[Senate Report 108-261]
[From the U.S. Government Publishing Office]



                                                       Calendar No. 509
108th Congress                                                   Report
                                 SENATE
 2d Session                                                     108-261

======================================================================



 
                CHEMICAL FACILITIES SECURITY ACT OF 2003

                                _______
                                

                  May 11, 2004.--Ordered to be printed

                                _______
                                

    Mr. Inhofe, from the Committee on Environment and Public Works, 
                        submitted the following

                              R E P O R T

                         [to accompany S. 994]

      [Including cost estimate of the Congressional Budget Office]

                             together with



                            ADDITIONAL VIEWS

    The Committee on Environment and Public Works, to which was 
referred a bill (S. 994) to protect human health and the 
environment from the release of hazardous substances by the 
acts of terrorism, having considered the same, reports 
favorably thereon with an amendment and recommends that the 
bill, as amended, do pass.

                    General Statement and Background

    Chemical industries are crucial components of the national 
economy and the infrastructure of the United States. A 
terrorist attack on a chemical facility could pose a serious 
threat to lives and the economy. According to a recent report 
by the United States General Accounting Office, ``experts agree 
that chemical facilities present an attractive target for 
terrorists intent on causing massive damage.''\1\ Since its 
creation, DHS has developed and begun implementing a 
comprehensive strategy for the protection of the Nation's 
infrastructure, including chemical, against a terrorist attack. 
This strategy focuses on identification of threats, 
vulnerabilities and the means to deter and prevent such 
attacks. DHS has been working closely with other Federal 
agencies, State, and local authorities (including first 
responders) to develop and implement these measures.
---------------------------------------------------------------------------
    \1\ GAO-04-482T, Homeland Security: Federal Action Needed to 
Address Security Challenges at Chemical Facilities (February 23, 2004), 
p.6.
---------------------------------------------------------------------------
    Congress has long been concerned about releases of 
hazardous chemicals from industrial facilities and has enacted 
several statutes to help prevent such releases and to improve 
preparedness and response capabilities. For example, the 
Emergency Planning and Community Right-to-Know Act (EPCRA), 
passed in 1986, contains four major requirements designed to 
help facilities and communities understand, prepare for, and 
respond to accidental releases of hazardous chemicals.\2\ The 
four requirements are emergency planning, release notification, 
hazardous chemical storage reporting, and toxics release 
reporting. The emergency planning provisions of EPCRA 
established State Emergency Response Commissions (SERCs) and 
Local Emergency Planning Commissions (LEPCs). LEPCs are 
composed of emergency responders and other local officials, and 
are required to develop emergency response plans and 
communicate these plans to the public. The EPCRA notification 
and storage reporting requirements establish thresholds and 
reporting requirements for releases and storage of certain 
extremely hazardous substances held onsite.
---------------------------------------------------------------------------
    \2\ Public Law 99-499, 42 U.S.C. 11011-11050.
---------------------------------------------------------------------------
    Additionally, the Clean Air Act Amendments of 1990 required 
the Occupational Safety and Health Administration to promulgate 
Process Safety Management (PSM) regulations that apply to 
chemical facilities.\3\ The PSM regulations increase worker 
safety by preventing or minimizing the consequences of releases 
of toxic, reactive, flammable, or explosive chemicals. The 1990 
Clean Air Act Amendments also required EPA to establish the 
Chemical Accident Prevention program under section 112(r) that 
is designed to prevent accidental releases of chemicals and 
mitigate the consequences of releases that may occur. The 
requirements of this subsection apply to stationary facilities 
at which is present more than a threshold amount of certain 
chemicals. Approximately 15,000 facilities are subject to the 
requirements. These facilities must develop risk management 
programs that include a hazard assessment of the offsite 
consequences of releases under a worst-case scenario and a more 
realistic, alternate-case scenario, a prevention program, and 
an emergency response program. Information about these programs 
must be documented in a Risk Management Plan (RMP) that is 
submitted to EPA and made available to States and local 
planning agencies, as well as to the public according to 
procedures set forth in 40 CFR 68.
---------------------------------------------------------------------------
    \3\ Public Law 101-549, 29 U.S.C. 655. The PSM rules are 29 CFR 
1910.119.
---------------------------------------------------------------------------
    While programs to protect the health and safety of workers, 
the public, and the environment by reducing the potential for 
accidental releases of potentially dangerous chemicals, 
including the consequences of worst-case releases of those 
chemicals, are in place as required by numerous Federal and 
State laws, the events of September 11, 2001 demonstrate the 
need to ensure that appropriate security measures are taken to 
address the threat of acts of terrorism against facilities that 
manufacture, use, or process potentially dangerous chemicals. 
In the period after those attacks, the President's draft 
National Strategy for Homeland Security identified 13 sectors 
as critical to the Nation's infrastructure.\4\ The chemical 
industry sector was one of those sectors. The Administration's 
final document, The National Strategy for the Physical 
Protection of Critical Infrastructures and Key Assets, 
identified the objectives and guiding principles for securing 
the infrastructure and assets of the 13 sectors.\5\ With regard 
to the chemical industry, the report, which was issued before 
the creation of the Department of Homeland Security, noted that 
``there is currently no clear, unambiguous legal or regulatory 
authority at the Federal level to help ensure comprehensive, 
uniform security standards for chemical facilities.''\6\ Since 
the creation of DHS, the department has undertaken a far-
reaching effort to address the chemical security concerns 
addressed in the report.
---------------------------------------------------------------------------
    \4\ Draft National Strategy for Homeland Security (July 2002).
    \5\ The National Strategy for the Physical Protection of Critical 
Infrastructures and Key Assets (February 2003).
    \6\ Id. at 66.
---------------------------------------------------------------------------
    The report also discussed risk reduction issues, concluding 
that ``the risk profiles of chemical plants differ tremendously 
because of differences in technologies, product mix, design, 
and processes. Therefore, no single, specific security regime 
would be appropriate or effective for all chemical 
facilities.''\7\ As a result, the report stated that the soon-
to-be-created DHS will work with Congress to enact flexible 
legislation that would ``require certain chemical facilities, 
particularly those that maintain large quantities of hazardous 
chemicals in close proximity to population centers, to 
undertake vulnerability assessments and take reasonable steps 
to reduce the vulnerabilities identified.''\8\ Consistent with 
that standard, DHS and the Administration have voiced support 
for the Inhofe bill, S. 994, as introduced.
---------------------------------------------------------------------------
    \7\ Id. at 66.
    \8\ Id. at 66.
---------------------------------------------------------------------------
    Since September 11, there have been a variety of voluntary 
industry initiatives with the intent of improving security at 
chemical facilities. The American Chemistry Council (ACC), for 
example, has adopted a security code as part of its Responsible 
Care program and requires adherence to that code as a 
condition of membership. As another example, the agriculture 
community has developed a new Security Vulnerability Assessment 
(SVA) for farm supply stores, farm cooperatives, and other 
local dealers of farm products to help safeguard crop inputs 
commonly used on farms.
    Additionally, the last Congress enacted two statutes that 
address the security of some chemical sector facilities. In the 
first half of 2002, it passed the Public Health Security and 
Bioterrorism Preparedness Act, Title IV of which requires 
larger community drinking water supply systems to conduct 
vulnerability assessments and prepare emergency response 
plans.\9\ The Maritime Transportation Security Act, passed at 
the end of the 107th Congress, imposes highly detailed 
requirements for assessments and plans at facilities adjacent 
to waters subject to U.S. jurisdiction that might be involved 
in a transportation security incident.\10\
---------------------------------------------------------------------------
    \9\ Public Law 107-188, 42 U.S.C. 300i-2.
    \10\ Public Law 107-295, 46 U.S.C. Sec. 70101-70117.
---------------------------------------------------------------------------
    Not every chemical facility, however, is covered by these 
statutes or is a member of a trade association or other 
organization with an established and effective security 
program. ``Although the chemical industry has undertaken a 
number of initiatives to address security concerns, the extent 
of security preparedness across the chemical industry is 
unknown.''\11\ Accordingly, a properly tailored Federal 
chemical security program would provide accountability across 
the sector, while also recognizing significant past and current 
activity undertaken voluntarily to enhance security and risk 
reduction measures.
---------------------------------------------------------------------------
    \11\ GAO-04-482T, Homeland Security: Federal Action Needed to 
Address Security Challenges at Chemical Facilities (February 23, 2004), 
p. 4.
---------------------------------------------------------------------------
    In March 2003, Sens. Inhofe and Miller introduced S. 994, 
the Chemical Security Act of 2003. This bill seeks to ensure 
that appropriate security measures are taken to address the 
threat of acts of terrorism against our Nation's chemical 
infrastructure.

