[House Report 111-313]
[From the U.S. Government Publishing Office]


111th Congress                                                   Report
                        HOUSE OF REPRESENTATIVES
 1st Session                                                    111-313

======================================================================



 
               DRINKING WATER SYSTEM SECURITY ACT OF 2009

                                _______
                                

October 23, 2009.--Committed to the Committee of the Whole House on the 
              State of the Union and ordered to be printed

                                _______
                                

 Mr. Waxman, from the Committee on Energy and Commerce, submitted the 
                               following

                              R E P O R T

                             together with

                            DISSENTING VIEWS

                        [To accompany H.R. 3258]

      [Including cost estimate of the Congressional Budget Office]

    The Committee on Energy and Commerce, to whom was referred 
the bill (H.R. 3258) to amend the Safe Drinking Water Act to 
enhance the security of the public water systems of the United 
States, having considered the same, report favorably thereon 
with an amendment and recommend that the bill as amended do 
pass.

                                CONTENTS

                                                                   Page
Amendment........................................................     2
Purpose and Summary..............................................    11
Background and Need for Legislation..............................    11
Legislative History..............................................    12
Committee Consideration..........................................    12
Committee Votes..................................................    13
Committee Oversight Findings and Recommendations.................    13
New Budget Authority, Entitlement Authority, and Tax Expenditures    13
Statement of General Performance Goals and Objectives............    13
Constitutional Authority Statement...............................    14
Earmarks and Tax and Tariff Benefits.............................    14
Advisory Committee Statement.....................................    14
Applicability of Law to Legislative Branch.......................    14
Federal Mandates Statement.......................................    15
Committee Cost Estimate..........................................    15
Congressional Budget Office Estimate.............................    15
Section-by-Section Analysis of the Legislation...................    18
Changes in Existing Law Made by the Bill, as Reported............    25
Dissenting Views.................................................    44

                               Amendment

    The amendment is as follows:
  Strike all after the enacting clause and insert the 
following:

SECTION 1. SHORT TITLE.

  This Act may be cited as the ``Drinking Water System Security Act of 
2009''.

SEC. 2. INTENTIONAL ACTS AFFECTING THE SECURITY OF COVERED WATER 
                    SYSTEMS.

  (a) Amendment of Safe Drinking Water Act.--Section 1433 of the Safe 
Drinking Water Act (42 U.S.C. 300i-2) is amended to read as follows:

``SEC. 1433. INTENTIONAL ACTS.

