, the Secretary shall establish an
outreach implementation plan, in coordination with the heads
of other appropriate Federal and State agencies, relevant
business associations, and public and private labor
organizations, to--
``(1) identify chemical facilities of interest; and
``(2) make available compliance assistance materials and
information on education and training.''.
[[Page S6486]]
(b) Clerical Amendment.--The table of contents in section
1(b) of the Homeland Security Act of 2002 (Public Law 107-
196; 116 Stat. 2135) is amended by adding at the end the
following:
``TITLE XXI--CHEMICAL FACILITY ANTI-TERRORISM STANDARDS
``Sec. 2101. Definitions.
``Sec. 2102. Chemical Facility Anti-Terrorism Standards Program.
``Sec. 2103. Protection and sharing of information.
``Sec. 2104. Civil enforcement.
``Sec. 2105. Whistleblower protections.
``Sec. 2106. Relationship to other laws.
``Sec. 2107. CFATS regulations.
``Sec. 2108. Small covered chemical facilities.
``Sec. 2109. Outreach to chemical facilities of interest.''.
SEC. 3. ASSESSMENT; REPORTS.
(a) Definitions.--In this section--
(1) the term ``Chemical Facility Anti-Terrorism Standards
Program'' means--
(A) the Chemical Facility Anti-Terrorism Standards program
initially authorized under section 550 of the Department of
Homeland Security Appropriations Act, 2007 (Public Law 109-
295; 6 U.S.C. 121 note); and
(B) the Chemical Facility Anti-Terrorism Standards Program
subsequently authorized under section 2102(a) of the Homeland
Security Act of 2002, as added by section 2;
(2) the term ``Department'' means the Department of
Homeland Security; and
(3) the term ``Secretary'' means the Secretary of Homeland
Security.
(b) Third-party Assessment.--Using amounts appropriated to
the Department before the date of enactment of this Act, the
Secretary shall commission a third-party study to assess
vulnerabilities of covered chemical facilities, as defined in
section 2101 of the Homeland Security Act of 2002 (as added
by section 2), to acts of terrorism.
(c) Reports.--
(1) Report to congress.--Not later than 18 months after the
date of enactment of this Act, the Secretary shall submit to
the Committee on Homeland Security and Governmental Affairs
of the Senate and the Committee on Homeland Security of the
House of Representatives a report on the Chemical Facility
Anti-Terrorism Standards Program that includes--
(A) a certification by the Secretary that the Secretary has
made significant progress in the identification of all
chemical facilities of interest under section 2102(e)(1) of
the Homeland Security Act of 2002, as added by section 2,
including--
(i) a description of the steps taken to achieve that
progress and the metrics used to measure the progress;
(ii) information on whether facilities that submitted Top-
Screens as a result of the identification of chemical
facilities of interest were tiered and in what tiers those
facilities were placed; and
(iii) an action plan to better identify chemical facilities
of interest and bring those facilities into compliance with
title XXI of the Homeland Security Act of 2002, as added by
section 2;
(B) a certification by the Secretary that the Secretary has
developed a risk assessment approach and corresponding
tiering methodology under section 2102(e)(2) of the Homeland
Security Act of 2002, as added by section 2;
(C) an assessment by the Secretary of the implementation by
the Department of the recommendations made by the Homeland
Security Studies and Analysis Institute as outlined in the
Institute's Tiering Methodology Peer Review (Publication
Number: RP12-22-02); and
(D) a description of best practices that may assist small
covered chemical facilities, as defined in section 2108(a) of
the Homeland Security Act of 2002, as added by section 2, in
the development of physical security best practices.
(2) Annual gao report.--
(A) In general.--During the 3-year period beginning on the
date of enactment of this Act, the Comptroller General of the
United States shall submit to Congress an annual report that
assesses the implementation of this Act and the amendments
made by this Act.
(B) Initial report.--Not later than 180 days after the date
of enactment of this Act, the Comptroller General shall
submit to Congress the first report under subparagraph (A).
(C) Second annual report.--Not later than one year from the
date of the initial report required under subparagraph (B),
the Comptroller General shall submit to Congress the second
report under subparagraph (A), which shall include an
assessment of the whistleblower protections provided under
section 2105 of the Homeland Security Act of 2002, as added
by section 2, and--
(i) describes the number and type of problems,
deficiencies, and vulnerabilities with respect to which
reports have been submitted under such section 2105;
(ii) evaluates the efforts of the Secretary in addressing
the problems, deficiencies, and vulnerabilities described in
subsection (a)(1) of such section 2105; and
(iii) evaluates the efforts of the Secretary to inform
individuals of their rights, as required under subsection (c)
of such section 2105.
(D) Third annual report.--Not later than 1 year after the
date on which the Comptroller General submits the second
report required under subparagraph (A), the Comptroller
General shall submit to Congress the third report under
subparagraph (A), which shall include an assessment of--
(i) the expedited approval program authorized under section
2102(c)(4) of the Homeland Security Act of 2002, as added by
section 2; and
(ii) the report on the expedited approval program submitted
by the Secretary under subparagraph (I)(ii) of such section
2102(c)(4).
SEC. 4. EFFECTIVE DATE; CONFORMING REPEAL.
(a) Effective Date.--This Act, and the amendments made by
this Act, shall take effect on the date that is 30 days after
the date of enactment of this Act.
(b) Conforming Repeal.--Section 550 of the Department of
Homeland Security Appropriations Act, 2007 (Public Law 109-
295; 120 Stat. 1388), is repealed as of the effective date of
this Act.
SEC. 5. TERMINATION.
The authority provided under title XXI of the Homeland
Security Act of 2002, as added by section 2(a), shall
terminate on the date that is 4 years after the effective
date of this Act.
Mrs. BOXER. Madam President, I ask unanimous consent that the
committee-reported substitute amendment be considered; the Carper-
Coburn amendment, which is at the desk, be agreed to; the committee
substitute, as amended, be agreed to; the bill, as amended, be read a
third time and the Senate proceed to vote on passage of the bill, as
amended.
The PRESIDING OFFICER. Without objection, it is so ordered.
The amendment (No. 4000) was agreed to.
(The amendment is printed in today's Record under ``Text of
Amendments.'')
The committee-reported amendment in the nature of a substitute, as
amended, was agreed to.
The amendments were ordered to be engrossed and the bill to be read a
third time.
The bill was read the third time.
The PRESIDING OFFICER. The bill having been read the third time, the
question is, Shall the bill pass?
The bill (H.R. 4007), as amended, was passed.
Mrs. BOXER. Madam President, I ask unanimous consent that the motion
to reconsider be considered made and laid upon the table with no
intervening action or debate.
The PRESIDING OFFICER. Without objection, it is so ordered.
____________________