                     Objectives of the Legislation

    S. 994 is intended to ensure that the threat of terrorist 
attack on chemical facilities is addressed quickly, 
consistently and effectively across the spectrum of U.S. 
industrial facilities that have hazardous chemicals. The 
Department of Homeland Security (DHS) is charged with 
implementing the Act.
    The Act requires the Secretary to develop a list of 
chemical sources within 180 days of enactment. A chemical 
source is a non-Federal stationary source for which the owner 
or operator is required to submit to EPA risk management plans 
(RMPs) under the accidental release prevention programs 
established under section 112(r) of the Clean Air Act. Within 1 
year of enactment, the Secretary must promulgate regulations 
covering listed chemical sources. That rulemaking would include 
requirements for each facility to conduct a vulnerability 
assessment and prepare a site security plan that addresses the 
vulnerabilities found in the assessment by improving security. 
Site security plans shall also include consideration and, where 
practicable in the judgment of the owner, implementation of 
options to reduce the threat or consequences of a terrorist 
release. Copies of the assessments and security plans must be 
submitted to the Secretary no later than 18 months after the 
date of promulgation of regulations. The Secretary is required 
to review the documents to determine whether the vulnerability 
assessments were conducted in compliance with the regulations 
and whether the security plans were prepared and are being 
implemented in compliance with the regulations.
    The Act would promote innovation and provide appropriate 
flexibility in compliance mechanisms. The Act creates an 
alternative compliance mechanism under which the Secretary can 
recognize those procedures, protocols, regulations, and 
standards that the Secretary has determined are substantially 
equivalent to the portions of the Act requiring regulations for 
vulnerability assessments and site security plans and the 
contents of the site security plans. This will allow the 
Department to focus its resources on the highest priority 
facilities. Additionally, the committee wanted to ensure 
voluntary efforts currently underway were not derailed or 
curtailed in anticipation of regulations from DHS. The Act 
contains significant penalties for violations and provides the 
Secretary with order authority to address emergency threats.