  ``(a) Risk-Based Performance Standards; Vulnerability Assessments; 
Site Security Plans; Emergency Response Plans.--
          ``(1) In general.--The Administrator shall issue 
        regulations--
                  ``(A) establishing risk-based performance standards 
                for the security of covered water systems; and
                  ``(B) establishing requirements and deadlines for 
                each covered water system--
                          ``(i) to conduct a vulnerability assessment 
                        or, if the system already has a vulnerability 
                        assessment, to revise the assessment to be in 
                        accordance with this section;
                          ``(ii) to update the vulnerability assessment 
                        not less than every 5 years and promptly after 
                        any change at the system that could cause the 
                        reassignment of the system to a different risk-
                        based tier under subsection (d);
                          ``(iii) to develop, implement, and, as 
                        appropriate, revise a site security plan not 
                        less than every 5 years and promptly after a 
                        revision to the vulnerability assessment;
                          ``(iv) to develop an emergency response plan 
                        (or, if the system has already developed an 
                        emergency response plan, to revise the plan to 
                        be in accordance with this section) and revise 
                        the plan not less than every 5 years 
                        thereafter; and
                          ``(v) to provide annual training to employees 
                        and contractor employees of covered water 
                        systems on implementing site security plans and 
                        emergency response plans.
          ``(2) Covered water systems.--For purposes of this section, 
        the term `covered water system' means a public water system 
        that--
                  ``(A) is a community water system serving a 
                population greater than 3,300; or
                  ``(B) in the discretion of the Administrator, 
                presents a security risk making regulation under this 
                section appropriate.
          ``(3) Consultation with state authorities.--In developing and 
        carrying out the regulations under paragraph (1), the 
        Administrator shall consult with States exercising primary 
        enforcement responsibility for public water systems.
          ``(4) Consultation with other persons.--In developing and 
        carrying out the regulations under paragraph (1), the 
        Administrator shall consult with the Secretary of Homeland 
        Security, and, as appropriate, other persons regarding--
                  ``(A) provision of threat-related and other baseline 
                information to covered water systems;
                  ``(B) designation of substances of concern;
                  ``(C) development of risk-based performance 
                standards;
                  ``(D) establishment of risk-based tiers and process 
                for the assignment of covered water systems to risk-
                based tiers;
                  ``(E) process for the development and evaluation of 
                vulnerability assessments, site security plans, and 
                emergency response plans;
                  ``(F) treatment of protected information;
                  ``(G) security at co-managed drinking water and 
                wastewater facilities; and
                  ``(H) such other matters as the Administrator 
                determines necessary.
          ``(5) Substances of concern.--For purposes of this section, 
        the Administrator, in consultation with the Secretary of 
        Homeland Security--
                  ``(A) may designate any chemical substance as a 
                substance of concern;
                  ``(B) at the time any substance is designated 
                pursuant to subparagraph (A), shall establish by rule a 
                threshold quantity for the release or theft of the 
                substance, taking into account the toxicity, 
                reactivity, volatility, dispersability, combustibility, 
                and flammability of the substance and the amount of the 
                substance that, as a result of a release, is known to 
                cause or may be reasonably anticipated to cause death, 
                injury, or serious adverse effects to human health or 
                the environment; and
                  ``(C) in making such a designation, shall take into 
                account appendix A to part 27 of title 6, Code of 
                Federal Regulations (or any successor regulations).
          ``(6) Baseline information.--The Administrator, after 
        consultation with appropriate departments and agencies of the 
        Federal Government and with State, local, and tribal 
        governments, shall, for purposes of facilitating compliance 
        with the requirements of this section, promptly after the 
        effective date of the regulations under subsection (a)(1) and 
        as appropriate thereafter, provide baseline information to 
        covered water systems regarding which kinds of intentional acts 
        are the probable threats to--
                  ``(A) substantially disrupt the ability of the system 
                to provide a safe and reliable supply of drinking 
                water;
                  ``(B) cause the release of a substance of concern at 
                the covered water system; or
                  ``(C) cause the theft, misuse, or misappropriation of 
                a substance of concern.
  ``(b) Risk-Based Performance Standards.--The regulations under 
subsection (a)(1) shall set forth risk-based performance standards for 
site security plans required by this section. The standards shall be 
separate and, as appropriate, increasingly stringent based on the level 
of risk associated with the covered water system's risk-based tier 
assignment under subsection (d). In developing such standards, the 
Administrator shall take into account section 27.230 of title 6, Code 
of Federal Regulations (or any successor regulations).
  ``(c) Vulnerability Assessment.--The regulations under subsection 
(a)(1) shall require each covered water system to assess the system's 
vulnerability to a range of intentional acts, including an intentional 
act that results in a release of a substance of concern that is known 
to cause or may be reasonably anticipated to cause death, injury, or 
serious adverse effects to human health or the environment. At a 
minimum, the vulnerability assessment shall include a review of--
          ``(1) pipes and constructed conveyances;
          ``(2) physical barriers;
          ``(3) water collection, pretreatment, treatment, storage, and 
        distribution facilities, including fire hydrants;
          ``(4) electronic, computer, and other automated systems that 
        are used by the covered water system;
          ``(5) the use, storage, or handling of various chemicals, 
        including substances of concern;
          ``(6) the operation and maintenance of the covered water 
        system; and
          ``(7) the covered water system's resiliency and ability to 
        ensure continuity of operations in the event of a disruption 
        caused by an intentional act.
  ``(d) Risk-Based Tiers.--The regulations under subsection (a)(1) 
shall provide for 4 risk-based tiers applicable to covered water 
systems, with tier one representing the highest degree of security 
risk.
          ``(1) Assignment of risk-based tiers.--
                  ``(A) Submission of information.--The Administrator 
                may require a covered water system to submit 
                information in order to determine the appropriate risk-
                based tier for the covered water system.
                  ``(B) Factors to consider.--The Administrator shall 
                assign (and reassign when appropriate) each covered 
                water system to one of the risk-based tiers established 
                pursuant to this subsection. In assigning a covered 
                water system to a risk-based tier, the Administrator 
                shall consider the potential consequences (such as 
                death, injury, or serious adverse effects to human 
                health, the environment, critical infrastructure, 
                national security, and the national economy) from--
                          ``(i) an intentional act to cause a release, 
                        including a worst-case release, of a substance 
                        of concern at the covered water system;
                          ``(ii) an intentional act to introduce a 
                        contaminant into the drinking water supply or 
                        disrupt the safe and reliable supply of 
                        drinking water; and
                          ``(iii) an intentional act to steal, 
                        misappropriate, or misuse substances of 
                        concern.
          ``(2) Explanation for risk-based tier assignment.--The 
        Administrator shall provide each covered water system assigned 
        to a risk-based tier with the reasons for the tier assignment 
        and whether such system is required to submit an assessment 
        under subsection (g)(2).
  ``(e) Development and Implementation of Site Security Plans.--The 
regulations under subsection (a)(1) shall permit each covered water 
system, in developing and implementing its site security plan required 
by this section, to select layered security and preparedness measures 
that, in combination, appropriately--
          ``(1) address the security risks identified in its 
        vulnerability assessment; and
          ``(2) comply with the applicable risk-based performance 
        standards required under this section.
  ``(f) Role of Employees.--
          ``(1) Description of role.--Site security plans and emergency 
        response plans required under this section shall describe the 
        appropriate roles or responsibilities that employees and 
        contractor employees are expected to perform to deter or 
        respond to the intentional acts described in subsection 
        (d)(1)(B).
          ``(2) Training for employees.--Each covered water system 
        shall annually provide employees and contractor employees with 
        roles or responsibilities described in paragraph (1) with a 
        minimum of 8 hours of training on carrying out those roles or 
        responsibilities.
          ``(3) Employee participation.--In developing, revising, or 
        updating a vulnerability assessment, site security plan, and 
        emergency response plan required under this section, a covered 
        water system shall include--
                  ``(A) at least one supervisory and at least one non-
                supervisory employee of the covered water system; and
                  ``(B) at least one representative of each certified 
                or recognized bargaining agent representing facility 
                employees or contractor employees with roles or 
                responsibilities described in paragraph (1), if any, in 
                a collective bargaining relationship with the private 
                or public owner or operator of the system or with a 
                contractor to that system.  
  ``(g) Methods To Reduce the Consequences of a Chemical Release From 
an Intentional Act.--
          ``(1) Definition.--In this section, the term `method to 
        reduce the consequences of a chemical release from an 
        intentional act' means a measure at a covered water system that 
        reduces or eliminates the potential consequences of a release 
        of a substance of concern from an intentional act such as--
                  ``(A) the elimination or reduction in the amount of a 
                substance of concern possessed or planned to be 
                possessed by a covered water system through the use of 
                alternate substances, formulations, or processes;
                  ``(B) the modification of pressures, temperatures, or 
                concentrations of a substance of concern; and
                  ``(C) the reduction or elimination of onsite handling 
                of a substance of concern through improvement of 
                inventory control or chemical use efficiency.
          ``(2) Assessment.--For each covered water system that 
        possesses or plans to possess a substance of concern in excess 
        of the release threshold quantity set by the Administrator 
        under subsection (a)(5), the regulations under subsection 
        (a)(1) shall require the covered water system to include in its 
        site security plan an assessment of methods to reduce the 
        consequences of a chemical release from an intentional act at 
        the covered water system. The covered water system shall 
        provide such assessment to the Administrator and the State 
        exercising primary enforcement responsibility for the covered 
        water system, if any. The regulations under subsection (a)(1) 
        shall require the system, in preparing the assessment, to 
        consider factors appropriate to the system's security, public 
        health, or environmental mission, and include--
                  ``(A) a description of the methods to reduce the 
                consequences of a chemical release from an intentional 
                act;
                  ``(B) how each described method to reduce the 
                consequences of a chemical release from an intentional 
                act could, if applied, reduce the potential extent of 
                death, injury, or serious adverse effects to human 
                health resulting from a chemical release;
                  ``(C) how each described method to reduce the 
                consequences of a chemical release from an intentional 
                act could, if applied, affect the presence of 
                contaminants in treated water, human health, or the 
                environment;
                  ``(D) whether each described method to reduce the 
                consequences of a chemical release from an intentional 
                act at the covered water system is feasible, as defined 
                in section 1412(b)(4)(D), but not including cost 
                calculations under subparagraph (E);
                  ``(E) the costs (including capital and operational 
                costs) and avoided costs (including savings and 
                liabilities) associated with applying each described 
                method to reduce the consequences of a chemical release 
                from an intentional act at the covered water system;
                  ``(F) any other relevant information that the covered 
                water system relied on in conducting the assessment; 
                and
                  ``(G) a statement of whether the covered water system 
                has implemented or plans to implement one or more 
                methods to reduce the consequences of a chemical 
                release from an intentional act, a description of any 
                such methods, and, in the case of a covered water 
                system described in paragraph (3)(A), an explanation of 
                the reasons for any decision not to implement any such 
                methods.
          ``(3) Required methods.--
                  ``(A) Application.--This paragraph applies to a 
                covered water system--
                          ``(i) that is assigned to one of the two 
                        highest risk-based tiers under subsection (d); 
                        and
                          ``(ii) that possesses or plans to possess a 
                        substance of concern in excess of the release 
                        threshold quantity set by the Administrator 
                        under subsection (a)(5).
                  ``(B) Highest-risk systems.--If, on the basis of its 
                assessment under paragraph (2), a covered water system 
                described in subparagraph (A) decides not to implement 
                methods to reduce the consequences of a chemical 
                release from an intentional act, the State exercising 
                primary enforcement responsibility for the covered 
                water system, if the system is located in such a State, 
                or the Administrator, if the covered water system is 
                not located in such a State, shall, in accordance with 
                a timeline set by the Administrator--
                          ``(i) determine whether to require the 
                        covered water system to implement the methods; 
                        and
                          ``(ii) for States exercising primary 
                        enforcement responsibility, report such 
                        determination to the Administrator.
                  ``(C) State or administrator's considerations.--
                Before requiring, pursuant to subparagraph (B), the 
                implementation of a method to reduce the consequences 
                of a chemical release from an intentional act, the 
                State exercising primary enforcement responsibility for 
                the covered water system, if the system is located in 
                such a State, or the Administrator, if the covered 
                water system is not located in such a State, shall 
                consider factors appropriate to the security, public 
                health, and environmental missions of covered water 
                systems, including an examination of whether the 
                method--
                          ``(i) would significantly reduce the risk of 
                        death, injury, or serious adverse effects to 
                        human health resulting directly from a chemical 
                        release from an intentional act at the covered 
                        water system;
                          ``(ii) would not increase the interim storage 
                        of a substance of concern by the covered water 
                        system;
                          ``(iii) would not render the covered water 
                        system unable to comply with other requirements 
                        of this Act or drinking water standards 
                        established by the State or political 
                        subdivision in which the system is located; and
                          ``(iv) is feasible, as defined in section 
                        1412(b)(4)(D), to be incorporated into the 
                        operation of the covered water system.
                  ``(D) Appeal.--Before requiring, pursuant to 
                subparagraph (B), the implementation of a method to 
                reduce the consequences of a chemical release from an 
                intentional act, the State exercising primary 
                enforcement responsibility for the covered water 
                system, if the system is located in such a State, or 
                the Administrator, if the covered water system is not 
                located in such a State, shall provide such covered 
                water system an opportunity to appeal the determination 
                to require such implementation made pursuant to 
                subparagraph (B) by such State or the Administrator.
          ``(4) Incomplete or late assessments.--
                  ``(A) Incomplete assessments.--If the Administrator 
                finds that the covered water system, in conducting its 
                assessment under paragraph (2), did not meet the 
                requirements of paragraph (2) and the applicable 
                regulations, the Administrator shall, after notifying 
                the covered water system and the State exercising 
                primary enforcement responsibility for that system, if 
                any, require the covered water system to submit a 
                revised assessment not later than 60 days after the 
                Administrator notifies such system. The Administrator 
                may require such additional revisions as are necessary 
                to ensure that the system meets the requirements of 
                paragraph (2) and the applicable regulations.
                  ``(B) Late assessments.--If the Administrator finds 
                that a covered water system, in conducting its 
                assessment pursuant to paragraph (2), did not complete 
                such assessment in accordance with the deadline set by 
                the Administrator, the Administrator may, after 
                notifying the covered water system and the State 
                exercising primary enforcement responsibility for that 
                system, if any, take appropriate enforcement action 
                under subsection (o).
                  ``(C) Review.--The State exercising primary 
                enforcement responsibility for the covered water 
                system, if the system is located in such a State, or 
                the Administrator, if the system is not located in such 
                a State, shall review a revised assessment that meets 
                the requirements of paragraph (2) and applicable 
                regulations to determine whether the covered water 
                system will be required to implement methods to reduce 
                the consequences of an intentional act pursuant to 
                paragraph (3).
          ``(5) Enforcement.--
                  ``(A) Failure by state to make determination.--
                Whenever the Administrator finds that a State 
                exercising primary enforcement responsibility for a 
                covered water system has failed to determine whether to 
                require the covered water system to implement methods 
                to reduce the consequences of a chemical release from 
                an intentional act, as required by paragraph (3)(B), 
                the Administrator shall so notify the State and covered 
                water system. If, beyond the thirtieth day after the 
                Administrator's notification under the preceding 
                sentence, the State has failed to make the 
                determination described in such sentence, the 
                Administrator shall so notify the State and covered 
                water system and shall determine whether to require the 
                covered water system to implement methods to reduce the 
                consequences of a chemical release from an intentional 
                act based on the factors described in paragraph (3)(C).
                  ``(B) Failure by state to bring enforcement action.--
                If the Administrator finds, with respect to a period in 
                which a State has primary enforcement responsibility 
                for a covered water system, that the system has failed 
                to implement methods to reduce the consequences of a 
                chemical release from an intentional act (as required 
                by the State or the Administrator under paragraph 
                (3)(B) or the Administrator under subparagraph (A)), 
                the Administrator shall so notify the State and the 
                covered water system. If, beyond the thirtieth day 
                after the Administrator's notification under the 
                preceding sentence, the State has not commenced 
                appropriate enforcement action, the Administrator shall 
                so notify the State and may commence an enforcement 
                action against the system, including by seeking or 
                imposing civil penalties under subsection (o), to 
                require implementation of such methods.
                  ``(C) Consideration of continued primary enforcement 
                responsibility.--For a State with primary enforcement 
                responsibility for a covered water system, the 
                Administrator may consider the failure of such State to 
                make a determination as described under subparagraph 
                (A) or to bring enforcement action as described under 
                subparagraph (B) when determining whether a State may 
                retain primary enforcement responsibility under this 
                Act.
          ``(6) Guidance for covered water systems assigned to tier 3 
        and tier 4.--For covered water systems required to conduct an 
        assessment under paragraph (2) and assigned by the 
        Administrator to tier 3 or tier 4 under subsection (d), the 
        Administrator shall issue guidance and, as appropriate, provide 
        or recommend tools, methodologies, or computer software, to 
        assist such covered water systems in complying with the 
        requirements of this section.
  ``(h) Review by Administrator.--
          ``(1) In general.--The regulations under subsection (a)(1) 
        shall require each covered water system to submit its 
        vulnerability assessment and site security plan to the 
        Administrator for review according to deadlines set by the 
        Administrator. The Administrator shall review each 
        vulnerability assessment and site security plan submitted under 
        this section and--
                  ``(A) if the assessment or plan has any significant 
                deficiency described in paragraph (2), require the 
                covered water system to correct the deficiency; or
                  ``(B) approve such assessment or plan.
          ``(2) Significant deficiencies.--A vulnerability assessment 
        or site security plan of a covered water system has a 
        significant deficiency under this subsection if the 
        Administrator, in consultation, as appropriate, with the State 
        exercising primary enforcement responsibility for such system, 
        if any, determines that--
                  ``(A) such assessment does not comply with the 
                regulations established under section (a)(1); or
                  ``(B) such plan--
                          ``(i) fails to address vulnerabilities 
                        identified in a vulnerability assessment; or
                          ``(ii) fails to meet applicable risk-based 
                        performance standards.   
          ``(3) State, regional, or local governmental entities.--No 
        covered water system shall be required under State, local, or 
        tribal law to provide a vulnerability assessment or site 
        security plan described in this section to any State, regional, 
        local, or tribal governmental entity solely by reason of the 
        requirement set forth in paragraph (1) that the system submit 
        such an assessment and plan to the Administrator.
  ``(i) Emergency Response Plan.--
          ``(1) In general.--Each covered water system shall prepare or 
        revise, as appropriate, an emergency response plan that 
        incorporates the results of the system's most current 
        vulnerability assessment and site security plan.
          ``(2) Certification.--Each covered water system shall certify 
        to the Administrator that the system has completed an emergency 
        response plan. The system shall submit such certification to 
        the Administrator not later than 6 months after the system's 
        first completion or revision of a vulnerability assessment 
        under this section and shall submit an additional certification 
        following any update of the emergency response plan.
          ``(3) Contents.--A covered water system's emergency response 
        plan shall include--
                  ``(A) plans, procedures, and identification of 
                equipment that can be implemented or used in the event 
                of an intentional act at the covered water system; and
                  ``(B) actions, procedures, and identification of 
                equipment that can obviate or significantly lessen the 
                impact of intentional acts on public health and the 
                safety and supply of drinking water provided to 
                communities and individuals.
          ``(4) Coordination.--As part of its emergency response plan, 
        each covered water system shall provide appropriate information 
        to any local emergency planning committee, local law 
        enforcement officials, and local emergency response providers 
        to ensure an effective, collective response.
  ``(j) Maintenance of Records.--Each covered water system shall 
maintain an updated copy of its vulnerability assessment, site security 
plan, and emergency response plan.
  ``(k) Audit; Inspection.--
          ``(1) In general.--Notwithstanding section 1445(b)(2), the 
        Administrator, or duly designated representatives of the 
        Administrator, shall audit and inspect covered water systems, 
        as necessary, for purposes of determining compliance with this 
        section.
          ``(2) Access.--In conducting an audit or inspection of a 
        covered water system, the Administrator or duly designated 
        representatives of the Administrator, as appropriate, shall 
        have access to the owners, operators, employees and contractor 
        employees, and employee representatives, if any, of such 
        covered water system.
          ``(3) Confidential communication of information; aiding 
        inspections.--The Administrator, or a duly designated 
        representative of the Administrator, shall offer non-
        supervisory employees of a covered water system the opportunity 
        confidentially to communicate information relevant to the 
        employer's compliance or noncompliance with this section, 
        including compliance or noncompliance with any regulation or 
        requirement adopted by the Administrator in furtherance of the 
        purposes of this section. A representative of each certified or 
        recognized bargaining agent described in subsection (f)(3)(B), 
        if any, or, if none, a non-supervisory employee, shall be given 
        an opportunity to accompany the Administrator, or the duly 
        designated representative of the Administrator, during the 
        physical inspection of any covered water system for the purpose 
        of aiding such inspection, if representatives of the covered 
        water system will also be accompanying the Administrator or the 
        duly designated representative of the Administrator on such 
        inspection.
  ``(l) Protection of Information.--
          ``(1) Prohibition of public disclosure of protected 
        information.--Protected information shall--
                  ``(A) be exempt from disclosure under section 552 of 
                title 5, United States Code; and
                  ``(B) not be made available pursuant to any State, 
                local, or tribal law requiring disclosure of 
                information or records.
          ``(2) Information sharing.--
                  ``(A) In general.--The Administrator shall prescribe 
                such regulations, and may issue such orders, as 
                necessary to prohibit the unauthorized disclosure of 
                protected information, as described in paragraph (7).
                  ``(B) Sharing of protected information.--The 
                regulations under subparagraph (A) shall provide 
                standards for and facilitate the appropriate sharing of 
                protected information with and between Federal, State, 
                local, and tribal authorities, first responders, law 
                enforcement officials, designated supervisory and non-
                supervisory covered water system personnel with 
                security, operational, or fiduciary responsibility for 
                the system, and designated facility employee 
                representatives, if any. Such standards shall include 
                procedures for the sharing of all portions of a covered 
                water system's vulnerability assessment and site 
                security plan relating to the roles and 
                responsibilities of system employees or contractor 
                employees under subsection (f)(1) with a representative 
                of each certified or recognized bargaining agent 
                representing such employees, if any, or, if none, with 
                at least one supervisory and at least one non-
                supervisory employee with roles and responsibilities 
                under subsection (f)(1).
                  ``(C) Penalties.--Protected information, as described 
                in paragraph (7), shall not be shared except in 
                accordance with the standards provided by the 
                regulations under subparagraph (A). Any person who 
                purposefully publishes, divulges, discloses, or makes 
                known protected information in any manner or to any 
                extent not authorized by the standards provided by the 
                regulations under subparagraph (A), shall, upon 
                conviction, be imprisoned for not more than one year or 
                fined in accordance with the provisions of chapter 227 
                of title 18, United States Code, applicable to class A 
                misdemeanors, or both, and, in the case of Federal 
                employees or officeholders, shall be removed from 
                Federal office or employment.
          ``(3) Treatment of information in adjudicative proceedings.--
        In any judicial or administrative proceeding, protected 
        information, as described in paragraph (7), shall be treated in 
        a manner consistent with the treatment of Sensitive Security 
        Information under section 525 of the Department of Homeland 
        Security Appropriations Act, 2007 (Public Law 109-295; 120 
        Stat. 1381).
          ``(4) Other obligations unaffected.--Except as provided in 
        subsection (h)(3), nothing in this section amends or affects an 
        obligation of a covered water system--
                  ``(A) to submit or make available information to 
                system employees, employee organizations, or a Federal, 
                State, tribal, or local government agency under any 
                other law; or
                  ``(B) to comply with any other law.
          ``(5) Congressional oversight.--Nothing in this section 
        permits or authorizes the withholding of information from 
        Congress or any committee or subcommittee thereof.