                      Section-by-Section Analysis

Section 1. Short Title
    Sets forth the short title of the bill as ``The Chemical 
Facilities Security Act of 2003.''
Sec. 2. Definitions
    Section 2 defines 12 terms for the purposes of the Act. 
Definitions include:
    ``Alternative Approaches'' means ways of reducing the 
threat of a terrorist release (making targets less attractive) 
or the consequences of a terrorist release from a chemical 
source. The definition contains a non-exhaustive list of three 
examples of such approaches: using smaller quantities of 
substances of concern, replacing a substance of concern with a 
less hazardous substance, or using less hazardous processes.
    ``Chemical Source'' is a non-Federal stationary source 
required to submit risk management plans (RMPs) to EPA (as 
defined in section 112(r) of the Clean Air Act), and for which 
the Secretary of the Department of Homeland Security is 
required to promulgate implementing regulations.
    ``Consideration'' means that a facility security plan must 
include an analysis of alternative approaches and their 
benefits, risks and costs; as well as their potential to 
prevent or reduce terrorist releases; and their affect on 
products and employee safety.
    ``Department'' means the Department of Homeland Security.
    ``Environment'' has the meaning given in section 101 of the 
Comprehensive Environmental Response, Compensation, and 
Liability Act of 1980 (CERCLA).
    ``Owner or Operator'' has the meaning given in section 
112(a) of the Clean Air Act.
    ``Release'' is as defined in section 101 of the 
Comprehensive Environmental Response, Compensation, and 
Liability Act of 1980 (CERCLA).
    ``Secretary'' is the Secretary of the Department of 
Homeland Security.
    ``Security Measure'' means an action to ensure or enhance 
the security of a chemical source, and includes measures such 
as employee training and background checks, limiting or 
preventing access to controls of the source, perimeter 
protection, installing and operating intrusion detection 
sensors, increasing computer or computer network security; 
implementing other security-related measures to protect against 
or reduce the threat of a terrorist attack or theft of a 
substance of concern for offsite release; installing measures 
and controls to protect against or reduce consequences of a 
terrorist attack; and conducting any similar security-related 
activity as determined by the Secretary.
    ``Substance of Concern'' is any regulated substance under 
paragraphs (3) and (5) of section 112(r) of the Clean Air Act, 
and any substance added by the Secretary through rulemaking.
    ``Terrorism'' has the meaning given in section 2 of the 
Homeland Security Act of 2002.
    ``Terrorist release'' means a release into the environment 
from a chemical source a substance of concern caused by an act 
of terrorism, and the theft of a substance of concern by a 
person for offsite release in furtherance of an act of 
terrorism.
Sec. 3. Vulnerability Assessments and Site Security Plans

                                SUMMARY

    Section 3 establishes the requirements for conducting 
vulnerability assessments and site security plans, including 
regulatory criteria; and provides for the recognition of 
substantively equivalent procedures and the protection of data 
and information collected in development and implementation of 
assessments and plans.
Subsection 3(a)--Requirement
    Subsection 3(a)(1)--Requires the Secretary, not later than 
1 year after enactment, to issue regulations requiring the 
owner or operator of a covered chemical source to conduct a 
vulnerability assessment and to prepare and implement a site 
security plan to address vulnerabilities.
    Subsection 3(a)(2)--Specifies the contents of a site 
security plan and establishes the standards that a site 
security plan must meet. Requires the site security plan (or 
other plan deemed substantially equivalent) to significantly 
reduce the vulnerability of the source to a terrorist release, 
including particular equipment, plans and procedures that could 
be used, as well as any alternative approaches.

                               DISCUSSION

    The committee believes that it is important to require 
owners and operators to consider the ability of alternative 
technologies to reduce the threat of a terrorist attack by 
making the source a less attractive target or by limiting the 
consequences of a successful attack. However, the committee 
also believes that judgments about alternative approaches are 
fundamentally process safety decisions that must be left to the 
process safety professionals who best understand their 
processes and facilities.
    Subsection 3(a)(3)--Specifically stipulates that within 1 
year of enactment the Secretary shall promulgate regulations 
establishing procedures, protocols, regulations, and standards 
for vulnerability assessments and site security plans.
    Subsection 3(a)(4)--Requires the Secretary, within 1 year 
of enactment, to publish guidance to assist small entities in 
complying with the alternative approaches requirements of 
section 3(a)(2).
    Subsection 3(a)(5)--Requires the Secretary to provide 
owners and operators of covered chemical sources, to the extent 
practicable, with threat information that is relevant to that 
chemical source.
    Subsection 3(a)(6)--Allows for the coordinated development 
and implementation of vulnerability assessments and site 
security plans when more than 1 chemical source is operating at 
a single or contiguous location.
Subsection 3(b)--Certification and Submission
    Subsection 3(b)(1)--Requires the owner or operator of a 
covered chemical source to certify to the Secretary compliance 
with those rules and any applicable procedure, protocol, 
regulation or standard endorsed or recognized by the Secretary.
    Subsection 3(b)(2)--Requires the owner or operator of a 
covered chemical source to submit copies of its vulnerability 
assessment and site security plan within 18 months of the date 
of promulgation of regulations for DHS review.
    Subsection 3(b)(3)--Authorizes the Secretary to ensure 
compliance with this Act, the rules under it and any applicable 
procedure, protocol, regulation or standard endorsed or 
recognized by the Secretary. This can include requiring sources 
to conduct third-party audits of compliance.

                               DISCUSSION

    The committee believes that the most effective and 
efficient way for the Secretary to assure the security of 
chemical sources, as well as their compliance with this Act, is 
by conducting inspections, coordinating with relevant State and 
local authorities, and similar field activities that address 
the highest priority sites. This will allow the Secretary and 
security experts within the department to focus their resources 
on those facilities they deem to be the highest priority.
    Subsection 3(b)(4)--Requires the owner or operator of a 
chemical source to provide notification of any changes or 
updates to the vulnerability assessments or site security plans 
within 90 days of the change and to update its certification.
Subsection 3(c)--Specified Standards
    Subsection 3(c)(1)--Authorizes the Secretary to endorse or 
recognize existing procedures, protocols, regulations, or 
standards established by industry, State or local authorities 
or other law, that are substantially equivalent to the 
requirements of the Act.

                               DISCUSSION

    The committee recognizes that several business sectors have 
already committed considerable resources to developing security 
initiatives tailored to their specific sector. Many facilities 
have already implemented these initiatives and many more will 
likely have been completed by the time the Secretary issues the 
regulations pursuant to this Act. Accordingly, this subsection 
provides an ``alternative compliance'' mechanism whereby an 
association or an individual facility may seek the Secretary's 
determination that the initiative is substantially equivalent 
to the requirements of this Act. By allowing this mechanism, 
the committee wanted to ensure that no disincentives to 
continue these voluntary initiatives were inadvertently 
created.
    Similarly, other Federal, State, and local entities may 
establish facility security requirements that are equivalent to 
those established by this Act.
    Subsection 3(c)(2)--Requires the Secretary to provide the 
petitioner with notice of a finding that such procedures, 
regulations or standards are substantially equivalent to the 
regulations promulgated.
    Subsection 3(c)(3)--Requires the Secretary to provide the 
petitioner with notice that such procedures, protocols, 
regulations, or standards are not recognized or endorsed. The 
Secretary must provide the petitioner a clear, written 
explanation as to why the endorsement of recognition was not 
made.
    Subsection 3(d)--Preparation of Assessments and Plans--
Clarifies that endorsement or recognition under subsection (c) 
has effect not only prospectively after the Act is enacted but 
retroactively, as well. Also clarifies that upon such action, 
the requirements of the approved procedures, protocols, 
regulations, or standards, rather than the regulations required 
by the Act, become obligations--legally enforceable by the 
Secretary--of any facility that opts to proceed on that basis.
    Subsection 3(e)--Regulatory Criteria--Establishes 
regulatory criteria for regulations promulgated pursuant to the 
Act and endorsed/recognized procedures, protocols or standards. 
In evaluating both, the Secretary must consider the likelihood 
that a chemical source will be a target; the nature and 
quantity of substances of concern present; and the potential 
for harm or adverse effect to human health and the environment, 
critical infrastructures, and national security. Cost, 
technical feasibility and scale of operations must also be 
considered, as well as any other security-related factors that 
the Secretary determines to be appropriate.
    Subsection 3(f)--List of Chemical Sources--Not later than 
180 days after the date of enactment, the Secretary must 
develop a list of chemical sources in existence as of that date 
using the criteria in subsection (e). The Secretary must 
evaluate the list no later than 3 years after promulgation of 
regulations and every 3 years thereafter to determine if 
additional facilities should be added to the list of chemical 
sources, as well as to determine if any source already on the 
list no longer presents a sufficient risk and should be 
removed.
    Subsection 3(g)--Designation, Exemption, and Adjustment of 
Threshold Quantities of Substances of Concern--Gives the 
Secretary the authority to designate or exempt chemical 
substances in certain threshold quantities as substances of 
concern, as well as adjust those threshold quantities.
    Subsection 3(h)--Five-Year Review--Requires the owner or 
operator, within 5 years of the initial certification and every 
5 years thereafter, to review the adequacy of its vulnerability 
assessment and site security plan. Owners or operators must 
certify that the review has been done and submit to the 
Secretary any changes to either the assessment or the plan.
    Subsection 3(i)--Protection of Information--Generally 
exempts materials and information developed or produced 
exclusively for, contained in, or derived from the development 
of vulnerability assessments and site security plans from 
disclosure under the Federal Freedom of Information Act, as 
well as State and local open records laws. This does not, 
however, affect the treatment of information from chemical 
sources under any other law.

                               DISCUSSION

    The committee recognizes that information regarding the 
vulnerability of a source to terrorism, and the countermeasures 
adopted to reduce that vulnerability, is among the most 
sensitive that any private facility can generate. The committee 
also recognizes the need for the public to know whether a local 
facility has complied with the law; therefore, the protections 
do not apply to certifications filed under this Act and to 
information that is otherwise obtainable under any other law. 
This subsection also respects the needs of State and local 
governments to obtain information that they need to coordinate 
with the Federal Government and facilities, by enabling State 
and local officials designated by the Secretary to obtain 
protected information, without concern that they might have to 
disclose it under their own laws or ordinances.
    The committee is also aware of the need for Congress to 
have access to vulnerability assessment and site security plan 
information in order to conduct Congress' oversight function.
    Subsection 3(i)(1)--Except with respect to certifications 
specified in subsections (b)(1)(A) and (h)(2)(A), vulnerability 
assessments and site security plans obtained in accordance with 
this Act, as well as materials developed or produced in 
preparation of those documents, are exempt from disclosure 
under the Freedom of Information Act and any State or local law 
providing for public access to information.
    Subsection 3(i)(2)--Ensures that the handling, treatment or 
disclosure of information otherwise obtainable under any other 
law is unaffected by this subsection.
    Subsection 3(i)(3)--Requires the Secretary, in consultation 
with the Director of the Office of Management and Budget and 
other appropriate law enforcement and intelligence officials, 
to develop protocols limiting the disclosure of information 
obtained and provided to the Secretary under this Act. This 
includes maintaining the information in a secure location and 
allowing access only to those individuals designated by the 
Secretary or those entitled to the information.
    Subsection 3(i)(4)--Provides for the disclosure of 
sensitive information sought through discovery or to be 
introduced into evidence to be provided under seal to a Federal 
or State civil or administrative court. The court cannot 
disclose the information to any person until it determines that 
the disclosure does not post a threat to public security or 
endanger the life or safety of any person.
    Subsection 3(i)(5)--Provides for penalties for a person 
designated by the Secretary who knowingly or recklessly 
discloses protected information.
Sec. 4. Enforcement
    Subsection 4(a) Failure to Comply--Authorizes the Secretary 
to order certification and submission of vulnerability 
assessments or site security plans if an owner or operators 
fails to do so.
    Subsection 4(b) Disapproval--Authorizes the Secretary to 
disapprove a submitted vulnerability assessment or site 
security plan that does not comply with regulations or the site 
security plan is insufficient to address the vulnerabilities 
found by the assessment or a threat of a terrorist release not 
identified in the assessment.
    Subsection 4(c) Compliance--Requires the Secretary to 
provide an owner or operator a clear written notification if a 
vulnerability assessment or site security plan is disapproved, 
including specific deficiencies. The Secretary must then 
consult with the owner or operator to identify steps to achieve 
compliance. If after consultation, compliance is still not 
achieved, the Secretary may issue an order to compel correction 
of specified deficiencies.
    Subsection 4(d) Emergency Powers--Authorizes the Secretary 
to bring a civil action or issue an administrative order to 
compel action in the case of an ``emergency threat.''
    Subsection 4(d)(1)--Defines an ``emergency threat'' as one 
that could result in the likelihood of an immediate terrorist 
release or release that is beyond the scope of the site 
security plan or would not be appropriately addressed in a 
timely manner.
    Subsection 4(d)(2)--Allows the Secretary to bring a civil 
action to compel covered sources to take actions to respond to 
the identified emergency threat. Secretary must give notice to 
the covered source and an opportunity to participate in any 
proceedings relating to the civil action.
    Subsection 4(d)(3)--Allows the Secretary to issue orders to 
handle an emergency threat if it is not practicable that a 
civil action will adequately address it and such action is 
necessary to ensure public safety. The Secretary must consult 
with State and local law enforcement officials and verify 
information on which the need for action is based. The order 
will remain effective for 60 days with an option, by civil 
action, to extend it by 14 days or such longer period as the 
court authorizes.
    Subsection 4(e)--Exempts orders or disapprovals from 
disclosure under Federal, State and local public open 
information laws, except if in a Federal or State civil or 
administrative proceeding.
Sec. 5. Interagency Technical Support and Cooperation
    Section 5 provides the Secretary the ability to request and 
provide reimbursement for technical and analytical assistance 
from other Federal agencies.
Sec. 6. Recordkeeping; Site Inspections; Production of Information
    Section 6 requires a chemical source to keep current copies 
of its assessment and security plan onsite. The section also 
establishes authority for the Secretary, in carrying out the 
Act, to enter or request information from a chemical source and 
issue an administrative order requiring compliance with these 
requirements.
Sec. 7. Penalties
    Subsection 7(a)--Subjects an owner or operator that does 
not comply with an order under this Act, or with its plan, to 
injunctive relief and civil penalties.
    Subsection 7(b)--Authorizes administrative penalties and 
prescribes procedures to be followed, including notice and an 
opportunity to request a hearing.
    Subsection 7(c)--Provides that, in proceedings under this 
section, protected information shall be treated as if it were 
classified.