          ``(6) Disclosure of independently furnished information.--
        Nothing in this section amends or affects any authority or 
        obligation of a Federal, State, local, or tribal agency to 
        protect or disclose any record or information that the Federal, 
        State, local, or tribal agency obtains from a covered water 
        system or the Administrator under any other law.
          ``(7) Protected information.--
                  ``(A) In general.--For purposes of this section, 
                protected information is any of the following:
                          ``(i) Vulnerability assessments and site 
                        security plans under this section, including 
                        any assessment developed pursuant to subsection 
                        (g)(2).
                          ``(ii) Documents directly related to the 
                        Administrator's review of assessments and plans 
                        described in clause (i) and, as applicable, the 
                        State's review of an assessment prepared under 
                        subsection (g)(2).
                          ``(iii) Documents directly related to 
                        inspections and audits under this section.
                          ``(iv) Orders, notices, or letters regarding 
                        the compliance of a covered water system with 
                        the requirements of this section.
                          ``(v) Information required to be provided to, 
                        or documents and records created by, the 
                        Administrator under subsection (d).
                          ``(vi) Documents directly related to security 
                        drills and training exercises, security threats 
                        and breaches of security, and maintenance, 
                        calibration, and testing of security equipment.
                          ``(vii) Other information, documents, and 
                        records developed exclusively for the purposes 
                        of this section that the Administrator 
                        determines would be detrimental to the security 
                        of one or more covered water systems if 
                        disclosed.
                  ``(B) Detriment requirement.--For purposes of clauses 
                (ii), (iii), (iv), (v), and (vi) of subparagraph (A), 
                the only portions of documents, records, orders, 
                notices, and letters that shall be considered protected 
                information are those portions that--
                          ``(i) would be detrimental to the security of 
                        one or more covered water systems if disclosed; 
                        and
                          ``(ii) are developed by the Administrator, 
                        the State, or the covered water system for the 
                        purposes of this section.
                  ``(C) Exclusions.--For purposes of this section, 
                protected information does not include--
                          ``(i) information that is otherwise publicly 
                        available, including information that is 
                        required to be made publicly available under 
                        any law;
                          ``(ii) information that a covered water 
                        system has lawfully disclosed other than in 
                        accordance with this section; and
                          ``(iii) information that, if disclosed, would 
                        not be detrimental to the security of one or 
                        more covered water systems, including aggregate 
                        regulatory data that the Administrator 
                        determines appropriate to describe system 
                        compliance with the requirements of this 
                        section and the Administrator's implementation 
                        of such requirements.
  ``(m) Relation to Chemical Facility Security Requirements.--The 
following provisions (and any regulations promulgated thereunder) shall 
not apply to any public water system subject to this Act:
          ``(1) Title XXI of the Homeland Security Act of 2002 (as 
        proposed to be added by H.R. 2868, the Chemical Facility Anti-
        Terrorism Act of 2009).
          ``(2) Section 550 of the Department of Homeland Security 
        Appropriations Act, 2007 (Public Law 109-295).
          ``(3) The Chemical Facility Anti-Terrorism Act of 2009.
  ``(n) Preemption.--This section does not preclude or deny the right 
of any State or political subdivision thereof to adopt or enforce any 
regulation, requirement, or standard of performance with respect to a 
covered water system that is more stringent than a regulation, 
requirement, or standard of performance under this section.
  ``(o) Violations.--
          ``(1) In general.--A covered water system that violates any 
        requirement of this section, including by not implementing all 
        or part of its site security plan by such date as the 
        Administrator requires, shall be liable for a civil penalty of 
        not more than $25,000 for each day on which  the violation 
        occurs.
          ``(2) Procedure.--When the Administrator determines that a 
        covered water system is subject to a civil penalty under 
        paragraph (1), the Administrator, after consultation with the 
        State, for covered water systems located in a State exercising 
        primary responsibility for the covered water system, and, after 
        considering the severity of the violation or deficiency and the 
        record of the covered water system in carrying out the 
        requirements of this section, may--
                  ``(A) after notice and an opportunity for the covered 
                water system to be heard, issue an order assessing a 
                civil penalty under such paragraph for any past or 
                current violation, requiring compliance immediately or 
                within a specified time period; or
                  ``(B) commence a civil action in the United States 
                district court in the district in which the violation 
                occurred for appropriate relief, including temporary or 
                permanent injunction.
          ``(3) Methods to reduce the consequences of a chemical 
        release from an intentional act.--Except as provided in 
        subsections (g)(4) and (g)(5), if a covered water system is 
        located in a State exercising primary enforcement 
        responsibility for the system, the Administrator may not issue 
        an order or commence a civil action under this section for any 
        deficiency in the content or implementation of the portion of 
        the system's site security plan relating to methods to reduce 
        the consequences of a chemical release from an intentional act 
        (as defined in subsection (g)(1)).
  ``(p) Report to Congress.--
          ``(1) Periodic report.--Not later than 3 years after the 
        effective date of the regulations under subsection (a)(1), and 
        every 3 years thereafter, the Administrator shall transmit to 
        the Committee on Energy and Commerce of the House of 
        Representatives and the Committee on Environment and Public 
        Works of the Senate a report on progress in achieving 
        compliance with this section. Each such report shall include, 
        at a minimum, the following:
                  ``(A) A generalized summary of measures implemented 
                by covered water systems in order to meet each risk-
                based performance standard established by this section.
                  ``(B) A summary of how the covered water systems, 
                differentiated by risk-based tier assignment, are 
                complying with the requirements of this section during 
                the period covered by the report and how the 
                Administrator is implementing and enforcing such 
                requirements during such period including--
                          ``(i) the number of public water systems that 
                        provided the Administrator with information 
                        pursuant to subsection (d)(1);
                          ``(ii) the number of covered water systems 
                        assigned to each risk-based tier;
                          ``(iii) the number of vulnerability 
                        assessments and site security plans submitted 
                        by covered water systems;
                          ``(iv) the number of vulnerability 
                        assessments and site security plans approved 
                        and disapproved by the Administrator;
                          ``(v) the number of covered water systems 
                        without approved vulnerability assessments or 
                        site security plans;
                          ``(vi) the number of covered water systems 
                        that have been assigned to a different risk-
                        based tier due to implementation of a method to 
                        reduce the consequences of a chemical release 
                        from an intentional act and a description of 
                        the types of such implemented methods;
                          ``(vii) the number of audits and inspections 
                        conducted by the Administrator or duly 
                        designated representatives of the 
                        Administrator;
                          ``(viii) the number of orders for compliance 
                        issued by the Administrator;
                          ``(ix) the administrative penalties assessed 
                        by the Administrator for non-compliance with 
                        the requirements of this section;
                          ``(x) the civil penalties assessed by courts 
                        for non-compliance with the requirements of 
                        this section; and
                          ``(xi) any other regulatory data the 
                        Administrator determines appropriate to 
                        describe covered water system compliance with 
                        the requirements of this section and the 
                        Administrator's implementation of such 
                        requirements.
          ``(2) Public availability.--A report submitted under this 
        section shall be made publicly available.
  ``(q) Grant Programs.--
          ``(1) Implementation grants to states.--The Administrator may 
        award grants to, or enter into cooperative agreements with, 
        States, based on an allocation formula established by the 
        Administrator, to assist the States in implementing this 
        section.
          ``(2) Research, training, and technical assistance grants.--
        The Administrator may award grants to, or enter into 
        cooperative agreements with, non-profit organizations to 
        provide research, training, and technical assistance to covered 
        water systems to assist them in carrying out their 
        responsibilities under this section.
          ``(3) Preparation grants.--
                  ``(A) Grants.--The Administrator may award grants to, 
                or enter into cooperative agreements with, covered 
                water systems to assist such systems in--
                          ``(i) preparing and updating vulnerability 
                        assessments, site security plans, and emergency 
                        response plans;
                          ``(ii) assessing and implementing methods to 
                        reduce the consequences of a release of a 
                        substance of concern from an intentional act; 
                        and
                          ``(iii) implementing any other security 
                        reviews and enhancements necessary to comply 
                        with this section.
                  ``(B) Priority.--
                          ``(i) Need.--The Administrator, in awarding 
                        grants or entering into cooperative agreements 
                        for purposes described in subparagraph (A)(i), 
                        shall give priority to covered water systems 
                        that have the greatest need.
                          ``(ii) Security risk.--The Administrator, in 
                        awarding grants or entering into cooperative 
                        agreements for purposes described in 
                        subparagraph (A)(ii), shall give priority to 
                        covered water systems that pose the greatest 
                        security risk.
          ``(4) Worker training grants program authority.--
                  ``(A) In general.--The Administrator shall establish 
                a grant program to award grants to eligible entities to 
                provide for training and education of employees and 
                contractor employees with roles or responsibilities 
                described in subsection (f)(1) and first responders and 
                emergency response providers who would respond to an 
                intentional act at a covered water system.
                  ``(B) Administration.--The Administrator shall enter 
                into an agreement with the National Institute of 
                Environmental Health Sciences to make and administer 
                grants under this paragraph.
                  ``(C) Use of funds.--The recipient of a grant under 
                this paragraph shall use the grant to provide for--
                          ``(i) training and education of employees and 
                        contractor employees with roles or 
                        responsibilities described in subsection 
                        (f)(1), including the annual mandatory training 
                        specified in subsection (f)(2) or training for 
                        first responders in protecting nearby persons, 
                        property, or the environment from the effects 
                        of a release of a substance of concern at the 
                        covered water system, with priority given to 
                        covered water systems assigned to tier one or 
                        tier two under subsection (d); and
                          ``(ii) appropriate training for first 
                        responders and emergency response providers who 
                        would respond to an intentional act at a 
                        covered water system.
                  ``(D) Eligible entities.--For purposes of this 
                paragraph, an eligible entity is a nonprofit 
                organization with demonstrated experience in 
                implementing and operating successful worker or first 
                responder health and safety or security training 
                programs.
  ``(r) Authorization of Appropriations.--
          ``(1) In general.--To carry out this section, there are 
        authorized to be appropriated--
                  ``(A) $315,000,000 for fiscal year 2011, of which up 
                to--
                          ``(i) $30,000,000 may be used for 
                        administrative costs incurred by the 
                        Administrator or the States, as appropriate; 
                        and
                          ``(ii) $125,000,000 may be used to implement 
                        methods to reduce the consequences of a 
                        chemical release from an intentional act at 
                        covered water systems with priority given to 
                        covered water systems assigned to tier one or 
                        tier two under subsection (d); and
                  ``(B) such sums as may be necessary for fiscal years 
                2012 through 2015.
          ``(2) Security enhancements.--Funding under this subsection 
        for basic security enhancements shall not include expenditures 
        for personnel costs or monitoring, operation, or maintenance of 
        facilities, equipment, or systems.''.
  (b) Regulations; Transition.--
          (1) Regulations.--Not later than 2 years after the date of 
        the enactment of this Act, the Administrator of the 
        Environmental Protection Agency shall promulgate final 
        regulations to carry out section 1433 of the Safe Drinking 
        Water Act, as amended by subsection (a).
          (2) Effective date.--Until the effective date of the 
        regulations promulgated under paragraph (1), section 1433 of 
        the Safe Drinking Water Act, as in effect on the day before the 
        date of the enactment of this title, shall continue to apply.
          (3) Savings provision.--Nothing in this section or the 
        amendment made by this section shall affect the application of 
        section 1433 of the Safe Drinking Water Act, as in effect 
        before the effective date of the regulations promulgated under 
        paragraph (1), to any violation of such section 1433 occurring 
        before such effective date, and the requirements of such 
        section 1433 shall remain in force and effect with respect to 
        such violation until the violation has been corrected or 
        enforcement proceedings completed, whichever is later.

SEC. 3. STUDY TO ASSESS THE THREAT OF CONTAMINATION OF DRINKING WATER 
                    DISTRIBUTION SYSTEMS.

  Not later than 180 days after the date of the enactment of this Act, 
the Administrator of the Environmental Protection Agency, in 
consultation with the Secretary of Homeland Security, shall--
          (1) conduct a study to assess the threat of contamination of 
        drinking water being distributed through public water systems, 
        including fire main systems; and
          (2) submit a report to the Congress on the results of such 
        study.

                          Purpose and Summary

    H.R. 3258 is a bill to amend the Safe Drinking Water Act to 
enhance the security of the public water systems of the United 
States.

                  Background and Need for Legislation

    In June 2002, Congress passed legislation to address 
security issues at community drinking water systems. The Public 
Health Security and Bioterrorism Preparedness and Response Act 
of 2002 added section 1433 to the Safe Drinking Water Act, 
which required community water systems serving more than 3,300 
individuals to conduct an assessment of their vulnerability to 
terrorist attack or other intentional acts to disrupt a safe 
and reliable drinking water supply.
    Both President Clinton and President Bush issued directives 
on critical infrastructure protection relating to the water 
sector. In 1998, President Clinton issued Presidential Decision 
Directive 63, which designated the U.S. Environmental 
Protection Agency (EPA) as the lead federal agency for the 
water supply sector. In 2003, President Bush issued Homeland 
Security Presidential Directive 7, which affirmed EPA as the 
lead federal agency for coordinating protection of the nation's 
critical infrastructure for the water sector. This authority 
was later reaffirmed and expanded in Homeland Security 
Directive 9 on January 30, 2004. EPA established a Water 
Security Division within the Office of Ground Water and 
Drinking Water to carry out its water sector security 
responsibilities.
    In the fall of 2006, as part of the Homeland Security 
Appropriations bill, Congress authorized the Department of 
Homeland Security (DHS) to establish risk-based security 
performance standards for protecting certain chemical 
facilities. In April 2007, DHS finalized the Chemical Facility 
Anti-Terrorism Standards (CFATS). The authorizing statute and 
regulations exempted drinking water and wastewater facilities 
from the program, resulting in what DHS and EPA have called a 
``critical security gap.''
    On July 20, 2009, Chairman Waxman and Subcommittee on 
Energy and Environment Chairman Markey, joined by Reps. Capps, 
Pallone, Sarbanes, and Schakowsky, introduced the Drinking 
Water System Security Act of 2009 (H.R. 3258) to address 
security at drinking water facilities and close part of the 
security gap.

                          Legislative History

    H.R. 3258 was introduced on July 20, 2009, by Chairman 
Waxman, Subcommittee on Energy and Environment Chairman Markey, 
and Reps. Pallone, Capps, Sarbanes, and Schakowsky.
    The Subcommittee on Energy and Environment held a 
legislative hearing on October 1, 2009, on two bills: H.R. 
3258, the Drinking Water System Security Act of 2009, and H.R. 
2868, the Chemical Facility Anti-Terrorism Act of 2009. The 
Subcommittee received testimony from two panels of witnesses. 
The witnesses on the first panel were the Hon. Peter Silva, 
Assistant Administrator, Office of Water, U.S. Environmental 
Protection Agency, and the Hon. Rand Beers, Under Secretary, 
National Protection and Programs Directorate, U.S. Department 
of Homeland Security. Panel 2 was comprised of four witnesses: 
Mr. Brian Ramaley, Director, Newport News Waterworks (Virginia) 
and President of the Board of Directors of the Association of 
Metropolitan Water Agencies; Mr. Marty Durbin, Vice President, 
Federal Affairs, American Chemical Council; Dr. Darius Sivin, 
Legislative Representative of the CWA-UAW Legislative Alliance; 
and Mr. Stephen Poorman, International EHS Manager, Fujifilm 
Imaging Colorants Chair, Safety and Security Committee, Society 
of Chemical Manufacturers and Affiliates.

                        Committee Consideration

    On Wednesday, October 14, 2009, the Subcommittee on Energy 
and Environment considered H.R. 3258 in open markup session and 
favorably forwarded the bill to the full Committee by a voice 
vote. The Committee on Energy and Commerce met in open markup 
session on Wednesday, October 21, 2009, to consider H.R. 3258 
as approved by the Subcommittee on Energy and Environment. 
Subsequently, the Committee ordered H.R. 3258 favorably 
reported to the House, amended, by a voice vote.

                            Committee Votes

    Clause 3(b) of rule XIII of the Rules of the House of 
Representatives requires the Committee to list the recorded 
votes on the motion to report legislation and amendments 
thereto. The Committee agreed to a motion by Mr. Waxman to 
order H.R. 3258 favorably reported to the House, amended, by a 
voice vote. During the Committee's consideration of H.R. 3258, 
there were no recorded votes taken on amendments offered to the 
bill or the motion to report H.R. 3258 to the House.

            Committee Oversight Findings and Recommendations

    In compliance with clause 3(c)(1) of rule XIII of the Rules 
of the House of Representatives, the findings and 
recommendations of the Committee are reflected in the 
descriptive portions of this report.