                               DISCUSSION

    It is the committee's understanding that nothing in this 
Act affects the handling, treatment, or disclosure of 
information obtained from chemical sources under any other law. 
It is not the committee's intent to make the determination 
whether any material collected solely under this Act should or 
should not be classified. However, the committee recognizes 
that the Executive Branch may, in the interest of national 
security, require a specific degree of protection against 
unauthorized disclosure of sensitive information. It is also 
the intention of the committee to continue to work in a 
bipartisan manner to ensure that information gathered pursuant 
to S.994 is properly protected.
Sec. 8. Provision of Training
    Section 8 authorizes the Secretary to provide training to 
State and local officials and owners and operators.
Sec. 9. Judicial Review
    Section 9 provides rules governing judicial review of 
regulations and other final agency department orders or other 
action issued by the Secretary under this Act.
Sec. 10. No Effect on Requirements Under Other Law
    Subsection 10(a)--Provides that this Act does not affect 
any duties or requirements under other Federal or State laws, 
except those relating to protection of information.
    Subsection 10(b)--Provides for an alternative to section 
3(c) for a chemical source required to prepare a vulnerability 
assessment and security plan under another Federal law. Under 
this alternative, the source may petition the Secretary to be 
subject in all respects to the other law in lieu of this Act. 
The Secretary may grant such a petition if the Secretary finds 
that the other Federal law is substantially equivalent to this 
Act.
Sec. 11. Agricultural Business Security Grant Program
    Section 11 establishes and authorizes appropriations for a 
grant program to assist small agricultural retail or production 
businesses in improving security. The Secretary, in 
consultation with the Small Business Administration and the 
Agriculture Department, would define small businesses on a 
location-by-location basis.

                          Legislative History

    S. 994, the Chemical Facilities Security Act of 2003, was 
introduced on May 5, 2003 by Senators Inhofe and Miller and it 
was referred to the Committee on Environment and Public Works. 
The full Committee on Environment and Public Works met on 
October 23, 2003 to consider S. 994, and ordered it favorably 
reported to the Senate with an amendment in the nature of a 
substitute.

                             Rollcall Votes

    No rollcall votes were held on S. 994. At its business 
meeting held on October 23, 2003, the committee agreed, by 
voice vote, to an amendment in the nature of a substitute 
offered by Senator Inhofe. Amendments by Senators Carper, 
Jeffords, and Clinton were offered, but defeated on voice 
votes. The Committee on Environment and Public Works ordered S. 
994 to be reported to the Senate, as amended, by voice vote.

                      Regulatory Impact Statement

    In compliance with section 11(b) of rule XXVI of the 
Standing Rules of the Senate, the committee makes evaluation of 
the regulatory impact of the reported bill. The bill does not 
create any additional regulatory burdens, nor will it cause any 
adverse impact on the personal privacy of individuals.

                          Mandates Assessment

    In compliance with the Unfunded Mandates Reform Act of 1995 
(Public Law 104-4), the committee finds that S. 994 would not 
impose any Federal intergovernmental unfunded mandates on 
State, local, or tribal governments. The bill includes 
regulatory requirements for covered chemical sources.

                          Cost of Legislation

    Section 403 of the Congressional Budget and Impoundment 
Control Act requires that a statement of the cost of the 
reported bill, prepared by the Congressional Budget Office, be 
included in the report. That statement follows.
    In response to the following cost estimate, the committee 
recognizes the difficulties that the Congressional Budget 
Office and the Department of Homeland Security experienced in 
preparing cost estimates for programs in a newly created 
Agency. However, the committee believes that the cost estimate 
prepared for S. 994 by the Congressional Budget Office may be 
too high. For example, DHS estimated that it would require $20 
million to construct facilities to store the information 
required under this bill. While the bill does require that 
information provided to DHS be stored in a secure location, it 
is likely that DHS will need to construct secure storage 
facilities in absence of this legislation. Therefore, the 
committee does not believe it is reasonable to attribute the 
entire $20 million in potential construction costs to S. 994, 
given that the maximum potential universe of documents 
resulting from S. 994 is approximately 15,000. Also, it is 
unclear at what level the authorized agricultural security 
grant program will be funded. The committee does not expect 
this cost to be as high as $90 million since no such 
authorizing cap was put into S. 994.

                                     U.S. Congress,
                               Congressional Budget Office,
                                      Washington, DC, May 10, 2004.