   New Budget Authority, Entitlement Authority, and Tax Expenditures

    Regarding compliance with clause 3(c)(2) of rule XIII of 
the Rules of the House of Representatives, the Committee adopts 
as its own the estimate of budget authority and revenues 
regarding H.R. 3258 prepared by the Director of the 
Congressional Budget Office pursuant to section 402 of the 
Congressional Budget Act of 1974. The Committee finds that H.R. 
3258 would result in no new or increased entitlement authority 
or tax expenditures.

         Statement of General Performance Goals and Objectives

    The purpose of H.R. 3258 is to strengthen security at 
drinking water facilities in order to prevent a terrorist 
attack that causes a chemical release, contaminates the water 
supply, or otherwise disrupts the ability of a water system to 
provide a safe and reliable supply of drinking water.
    Specific objectives include:
           Authorizing the Administrator of the U.S. 
        Environmental Protection Agency to designate any 
        chemical substance as a substance of concern;
           Requiring the Administrator to establish 
        risk-based performance standards for community water 
        systems serving more than 3,300 people and for other 
        public water systems that the Administrator determines 
        pose a security risk;
           Requiring the Administrator to consult with 
        the Secretary of the Department of Homeland Security 
        and state drinking water agencies when developing the 
        drinking water security program;
           Requiring covered water systems to identify 
        vulnerabilities through a security vulnerability 
        assessment, develop a site security plan that addresses 
        those vulnerabilities, and develop an emergency 
        response plan;
           Allowing each covered water system to select 
        layered security measures for their site security plans 
        to meet risk-based performance standards, which vary by 
        tier;
           Requiring covered water systems to include 
        employees and their representatives in the development 
        of vulnerability assessments and site security plans;
           Requiring the Administrator to review each 
        vulnerability assessment and site security plan and 
        authorizing the Administrator to require each system to 
        correct significant deficiencies, if any, in its 
        assessment or plan;
           Requiring all covered water systems with 
        dangerous chemicals in amounts exceeding release 
        thresholds that will be set by the Administrator to 
        assess whether they can switch to safer chemicals or 
        processes;
           Authorizing state drinking water agencies 
        (and EPA for non-primacy states) to require a system in 
        one of the two highest-risk tiers to switch to safer 
        chemicals or processes if it is technologically and 
        economically feasible and if doing so will not prevent 
        the system from meeting its obligation to provide safe 
        drinking water;
           Requiring state drinking water agencies (and 
        EPA for non-primacy states) to provide an opportunity 
        for a covered water system to appeal a determination if 
        the water system disagrees with an order to switch to 
        safer chemicals or processes;
           Requiring the Administrator to provide 
        standards for the appropriate sharing of security 
        information and to protect this information when 
        disclosure would be harmful to the security of a 
        covered water system;
           Setting criminal penalties for the 
        purposeful, unlawful disclosure of this protected 
        information;
           Authorizing the Administrator or his or her 
        duly designated representative to audit and inspect 
        covered water systems to determine compliance with this 
        section; and
           Exempting public water systems from the 
        requirements of the Department of Homeland Security's 
        Chemical Facility Anti-Terrorism Standards.

                   Constitutional Authority Statement

    Pursuant to clause 3(d)(1) of rule XIII of the Rules of the 
House of Representatives, the Committee finds that the 
constitutional authority for H.R. 3258 is provided in Article 
I, section 8, clauses 1, 3, and 18.

                  Earmarks and Tax and Tariff Benefits

    H.R. 3258 does not contain any congressional earmarks, 
limited tax benefits, or limited tariff benefits as defined in 
clause 9 of rule XXI of the Rules of the House of 
Representatives.

                      Advisory Committee Statement

    No advisory committees were created by H.R. 3258 within the 
meaning of section 5 U.S.C. App., 5(b) of the Federal Advisory 
Committee Act.

             Applicability of Law to the Legislative Branch

    The Committee finds that H.R. 3258 does not relate to the 
terms and conditions of employment or access to public services 
or accommodations within the meaning of section 102(b)(3) of 
the Congressional Accountability Act of 1985.

                       Federal Mandates Statement

    The Committee adopts as its own the estimates of federal 
mandates prepared by the Director of the Congressional Budget 
Office pursuant to section 423 of the Unfunded Mandate Reform 
Act.

                        Committee Cost Estimate

    Pursuant to clause 3(d) of rule XIII of the Rules of the 
House of Representatives, the Committee adopts as its own the 
cost estimate on H.R. 3258 prepared by the Director of the 
Congressional Budget Office pursuant to section 402 of the 
Congressional Budget Act.

                  Congressional Budget Office Estimate

    Pursuant to clause 3(c)(3) of rule XIII of the Rules of the 
House of Representatives, the following is the cost estimate on 
H.R. 3258 provided by the Congressional Budget Office pursuant 
to section 402 of the Congressional Budget Act of 1974:

                                                  October 23, 2009.
Hon. Henry A. Waxman,
Chairman, Committee on Energy and Commerce,
House of Representatives, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for H.R. 3258, the Drinking 
Water System Security Act of 2009.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contact is Susanne S. 
Mehlman.
            Sincerely,
                                              Douglas W. Elmendorf.
    Enclosure.

H.R. 3258--Drinking Water System Security Act of 2009

    Summary: H.R. 3258 would authorize the Environmental 
Protection Agency (EPA) to regulate the security of community 
water systems serving more than 3,300 people and other public 
water systems that EPA determines present a security risk. 
Under the bill, EPA would develop regulations to require the 
covered water systems to perform vulnerability assessments and 
to establish site security plans and emergency response plans. 
In addition, EPA would provide grants to or enter into 
cooperative agreements with states, nonprofit organizations, or 
covered water systems to support research and training related 
to the security of such facilities, and for the preparation of 
assessments and plans related to security. The grants also 
could be used to implement security measures.
    CBO estimates that implementing H.R. 3258 would cost about 
$1 billion over the 2010-2014 period, assuming appropriation of 
the necessary amounts. Enacting H.R. 3258 could affect direct 
spending and receipts because the bill would establish new 
criminal and civil penalties against owners and operators of 
covered water systems and others who fail to comply with the 
bill's requirements. However, CBO estimates that any 
collections from such penalties would not be significant.
    H.R. 3258 contains intergovernmental and private-sector 
mandates as defined in the Unfunded Mandates Reform Act (UMRA) 
because it would impose new security requirements on owners and 
operators of drinking water systems. Because the costs of the 
mandates on state, local, and tribal governments would depend 
on future regulations, CBO cannot determine whether the 
aggregate costs of the mandates would exceed the annual 
threshold established in UMRA for intergovernmental entities 
($69 million in 2009, adjusted annually for inflation). CBO 
estimates that the costs of the mandates to private-sector 
entities would probably fall below the annual threshold 
established in UMRA ($139 million in 2009, adjusted annually 
for inflation) because the number of privately owned systems is 
small.
    Estimated cost to the Federal Government: The estimated 
budgetary impact of H.R. 3258 is shown in the following table. 
The costs of this legislation fall within budget function 300 
(natural resources and environment).

----------------------------------------------------------------------------------------------------------------
                                                                 By fiscal year, in millions of dollars--
                                                         -------------------------------------------------------
                                                            2010     2011     2012     2013     2014   2010-2014
----------------------------------------------------------------------------------------------------------------
                                  CHANGES IN SPENDING SUBJECT TO APPROPRIATION

Estimated Authorization Level...........................        0      315      322      329      338     1,304
Estimated Outlays.......................................        0      126      271      324      332     1,053
----------------------------------------------------------------------------------------------------------------

    Basis of estimate: For this estimate, CBO assumes that H.R. 
3258 will be enacted during fiscal year 2010, the amounts 
necessary to implement the bill will be appropriated each year, 
and that outlays will follow historical spending patterns for 
similar programs.
    This legislation would authorize the appropriation of $315 
million for fiscal year 2011. Of that amount, $30 million would 
be used by EPA for administrative expenses, $125 million would 
be used to assist covered water systems use safer chemicals or 
reduce the amount of dangerous chemicals stored onsite, and 
$160 million would be used to fund grants. Grants could be used 
by states or nonprofit organizations to support training, 
prepare vulnerability assessments and security plans, and 
implement security enhancements, which would include, for 
example, the installation of surveillance equipment.
    For fiscal years 2012 through 2015, this legislation would 
authorize the appropriation of such sums as necessary. For each 
year after 2011, CBO estimates that EPA would require the same 
level of funding as in 2011, with annual adjustments for 
anticipated inflation, to support the requirements under the 
bill and the grants. In total, CBO estimates that enacting this 
legislation would cost about $1 billion over the 2011-2014 
period.
    Intergovernmental and private-sector impact: H.R. 3258 
contains intergovernmental and private-sector mandates as 
defined in UMRA because it would impose new security 
requirements on owners and operators of drinking water systems. 
Because the costs of the mandates on state, local, and tribal 
governments would depend on future regulations, CBO cannot 
determine whether the aggregate costs of the mandates would 
exceed the annual threshold established in UMRA for 
intergovernmental entities ($69 million in 2009, adjusted 
annually for inflation). CBO estimates that the costs of the 
mandates to private-sector entities would probably fall below 
the annual threshold established in UMRA ($139 million in 2009, 
adjusted annually for inflation) because the number of 
privately owned systems is small.

Mandates that apply to public and private entities

    The bill would impose several new requirements on owners 
and operators of covered drinking water systems (those serving 
populations of over 3,300 people). The bill would require those 
facilities to comply with performance standards to be issued by 
EPA for facility security. Such standards could include 
infrastructure upgrades and changes to security procedures. The 
bill also would require owners and operators of covered water 
systems that possess chemicals in excess of a threshold set by 
EPA to assess and potentially implement alternative measures 
for increasing security at their facilities if such facilities 
are designated as high risk by EPA. Such measures include the 
use of alternative chemicals to process drinking water and 
modifications to chemical storage practices. The bill also 
would require owners and operators of covered water systems to 
update vulnerability assessments and emergency response plans, 
and to prepare and implement site security plans. Further, the 
bill would require owners and operators of covered water 
systems to maintain copies of planning documents, provide 
access for audits and inspections, and provide employees with 
training annually.
    Depending on future regulations governing performance 
standards, chemical thresholds, the number of covered water 
systems designated as high risk, and the implementation 
schedule for vulnerability assessments and site security plans, 
the costs to covered water systems could be significant. Those 
costs could result from new procedural requirements or, in some 
cases, capital improvements. At the same time, many water 
systems may already have security systems and procedures in 
place that would meet the new requirements. Because of 
uncertainty about the scope and implementation timeline of the 
bill's requirements, CBO has no basis for determining annual 
costs of the mandates on publicly owned systems. However, 
because the number of privately owned systems that would be 
affected is small, CBO estimates that the cost of the mandates 
to private-sector entities would fall below the annual 
threshold established in UMRA.

Mandates that apply to public entities only

    H.R. 3258 would preempt state and local laws that provide 
public access to information and require covered water systems 
to submit security plans. The bill also would preempt any state 
or local regulation that would conflict with the security 
activities authorized by the bill. Further, the bill would 
require state, local, and tribal authorities, such as law 
enforcement officials, to share information. CBO estimates that 
the costs of those mandates would be small.

Other impacts

    H.R. 3258 would authorize $125 million for fiscal year 2011 
for grants to covered water systems to increase security at 
their facilities. The bill also would authorize such sums as 
necessary for fiscal years 2012 through 2015 for such 
activities.
    Estimate prepared by: Federal Costs: Susanne S. Mehlman; 
Impact on State, Local, and Tribal Governments: Ryan Miller; 
Impact on the Private Sector: Amy Petz.
    Estimate approved by: Peter H. Fontaine; Assistant Director 
for Budget Analysis.

             Section-by-Section Analysis of the Legislation


Section 1. Short title

    This Act may be cited as the ``Drinking Water System 
Security Act of 2009.''

Section 2. Intentional acts affecting the security of covered water 
        systems

    The Drinking Water System Security Act of 2009 replaces 
Section 1433 of the Safe Drinking Water Act (SDWA) as follows:
            Subsection (a). Risk-based performance standards; 
                    vulnerability assessments; site security plans; 
                    emergency response plans
    This subsection requires the Administrator of the 
Environmental Protection Agency (hereafter the 
``Administrator'' and ``EPA'') to issue regulations 
establishing risk-based performance standards for covered 
drinking water systems. The Administrator also must establish 
deadlines and requirements for developing and updating 
vulnerability assessments, site security plans, and emergency 
response plans and providing training to employees of covered 
water systems.
    Covered water systems, by definition, include community 
water systems serving more than 3,300 people and other public 
water systems that the Administrator, in her discretion, 
determines present a security risk. The Committee intends for 
the Administrator to use this discretion to ensure that non-
community water systems that serve many people, such as the 
water system at Walt Disney World, or systems that serve 
security-sensitive areas or facilities, such as Camp David, are 
sufficiently protected against intentional acts. It is not the 
Committee's intent for the Administrator to use this authority 
to regulate all community water systems that serve fewer than 
3,300 people.
    In developing and implementing the regulations under this 
section, the Administrator must consult with states exercising 
primary enforcement responsibility for public water systems 
(hereafter ``states with primacy'') and other persons, 
including the Secretary of the Department of Homeland Security 
(hereafter the ``Secretary'' and ``DHS'').
    The Committee expects that EPA would utilize, with 
modifications as necessary to address the uniqueness of the 
sector, DHS's existing risk assessment tools and performance 
standards for chemical facilities. To ensure consistency of 
tiering determinations across industry sectors, EPA should 
apply DHS's tiering methodology, with modifications as 
necessary to reflect any differences in statutory requirements.
    The Administrator may designate any chemical as a 
``substance of concern'' for the purposes of this section. When 
the Administrator designates a substance of concern, she must 
establish for each substance a threshold quantity for the 
release or theft of the substance. In making this designation, 
the Administrator must take into account Appendix A of the 
Chemical Facility Anti-Terrorism Standards (CFATS), which lists 
DHS's ``chemicals of interest.''
    This subsection requires the Administrator to provide 
covered water systems with baseline information about probable 
threats to disrupt the safe and reliable supply of water, cause 
a release of a substance of concern at the covered water 
system, or steal, misuse, or misappropriate a substance of 
concern.
            Subsection (b). Risk-based performance standards
    This subsection requires the Administrator to develop risk-
based performance standards for covered water systems to use in 
developing their site security plans. The standards should be 
more stringent for systems in higher-risk tiers. In developing 
these standards, the Administrator must take into account the 
risk-based performance standards in the CFATS program.
            Subsection (c). Vulnerability assessment
    This subsection requires each covered water system to 
assess the system's vulnerability to a range of intentional 
acts, including a release of a substance of concern that causes 
death or injury or other adverse effects. As part of its 
vulnerability assessment, the covered water system must review 
its pipes, physical barriers, water distribution facilities, 
computer systems, storage of substances of concern, and other 
factors. If a water system has completed a vulnerability 
assessment under the Public Health Security and Bioterrorism 
Preparedness and Response Act of 2002, the covered water system 
may update that assessment to comply with this subsection 
rather than compiling an entirely new assessment.
            Subsection (d). Risk-based tiers
    The Administrator must establish four risk-based tiers for 
covered water systems, with tier 1 representing the highest-
risk tier.
    The Administrator may require each covered water system to 
submit information in order to assign (or reassign) the system 
to one of the risk-based tiers. In assigning a covered water 
system to a tier, the Administrator must consider the potential 
consequences of an intentional act to cause a release of a 
substance of concern at the covered water system, to introduce 
a contaminant into or otherwise disrupt the drinking water 
supply, and to steal, misuse, or misappropriate substances of 
concern.
    This subsection requires the Administrator to provide to 
each covered water system her reasons for assigning the system 
to a particular tier and advise the system whether it is 
required to assess the potential for implementing methods to 
reduce the consequences of a chemical release from an 
intentional act under subsection (g).
            Subsection (e). Development and implementation of site 
                    security plans
    This subsection allows each covered water system to select 
layered security measures that address the security risks 
identified in the vulnerability assessment and meet the 
applicable risk-based performance standards.
            Subsection (f). Role of employees
    In the site security plan and emergency response plan, each 
covered water system must describe the roles and 
responsibilities of system employees (including contractor 
employees) in deterring or responding to an intentional act at 
that system.
    This subsection requires each covered water system to 
provide at least eight hours of security-related training each 
year to employees with roles and responsibilities in deterring 
or responding to an intentional act.
    This subsection also requires each covered water system to 
include employees and appropriate employee representatives when 
developing, revising, or updating the vulnerability assessment, 
site security plan, and emergency response plan.
            Subsection (g). Methods to reduce the consequences of a 
                    chemical release from an intentional act
    The term ``methods to reduce the consequences of a chemical 
release from an intentional act'' means a measure at a covered 
water system that reduces or eliminates the potential 
consequences of a release of a substance of concern due to an 
intentional act. Such measures include using alternate 
substances, formulations, or processes to reduce the amount of 
a substance of concern on-site; modifying pressures, 
temperatures, or concentrations of a substance of concern; and 
improving inventory control or chemical use efficiency to 
reduce on-site handling of a substance of concern. The 
Committee does not intend the term ``method to reduce the 
consequences of a chemical release from an intentional act'' to 
include the mitigation, control, containment, or recovery of a 
substance of concern in the event of an intentional act.
    This subsection requires any covered water system that uses 
or stores a substance of concern in excess of the release 
threshold to complete an assessment of whether it can implement 
``methods to reduce'' and include this assessment as part of 
its site security plan. The covered water system must provide 
this assessment to EPA and the state with primacy, if any, for 
that system. In preparing the assessment, the system must 
describe the methods it considered; the degree to which each 
method, if implemented, could reduce the consequences of an 
intentional act; whether each method, if implemented, could 
affect the quality of drinking water, human health or the 
environment; whether each method, if implemented, is feasible 
(not including the cost considerations typically used to 
determine ``feasibility'' as defined in SDWA); the costs (and 
avoided costs) associated with implementing each method; and, 
based on these factors, whether the system plans to implement 
any such methods. A covered water system that does not use or 
store a release threshold quantity of a substance of concern 
does not have to complete an assessment.
    The Committee intends for the Administrator to require each 
covered water system to conduct a cost analysis associated with 
each method considered, including an assessment of the 
operational costs and savings, if applicable. The Administrator 
or covered water system may want to consider any relevant 
costs, such as capital costs, cost savings due to physical 
security or other processes (i.e. mitigation technologies) that 
would no longer be needed, any reduction in terrorism-related 
insurance costs, and other avoided costs (i.e. a reduction in 
costs due to regulatory compliance measures, inspections, 
materials, permits or fees, other operating costs, contingency 
planning and response, or personnel protective gear that are no 
longer needed).
    EPA must provide guidance, computer software and other 
tools to covered water systems assigned to tiers 3 and 4 in 
order to streamline the assessment process for these systems.
    If the Administrator finds that the covered water system 
did not submit a complete or thorough assessment, the 
Administrator must inform the system and state with primacy for 
that system and require the system to submit a revised 
assessment. If the covered water system fails to complete such 
assessment in accordance with the deadline set by the 
Administrator, the Administrator may take appropriate 
enforcement action.
    With respect to a covered water system that has a release 
threshold quantity of a substance of concern and is assigned to 
one of the two highest risk-based tiers, the state with primacy 
for this covered water system must determine, based on an 
evaluation of the system's assessment, whether to require such 
system to implement the methods to reduce and report this 
determination to the Administrator. For covered water systems 
in states without primacy, the Administrator must make this 
determination. A covered water system that does not use or 
store a release threshold quantity of a substance of concern 
and is not in one of the two highest risk-based tiers will not 
be subject to any requirement to implement the methods to 
reduce.
    Before requiring a covered water system in one of the 
highest two risk-based tiers to implement methods to reduce, 
the state with primacy (or the Administrator for covered water 
systems in states without primacy) must examine whether 
implementing these methods would significantly reduce the 
consequences of a release of a substance of concern; would not 
increase the interim storage of a substance of concern by the 
covered water system; would not put the water system out of 
compliance with SDWA and state or local drinking water 
standards; and is feasible for the water system.
    The Committee intends that the state with primacy (or the 
Administrator for covered water systems in states without 
primacy) should make each determination under this subsection 
on a system-by-system basis and should not seek to impose 
wholesale, sector-wide process or chemical changes.
    The state with primacy or the Administrator (for non-
primacy states) must provide a covered water system with an 
opportunity for appeal if the covered water system disagrees 
with a determination that it must implement methods to reduce 
the consequences of an intentional act.
    The Committee does not intend to give the Administrator the 
authority to overrule the determination of a state with primacy 
under this subsection. This subsection outlines the parameters 
of the Administrator's authority with regard to methods to 
reduce the consequences of an intentional act. If a state with 
primacy fails to determine whether to require a covered high-
risk water system to implement one or more methods to reduce 
within a timeline set by the Administrator, the Administrator 
can step in and make the determination. If the Administrator 
finds that a state with primacy has not enforced the state's 
own determination that a covered high-risk water system 
implement one or more methods to reduce, the Administrator can 
step in and enforce the determination. The Administrator may 
consider the failure of a state to make or enforce a 
determination when examining whether a state should retain 
primary enforcement responsibility under SDWA.
    This section also gives the Administrator authority to 
provide or recommend tools, methodologies and software created 
by the water sector and others. The Administrator may create 
such tools, methodologies or computer software, if the 
Administrator believes that such tools, methodologies or 
computer software could assist such covered water systems in 
complying with the requirements of this section, and the 
Administrator may also recommend such tools, methodologies or 
computer software that have been developed by other entities if 
the Administrator believes that such tools, methodologies or 
computer software could assist such covered water systems in 
complying with the requirements of this section.
            Subsection (h). Review by administrator
    This subsection requires the covered water system to submit 
its vulnerability assessment and site security plan to the 
Administrator for review. The Administrator must review each 
vulnerability assessment and site security plan and, in 
consultation with the states with primacy, as appropriate, 
determine whether each vulnerability assessment complies with 
the regulations and whether each site security plan addresses 
the system's vulnerabilities and meets the risk-based 
performance standards. The Administrator also must require each 
system to correct significant deficiencies, if any, in its 
vulnerability assessment or site security plan.
    This subsection also states that a covered water system 
does not have to provide state and local governments with 
copies of its vulnerability assessment and site security plan 
just by virtue of a state or local law requiring that a system 
turn over to the state or local government all documents that 
it provides to EPA.
            Subsection (i). Emergency response plan
    This subsection requires each covered water system to 
prepare or revise an emergency response plan and certify 
completion to the Administrator. This plan must include plans 
and procedures for responding to an intentional act at the 
covered water system and mitigating the impact of intentional 
acts on public health and safety. The covered water system must 
provide appropriate information to local first responders and 
law enforcement officials to ensure an effective response in 
the event of an emergency.
    If a water system completed an emergency response plan 
under the Public Health Security and Bioterrorism Preparedness 
and Response Act of 2002, the covered water system may update 
that plan to comply with this subsection rather than compiling 
an entirely new plan.
            Subsection (j). Maintenance of records
    This subsection requires each covered water system to 
maintain an updated copy of its vulnerability assessment, site 
security plan, and emergency response plan.
            Subsection (k). Audit; inspection
    This subsection requires the Administrator, or a duly 
designated representative of the Administrator, to audit and 
inspect covered water systems to determine compliance with this 
section of the Act. The Administrator or the Administrator's 
duly designated representative must have access to the system 
operators, employees and employee representatives during the 
audit or inspection.
    During inspections, the Administrator or the duly-
designated representative must offer non-supervisory employees 
the opportunity to share, confidentially, information about the 
covered water system's compliance or non-compliance. An 
employee representative, if any, also must have the opportunity 
to accompany the Administrator or the Administrator's duly-
designated representative during inspections if the owner or 
operator is accompanying the Administrator or the duly-
designated representative. If the covered water system does not 
have an employee representative, a non-supervisory employee 
also must have the opportunity to accompany the Administrator 
or the Administrator's duly-designated representative during 
inspections if a representative from the covered water system 
is accompanying the Administrator or the Administrator's duly-
designated representative. The Committee believes that the 
Administrator or the Administrator's duly-designated 
representative should be free to conduct parts of the 
inspections unaccompanied, if desired.
            Subsection (l). Protection of information
    ``Protected information'' includes vulnerability 
assessments and site security plans and portions of other 
security-related documents, records, orders, notices, and 
letters that would be detrimental to the security of one or 
more covered water systems if disclosed and are developed for 
the purposes of this section. Protected information does not 
include information that is required to be made publicly 
available under any other law; information that a covered water 
system has lawfully disclosed elsewhere; and other information 
that, if disclosed, would not be detrimental to the security of 
one or more covered water systems.
    This subsection exempts protected information from 
disclosure under the Freedom of Information Act and state, 
local and tribal information disclosure laws. The Committee 
intends for the exemption under state, local and tribal 
information disclosure laws to be equivalent to the exemption 
from the federal Freedom of Information Act, despite 
differences in drafting.
    This subsection also requires the Administrator to 
promulgate by regulation standards for sharing protected 
information with and between state and local governments, first 
responders, employees, employee representatives, and others 
with security responsibilities at the covered water system. 
These standards also must include procedures for sharing with 
employees and their representatives, if any, those portions of 
a covered water system's vulnerability assessment and site 
security plan that relate to the roles and responsibilities of 
those employees. The Committee intends for this to include the 
assessment conducted under subsection (g).
    Protected information cannot be shared except in accordance 
with these standards. Any person who purposefully publishes, 
divulges, discloses, or makes known protected information in 
any manner or to any extent not authorized by these standards 
can face criminal penalties and, in the case of federal 
employees, may face loss of employment.
    In judicial or administrative proceedings, protected 
information will be treated similarly to Sensitive Security 
Information to protect it from public disclosure.
    Nothing in this section relieves a covered water system 
from complying with other laws, including laws requiring 
disclosure of information to federal, state, or local 
governments or other persons, except as stated in subsection 
(h). Nothing in this section may prevent a federal, state, or 
local government from protecting and disclosing information 
that it obtains from a covered water system as authorized by 
another law.
    Nothing in this section authorizes the withholding of 
information from Congress. The Committee intends for EPA to 
provide members of Congress with protected information, upon 
request.
    The Committee observes that on May 27, 2009, the President 
issued the Memorandum for the Heads of Executive Departments 
and Agencies on Classified Information and Controlled 
Unclassified Information (CUI), which creates an interagency 
task force on CUI. This task force is in the process of 
developing a framework for the sharing of CUI, taking into 
consideration the value of standardizing the procedures for 
designating, marking, and handling all sensitive but 
unclassified information; a presumption in favor of openness; 
and the need to prevent the public disclosure of information 
where disclosure would compromise privacy, security or other 
legitimate interests. The Committee does not intend for this 
section to obstruct the President's efforts to develop a CUI 
information sharing environment or to preclude the President 
from incorporating EPA's information protection regime into 
this CUI framework at a future date.
            Subsection (m). Relation to chemical security requirements
    Public water systems are exempt from regulation under the 
Department of Homeland Security Chemical Facility Anti-
Terrorism Standards (CFATS).
            Subsection (n). Preemption
    States and political subdivisions thereof can enact 
security standards for drinking water systems that are more 
stringent than provided in this section.
            Subsection (o). Violations
    For a covered water system that violates any requirement of 
this section, the Administrator can issue an order assessing an 
administrative penalty or commence a civil action in district 
court. Civil penalties cannot exceed $25,000 per day. With 
regard to ``methods to reduce,'' EPA's enforcement authority is 
limited to the terms detailed in subsection (g).
            Subsection (p). Report to congress
    The Administrator must produce a report to Congress no 
later than 3 years after the effective date of the regulations 
promulgated under this section and every 3 years thereafter. 
The report will be publicly available.
            Subsection (q). Grant programs
    This subsection requires the Administrator to award grants 
to, or enter into cooperative agreements with, states to assist 
these states in implementing this section; to award grants to, 
or enter into cooperative agreements with, non-profit 
organizations to provide research, training, and technical 
assistance to covered water systems; and to award grants to, or 
enter into cooperative agreements with, covered water systems 
to assist these systems in preparing and implementing 
assessments and plans and implementing methods to reduce the 
consequences of an intentional act. This subsection also 
requires the Administrator to establish a grants program to 
award grants for the training of employees and first 
responders.
    The Administrator, when awarding grants or entering into 
cooperative agreements to assist systems in assessing and 
implementing methods to reduce the consequences of an 
intentional act, must give priority to covered water systems 
that pose the greatest security risk. The Administrator, when 
awarding grants or entering into cooperative agreements to 
assist systems in preparing and updating vulnerability 
assessments, site security plans and emergency response plans, 
must give priority to covered water systems that have the 
greatest need.
            Subsection (r). Authorization of appropriations
    This subsection authorizes $315 million for FY2011, 
including $30 million for administrative costs incurred by the 
Administrator or states and $125 million for implementation of 
methods to reduce. This subsection authorizes such sums as may 
be necessary for FY2012 through FY2015.
    Funding for security enhancements shall not be used for 
expenditures for personnel costs, or monitoring, operation, or 
maintenance of facilities, equipment, or systems.
            Section (b). Regulations; transition
    This section requires the Administrator to promulgate 
regulations within 2 years after the enactment of this bill. 
The bill also ensures that the current section 1433 of SDWA and 
its accompanying regulations apply until the effective date of 
the new regulations. Nothing in this section affects the 
authority of the Administrator to initiate or complete 
enforcement action for violations of the current section 1433 
of SDWA occurring before such effective date.