Hon. James M. Inhofe, Chairman,
Committee on Environment and Public Works,
U.S. Senate, Washington, DC.

    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for S. 994, the Chemical 
Facilities Security Act of 2003.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contacts are Susanne S. 
Mehlman (for Federal costs), who can be reached at 226-2860, 
Melissa Merrell (for the state and local impact), who can be 
reached at 225-3220, and Selena Caldera (for the private sector 
impact), who can be reached at 226-2940.
            Sincerely,
                                        Douglas Holtz-Eakin
S. 994, Chemical Facilities Security Act of 2003, as ordered reported 
        by the Senate Committee on Environment and Public Works on 
        October 23, 2003
Summary
    S. 994 would require the Department of Homeland Security 
(DAIS) to develop regulations designed to increase security at 
facilities vulnerable to unauthorized releases of hazardous 
chemicals. The regulations would require owners and operators 
of those facilities to perform vulnerability assessments and to 
establish site security plans. DHS also would be responsible 
for reviewing such assessments and security plans and ensuring 
that they are in compliance with the regulations it 
establishes. In addition, DHS would be responsible for 
maintaining the site information it receives in a secure 
location. Finally, S. 994 would establish a grant program to 
improve the security of facilities at agricultural retail and 
production businesses that handle hazardous chemicals.
    CBO estimates that implementing S. 994 would cost $216 
million over the next 5 years, assuming appropriation of the 
necessary amounts. Of this amount, we estimate that $126 
million would be used by DHS to develop the required 
regulations, maintain chemical facilities site information, and 
enforce the bill's new requirements; and that $90 million would 
be used by DHS to provide grants to improve security at 
agricultural businesses that produce or sell hazardous 
chemicals (such as fertilizer). Enacting S. 994 could affect 
direct spending and receipts because the bill would provide for 
civil and criminal penalties against owners and operators of 
chemical facilities who fail to comply with the bill's 
requirements. However, CBO estimates that any collections for 
such civil and criminal penalties would not be significant.
    Section 4 of the Unfunded Mandates Reform Act (UMRA) 
excludes from the application of that act any legislative 
provisions that are necessary for national security. CBO has 
determined that section 4(d) of the Chemical Security Act, 
which provides emergency authority to the Secretary of Homeland 
Security based on threat of a terrorist attack on a chemical 
storage facility, falls under that exclusion and has not 
reviewed it for intergovernmental or private-sector mandates.
    The remaining sections of S. 994 contain intergovernmental 
and private-sector mandates by requiring the owners and 
operators of certain facilities to undertake measures to 
protect against the unauthorized release of chemical 
substances. Because several of the mandates are dependent upon 
future actions of the Department of Homeland Security for which 
information currently is not available, CEO cannot determine 
whether the costs of those mandates will exceed the annual 
thresholds established in UMRA ($60 million for 
intergovernmental mandates and $120 million for private-sector 
mandates in 2004, adjusted annually for inflation).

Estimated Cost to the Federal Government
    The estimated budgetary impact of S. 994 is shown in the 
following table. For this estimate, CBO assumes that the 
necessary amounts will be appropriated for each year and that 
outlays will follow historical spending patterns for similar 
activities. The costs of this legislation fall within budget 
function 450 (community and regional development) and 750 
(administration of justice).

Basis of Estimate
    For this estimate, CBO assumes that S. 994 will be enacted 
near the beginning of fiscal year 2005, and that amounts 
necessary to implement the bill will be provided for each year.
    According to DHS, 4,000 chemical plants and storage sites 
handle hazardous chemicals that could be vulnerable to 
unauthorized releases of hazardous materials from terrorist 
attacks, and such sites would be covered under the bill's 
provisions, DHS has ongoing efforts to improve the safety and 
security of those chemical facilities. In 2004, about $39 
million was allocated for such activities, including developing 
guidelines for vulnerability assessments, conducting risk 
analyses at various sites, and providing training for preparing 
protection plans at high risk-sites.


                                     By Fiscal Year, in Millions of Dollars
----------------------------------------------------------------------------------------------------------------
                                                                   2004    2005    2006    2007    2008    2009
----------------------------------------------------------------------------------------------------------------
                SPENDING SUBJECT TO APPROPRIATION
DHS Spending on Security at Chemical Sites Under Current Law:
    Budget Authority\1\.........................................      39       0       0       0       0       0
      Estimated Outlays.........................................      25      11       3       0       0       0

                        Proposed Changes

    Regulation Development, Review of Vulnerability Assessments
     and Site Security Plans:
        Estimated Authorization Level...........................       0      20      20      20      20      20
        Estimated Outlays.......................................       0      18      20      20      20      20

Maintenance of Site Information:
    Estimated Authorization Level...............................       0      20       2       2       2       2
    Estimated Outlays...........................................       0      13       8       3       2       2

Grants to Agricultural Businesses:
    Estimated Authorization Level...............................       0      20      20      20      20      20
    Estimated Outlays...........................................       0      10      20      20      20      20

Total Proposed Changes:
    Authorization Level.........................................       0      60      42      42      42      42
    Estimated Outlays...........................................       0      41      48      43      42      42

DHS Spending on Security at Chemical Sites Under S. 994
    Estimated Authorization Level\1\............................      39      60      42      42      42      42
    Estimated Outlays...........................................      25      52      45      43      42      42
----------------------------------------------------------------------------------------------------------------
\1\The 2004 level is the amount appropriated for DHS to address security issue; at chemical facilities in that
  year.

    CBO expects that S. 994 would require DHS to more formally 
establish protocols for improving security and safety measures 
at chemical facilities by requiring the department to develop 
security regulations for chemical plants, review vulnerability 
assessments and site security plans prepared by plant 
operators, and maintain such information in a secure 
environment. CBO estimates that implementing those provisions 
would cost $126 million over the 2005-2009 period, assuming the 
appropriation of the necessary amounts. Such spending would 
fund additional personnel, travel expenses, contract support 
services, and construction costs for a secure building to house 
site information. In addition, the bill would authorize 
whatever amounts are necessary for grants to certain 
agricultural businesses to improve the security of hazardous 
chemicals produced or marketed by such businesses.
    Based on information from DHS, CBO estimates that, over the 
next 5 years, efforts to support the development of regulations 
and review of vulnerability assessments and site security plans 
(which includes site visits) would require about 150 staff-
years at a cost of about $20 million each year. In addition, 
CBO estimates that DHS would require about $20 million in 2005 
to construct facilities to store the site information received 
in a secure environment and to provide funding for information 
technology and support services for tracking such information. 
In subsequent years, CBO estimates that DHS would require about 
$2 million to provide ongoing support to maintaining the site 
information.
    Because those prosecuted and convicted for violation of the 
provisions of S. 994 could be subject to criminal fines, the 
Federal Government might collect additional fines if the 
legislation is enacted. Collections of such fines are recorded 
in the budget as governmental receipts (revenues), which are 
deposited in the Crime Victims Fund and later spent. Civil 
penalties for violations could also be imposed under the bill, 
and such collections are recorded in the budget as governmental 
receipts. In recent years, the Environmental Protection Agency 
has imposed fines on firms handling hazardous chemicals for 
violations of the Clear Air Act totaling up to $1 million or $2 
million a year. Consequently, CBO expects that the amount of 
additional fines collected under this bill would be 
insignificant.
    While most of the provisions in this bill would affect 
DHS's overall role in addressing security matters at about 
4,000 chemical sites, this legislation also includes a 
provision that targets specific types of businesses that mostly 
sell chemicals to the agricultural sector. Section 11 of S. 994 
would establish and authorize appropriations for a grant 
program to assist such small businesses in making security 
improvements.
    According to the Agricultural Retailers Association, there 
are about 6,000 retail suppliers of agricultural chemicals and 
fertilizers who would be eligible to receive grants under the 
bill. In addition, this association expects that many of those 
business could use tens of thousands of dollars to improve 
security and to protect against potential terrorist attacks. 
Assuming that DHS would attempt to provide grants to as many 
businesses as possible, CBO estimates that individual grants 
could range from $10,000 to $50,000, depending on the size of 
the business. For this estimate, CBO assumes that $100 million 
would be appropriated over the next 5 years for the majority of 
eligible businesses to receive assistance.
Intergovernmental and Private-Sector Impact
    Section 4 of the Unfunded Mandates Reform Act excludes from 
the application of that act any legislative provisions that are 
necessary for national security. CBO has determined that 
section 4(d) of the Chemical Security Act, which provides 
emergency authority to the Secretary of Homeland Security based 
on threat of a terrorist attack on a chemical storage facility, 
falls under that exclusion and has not reviewed it for 
intergovernmental or private-sector mandates.
    The remaining sections of the bill contain 
intergovernmental and private-sector mandates as defined in 
UMRA because it would require owners and operators of certain 
chemical facilities to undertake specific measures to protect 
against terrorist attacks, criminal acts, or other categories 
of chemical releases, based on regulations to be developed by 
DHS. Because the facilities would be selected from about 4,000 
public and private entities (including public water utilities 
and firms in the chemical industry), the bill could impose both 
intergovernmental and private-sector mandates as defined in 
UMRA. It also would preempt State and local authority, an 
intergovernmental mandate, by exempting those plans and 
documents from State and local laws that provide public access 
to information.
    Specifically, S. 994 would require that owners and 
operators of affected facilities conduct an assessment of the 
vulnerability of their facility, identify the hazards that may 
result from a substance's release and develop and implement a 
site security plan to prevent those releases. CBO has been 
unable to determine whether, and to what extent, DHS would 
grant owners and operators flexibility in developing and 
implementing the plans and in choosing to upgrade security, to 
redesign the manufacturing, refinement, or treatment processes 
that occur at the facility, or to substitute the materials used 
in their chemical processes. S. 994 would further require that 
owners and operators certify completion of both the assessment 
and plan, submit copies to DHS, maintain records at the 
facility, and complete a periodic review of the assessment and 
plan.
    According to government and industry representatives, a 
substantial number of the facilities potentially affected by 
the bill's provisions are actively engaged in activities 
similar to those that would be required under S. 994. Such 
facilities are acting either in response to the terrorist 
attacks of September 11, 2001, as a condition of membership 
with chemical industry associations or to comply with the 
Public Health Security and Bioterrorism Preparedness and 
Response Act of 2002. If DHS determines that the efforts of 
such facilities would satisfy the requirements of the bill, CBO 
expects that those mandates would impose little additional 
costs on those facilities. However, if DHS uses its authority 
under the bill to require that owners and operators incorporate 
the more costly measures of process redesign or material 
substitution to mitigate the threat of a chemical release, 
those mandates would impose significant costs on facility 
owners. Because we have no basis for predicting what 
regulations DHS would issue, CBO cannot determine whether the 
costs of those mandates would exceed the thresholds established 
in UMRA ($60 million for intergovernmental mandates and $120 
million for private-sector mandates in 2004, adjusted annually 
for inflation).

Estimate Prepared By: Federal Costs: Susanne S. Mehlman (226-
2860); Impact on State, Local, and Tribal Governments: Melissa 
Merrell (225-3220); Impact on the Private Sector: Selena 
Caldera (226-2940).

Estimate Approved By: Peter H. Fontaine. Deputy Assistant 
Director for Budget Analysis.

                        Changes in Existing Law

    Section 12 of rule XXVI of the Standing Rules of the 
Senate, provides that reports to the Senate should show changes 
in existing law made by the bill as reported. Passage of this 
bill will make no changes to existing law.
   ADDITIONAL VIEWS OF SENATORS JEFFORDS, BOXER, CLINTON, CARPER AND 
                               LIEBERMAN

    We look forward to continuing to work with Senator Inhofe 
in a tri-partisan fashion to craft legislation that would 
effectively reduce the potential threat of, and consequences 
from, a terrorist attack at a chemical facility. Security 
experts have identified chemical facilities as particularly 
attractive terrorist targets. The Department of Homeland 
Security (DHS) estimates that there are over 4,000 chemical 
sites in the United States that, if attacked, could affect 
populations of 1,000 or more. The chemical industry has 
submitted data to the U.S. Environmental Protection Agency 
using a different methodology indicating that a ``worst case'' 
release of toxic chemicals could threaten more than one million 
people at each of 123 facilities spread across 24 States.
    We appreciate that Senator Inhofe included some of our 
suggestions in the revised version of S. 994 at markup. 
However, in our view, the bill needs further improvement to 
ensure sufficient accountability, guard against undue industry 
self-regulation and correct various implementation concerns. 
The heart of the bill is the requirement that chemical 
facilities conduct vulnerability assessments and implement 
security plans. DHS's evaluation and approval of these 
documents is necessary to help identify those facilities with 
unique vulnerabilities that need compliance assistance and to 
enable DHS to recognize best practices that it can share with 
the rest of the industry. Communities near chemical facilities 
should also be able to obtain some reassurance from DHS that 
the facility in their neighborhood has taken appropriate 
measures to protect their home town.
    From our perspective, one of the most important provisions 
of this bill is the requirement that facilities consider 
``alternative approaches'' when developing their security 
plans. For example, in the weeks following the September 11 
attacks, Washington, DC's sewage treatment plant was able to 
stop using chlorine and switch to safer chemicals instead. 
Similarly, many petroleum refineries have switched from 
hydrofluoric acid to the much safer sulfuric acid. By reducing 
inherent hazards, such changes provide a more certain means of 
protecting communities from a potential catastrophic chemical 
release than physical security alone. We believe it is 
important that the Federal Government ensure that facilities 
consider, and use, inherently safer technologies when 
practicable. The use of safer, alternative approaches is the 
key to preventing and mitigating adverse effects from terrorist 
attacks.
    The provisions providing for endorsement of existing 
industry security programs need to be clarified. The bill 
allows any person to petition DHS to endorse certain 
procedures, protocols, or standards, and empowers DHS to 
endorse such standards. The effect of the endorsement, which is 
only limited by the undefined requirement that the procedures, 
protocols or standards in question be ``substantially 
equivalent'' to the requirements of the Act, is that facilities 
could opt to meet endorsed standards instead of DHS 
regulations.
    While we were glad that language strengthening this 
provision was added in committee, several concerns remain. 
First, the petition process appears to be informal, and thus 
not subject to the public participation and judicial review 
that would accompany a standard rulemaking process. This could 
undermine the effectiveness of the law.
    In addition, the term ``substantially equivalent'' is 
undefined in the Act. Because this is the only standard that 
industry procedures, protocols and standards would need to meet 
to win DHS endorsement, it is critical that its meaning be 
clear. In making determinations of ``substantial equivalence,'' 
DHS should ensure that the industry standard includes all major 
aspects of the Federal program, including the requirement to 
consider as defined by the Act and, where practical, implement 
alternative approaches.
    The committee has not substantively reviewed any of the 
existing industry standards, including the American Chemistry 
Council's Responsible Care program or the agricultural 
retailer's Security Vulnerability Assessment program that are 
mentioned in the report, and offers no opinion on whether these 
programs should be considered ``substantially equivalent.'' 
However, it appears that neither program includes a requirement 
to consider alternative approaches in the same manner as 
required under the Act.
    We also are concerned that S. 994 would exempt Federal 
facilities from its requirements. As such, Federal facilities 
would not have to take steps to prevent against terrorist 
attacks or their effects, only nonFederal facilities would be 
required to take such steps. The language of the bill exempts 
these facilities based on who owns them, not on the type of 
facility. Yet a Federal facility can be many things, a 
wastewater treatment facility, a power plant or a pesticide 
storage facility for a national park. The facility faces the 
same challenges whether it is privately owned or a Federal 
facility. Further, Federal facilities already fall under many 
of our environmental, public health and security laws, such as 
the Clean Air Act, Superfund, the National Environmental Policy 
Act, the Federal Facilities Compliance Act, and more. There is 
no reason to exclude them from our chemical security or anti-
terror efforts. As we work to ensure a secure homeland, we 
cannot ignore the important role of Federal facilities.
    As written, S. 994 contains a loophole that could result in 
any information in a judicial proceeding being label as 
``classified.'' Because of the breadth of the bill's language, 
this provision could prohibit the disclosure of any information 
obtained under or pursuant to this Act, even if it had been 
obtained for other, lawful purposes, such as toxic release and 
air emissions data. Furthermore, the bill's language could 
result in the owner/operator's self-certification that he has 
complied with the program, which is derived from information 
submitted under this Act, as being treated as ``classified.'' 
This broadly written standard is also inconsistent with other 
provisions of the bill, which explicitly allow the 
dissemination of information gathered pursuant to any other law 
or regulation, even if it is included within a chemical 
security plan or assessment. It is our view that it would be 
inappropriate to categorize information obtained hereunder as 
``classified'' merely because a judicial proceeding ensues.
    We are also concerned about a number of additional issues. 
For example, the enforcement provisions of S. 994 need to be 
improved to provide the same criminal sanctions for private 
sector chemical workers that knowingly disclose sensitive 
information as for Federal workers who commit the same offense. 
Criminal penalties for non-compliance are standard features of 
many laws under the jurisdiction of this committee, and should 
also apply to those who refuse to take the necessary steps to 
reduce the threat of a successful terrorist attack. DHS also 
should be required to leverage its resources by consulting with 
other agencies with relevant technical expertise. In this 
context, the prohibition on such agencies performing field work 
should be eliminated. Finally, we urge DHS to consider a full 
range of security risks in developing regulations for security 
plans, including armed intruders, and to require professional, 
trained guards and regular testing of security systems.
    We look forward to working with Senator Inhofe to resolve 
these concerns to move forward expeditiously with legislation 
that will enhance the security of America's chemical 
infrastructure.


                                