         Changes in Existing Law Made by the Bill, as Reported

  In compliance with clause 3(e) of rule XIII of the Rules of 
the House of Representatives, changes in existing law made by 
the bill, as reported, are shown as follows (existing law 
proposed to be omitted is enclosed in black brackets, new 
matter is printed in italic, existing law in which no change is 
proposed is shown in roman):

                        SAFE DRINKING WATER ACT


               TITLE XIV--SAFETY OF PUBLIC WATER SYSTEMS


                              SHORT TITLE

  Sec. 1400. This title may be cited as the ``Safe Drinking 
Water Act''.

           *       *       *       *       *       *       *


Part D--Emergency Powers

           *       *       *       *       *       *       *



[SEC. 1433. TERRORIST AND OTHER INTENTIONAL ACTS.

  [(a) Vulnerability Assessments.--(1) Each community water 
system serving a population of greater than 3,300 persons shall 
conduct an assessment of the vulnerability of its system to a 
terrorist attack or other intentional acts intended to 
substantially disrupt the ability of the system to provide a 
safe and reliable supply of drinking water. The vulnerability 
assessment shall include, but not be limited to, a review of 
pipes and constructed conveyances, physical barriers, water 
collection, pretreatment, treatment, storage and distribution 
facilities, electronic, computer or other automated systems 
which are utilized by the public water system, the use, 
storage, or handling of various chemicals, and the operation 
and maintenance of such system. The Administrator, not later 
than August 1, 2002, after consultation with appropriate 
departments and agencies of the Federal Government and with 
State and local governments, shall provide baseline information 
to community water systems required to conduct vulnerability 
assessments regarding which kinds of terrorist attacks or other 
intentional acts are the probable threats to--
          [(A) substantially disrupt the ability of the system 
        to provide a safe and reliable supply of drinking 
        water; or
          [(B) otherwise present significant public health 
        concerns.
  [(2) Each community water system referred to in paragraph (1) 
shall certify to the Administrator that the system has 
conducted an assessment complying with paragraph (1) and shall 
submit to the Administrator a written copy of the assessment. 
Such certification and submission shall be made prior to:
          [(A) March 31, 2003, in the case of systems serving a 
        population of 100,000 or more.
          [(B) December 31, 2003, in the case of systems 
        serving a population of 50,000 or more but less than 
        100,000.
          [(C) June 30, 2004, in the case of systems serving a 
        population greater than 3,300 but less than 50,000.
  [(3) Except for information contained in a certification 
under this subsection identifying the system submitting the 
certification and the date of the certification, all 
information provided to the Administrator under this subsection 
and all information derived therefrom shall be exempt from 
disclosure under section 552 of title 5 of the United States 
Code.
  [(4) No community water system shall be required under State 
or local law to provide an assessment described in this section 
to any State, regional, or local governmental entity solely by 
reason of the requirement set forth in paragraph (2) that the 
system submit such assessment to the Administrator.
  [(5) Not later than November 30, 2002, the Administrator, in 
consultation with appropriate Federal law enforcement and 
intelligence officials, shall develop such protocols as may be 
necessary to protect the copies of the assessments required to 
be submitted under this subsection (and the information 
contained therein) from unauthorized disclosure. Such protocols 
shall ensure that--
          [(A) each copy of such assessment, and all 
        information contained in or derived from the 
        assessment, is kept in a secure location;
          [(B) only individuals designated by the Administrator 
        may have access to the copies of the assessments; and
          [(C) no copy of an assessment, or part of an 
        assessment, or information contained in or derived from 
        an assessment shall be available to anyone other than 
        an individual designated by the Administrator.
At the earliest possible time prior to November 30, 2002, the 
Administrator shall complete the development of such protocols 
for the purpose of having them in place prior to receiving any 
vulnerability assessments from community water systems under 
this subsection.
  [(6)(A) Except as provided in subparagraph (B), any 
individual referred to in paragraph (5)(B) who acquires the 
assessment submitted under paragraph (2), or any reproduction 
of such assessment, or any information derived from such 
assessment, and who knowingly or recklessly reveals such 
assessment, reproduction, or information other than--
          [(i) to an individual designated by the Administrator 
        under paragraph (5),
          [(ii) for purposes of section 1445 or for actions 
        under section 1431, or
          [(iii) for use in any administrative or judicial 
        proceeding to impose a penalty for failure to comply 
        with this section,
shall upon conviction be imprisoned for not more than one year 
or fined in accordance with the provisions of chapter 227 of 
title 18, United States Code, applicable to class A 
misdemeanors, or both, and shall be removed from Federal office 
or employment.
  [(B) Notwithstanding subparagraph (A), an individual referred 
to in paragraph (5)(B) who is an officer or employee of the 
United States may discuss the contents of a vulnerability 
assessment submitted under this section with a State or local 
official.
  [(7) Nothing in this section authorizes any person to 
withhold any information from Congress or from any committee or 
subcommittee of Congress.
  [(b) Emergency Response Plan.--Each community water system 
serving a population greater than 3,300 shall prepare or 
revise, where necessary, an emergency response plan that 
incorporates the results of vulnerability assessments that have 
been completed. Each such community water system shall certify 
to the Administrator, as soon as reasonably possible after the 
enactment of this section, but not later than 6 months after 
the completion of the vulnerability assessment under subsection 
(a), that the system has completed such plan. The emergency 
response plan shall include, but not be limited to, plans, 
procedures, and identification of equipment that can be 
implemented or utilized in the event of a terrorist or other 
intentional attack on the public water system. The emergency 
response plan shall also include actions, procedures, and 
identification of equipment which can obviate or significantly 
lessen the impact of terrorist attacks or other intentional 
actions on the public health and the safety and supply of 
drinking water provided to communities and individuals. 
Community water systems shall, to the extent possible, 
coordinate with existing Local Emergency Planning Committees 
established under the Emergency Planning and Community Right-
to-Know Act (42 U.S.C. 11001 et seq.) when preparing or 
revising an emergency response plan under this subsection.
  [(c) Record Maintenance.--Each community water system shall 
maintain a copy of the emergency response plan completed 
pursuant to subsection (b) for 5 years after such plan has been 
certified to the Administrator under this section.
  [(d) Guidance to Small Public Water Systems.--The 
Administrator shall provide guidance to community water systems 
serving a population of less than 3,300 persons on how to 
conduct vulnerability assessments, prepare emergency response 
plans, and address threats from terrorist attacks or other 
intentional actions designed to disrupt the provision of safe 
drinking water or significantly affect the public health or 
significantly affect the safety or supply of drinking water 
provided to communities and individuals.
  [(e) Funding.--(1) There are authorized to be appropriated to 
carry out this section not more than $160,000,000 for the 
fiscal year 2002 and such sums as may be necessary for the 
fiscal years 2003 through 2005.
  [(2) The Administrator, in coordination with State and local 
governments, may use funds made available under paragraph (1) 
to provide financial assistance to community water systems for 
purposes of compliance with the requirements of subsections (a) 
and (b) and to community water systems for expenses and 
contracts designed to address basic security enhancements of 
critical importance and significant threats to public health 
and the supply of drinking water as determined by a 
vulnerability assessment conducted under subsection (a). Such 
basic security enhancements may include, but shall not be 
limited to the following:
          [(A) the purchase and installation of equipment for 
        detection of intruders;
          [(B) the purchase and installation of fencing, 
        gating, lighting, or security cameras;
          [(C) the tamper-proofing of manhole covers, fire 
        hydrants, and valve boxes;
          [(D) the rekeying of doors and locks;
          [(E) improvements to electronic, computer, or other 
        automated systems and remote security systems;
          [(F) participation in training programs, and the 
        purchase of training manuals and guidance materials, 
        relating to security against terrorist attacks;
          [(G) improvements in the use, storage, or handling of 
        various chemicals; and
          [(H) security screening of employees or contractor 
        support services.
Funding under this subsection for basic security enhancements 
shall not include expenditures for personnel costs, or 
monitoring, operation, or maintenance of facilities, equipment, 
or systems.
  [(3) The Administrator may use not more than $5,000,000 from 
the funds made available under paragraph (1) to make grants to 
community water systems to assist in responding to and 
alleviating any vulnerability to a terrorist attack or other 
intentional acts intended to substantially disrupt the ability 
of the system to provide a safe and reliable supply of drinking 
water (including sources of water for such systems) which the 
Administrator determines to present an immediate and urgent 
security need.
  [(4) The Administrator may use not more than $5,000,000 from 
the funds made available under paragraph (1) to make grants to 
community water systems serving a population of less than 3,300 
persons for activities and projects undertaken in accordance 
with the guidance provided to such systems under subsection 
(d).]

SEC. 1433. INTENTIONAL ACTS.

  (a) Risk-Based Performance Standards; Vulnerability 
Assessments; Site Security Plans; Emergency Response Plans.--
          (1) In general.--The Administrator shall issue 
        regulations--
                  (A) establishing risk-based performance 
                standards for the security of covered water 
                systems; and
                  (B) establishing requirements and deadlines 
                for each covered water system--
                          (i) to conduct a vulnerability 
                        assessment or, if the system already 
                        has a vulnerability assessment, to 
                        revise the assessment to be in 
                        accordance with this section;
                          (ii) to update the vulnerability 
                        assessment not less than every 5 years 
                        and promptly after any change at the 
                        system that could cause the 
                        reassignment of the system to a 
                        different risk-based tier under 
                        subsection (d);
                          (iii) to develop, implement, and, as 
                        appropriate, revise a site security 
                        plan not less than every 5 years and 
                        promptly after a revision to the 
                        vulnerability assessment;
                          (iv) to develop an emergency response 
                        plan (or, if the system has already 
                        developed an emergency response plan, 
                        to revise the plan to be in accordance 
                        with this section) and revise the plan 
                        not less than every 5 years thereafter; 
                        and
                          (v) to provide annual training to 
                        employees and contractor employees of 
                        covered water systems on implementing 
                        site security plans and emergency 
                        response plans.
          (2) Covered water systems.--For purposes of this 
        section, the term ``covered water system'' means a 
        public water system that--
                  (A) is a community water system serving a 
                population greater than 3,300; or
                  (B) in the discretion of the Administrator, 
                presents a security risk making regulation 
                under this section appropriate.
          (3) Consultation with state authorities.--In 
        developing and carrying out the regulations under 
        paragraph (1), the Administrator shall consult with 
        States exercising primary enforcement responsibility 
        for public water systems.
          (4) Consultation with other persons.--In developing 
        and carrying out the regulations under paragraph (1), 
        the Administrator shall consult with the Secretary of 
        Homeland Security, and, as appropriate, other persons 
        regarding--
                  (A) provision of threat-related and other 
                baseline information to covered water systems;
                  (B) designation of substances of concern;
                  (C) development of risk-based performance 
                standards;
                  (D) establishment of risk-based tiers and 
                process for the assignment of covered water 
                systems to risk-based tiers;
                  (E) process for the development and 
                evaluation of vulnerability assessments, site 
                security plans, and emergency response plans;
                  (F) treatment of protected information;
                  (G) security at co-managed drinking water and 
                wastewater facilities; and
                  (H) such other matters as the Administrator 
                determines necessary.
          (5) Substances of concern.--For purposes of this 
        section, the Administrator, in consultation with the 
        Secretary of Homeland Security--
                  (A) may designate any chemical substance as a 
                substance of concern;
                  (B) at the time any substance is designated 
                pursuant to subparagraph (A), shall establish 
                by rule a threshold quantity for the release or 
                theft of the substance, taking into account the 
                toxicity, reactivity, volatility, 
                dispersability, combustibility, and 
                flammability of the substance and the amount of 
                the substance that, as a result of a release, 
                is known to cause or may be reasonably 
                anticipated to cause death, injury, or serious 
                adverse effects to human health or the 
                environment; and
                  (C) in making such a designation, shall take 
                into account appendix A to part 27 of title 6, 
                Code of Federal Regulations (or any successor 
                regulations).
          (6) Baseline information.--The Administrator, after 
        consultation with appropriate departments and agencies 
        of the Federal Government and with State, local, and 
        tribal governments, shall, for purposes of facilitating 
        compliance with the requirements of this section, 
        promptly after the effective date of the regulations 
        under subsection (a)(1) and as appropriate thereafter, 
        provide baseline information to covered water systems 
        regarding which kinds of intentional acts are the 
        probable threats to--
                  (A) substantially disrupt the ability of the 
                system to provide a safe and reliable supply of 
                drinking water;
                  (B) cause the release of a substance of 
                concern at the covered water system; or
                  (C) cause the theft, misuse, or 
                misappropriation of a substance of concern.
  (b) Risk-Based Performance Standards.--The regulations under 
subsection (a)(1) shall set forth risk-based performance 
standards for site security plans required by this section. The 
standards shall be separate and, as appropriate, increasingly 
stringent based on the level of risk associated with the 
covered water system's risk-based tier assignment under 
subsection (d). In developing such standards, the Administrator 
shall take into account section 27.230 of title 6, Code of 
Federal Regulations (or any successor regulations).
  (c) Vulnerability Assessment.--The regulations under 
subsection (a)(1) shall require each covered water system to 
assess the system's vulnerability to a range of intentional 
acts, including an intentional act that results in a release of 
a substance of concern that is known to cause or may be 
reasonably anticipated to cause death, injury, or serious 
adverse effects to human health or the environment. At a 
minimum, the vulnerability assessment shall include a review 
of--
          (1) pipes and constructed conveyances;
          (2) physical barriers;
          (3) water collection, pretreatment, treatment, 
        storage, and distribution facilities, including fire 
        hydrants;
          (4) electronic, computer, and other automated systems 
        that are used by the covered water system;
          (5) the use, storage, or handling of various 
        chemicals, including substances of concern;
          (6) the operation and maintenance of the covered 
        water system; and
          (7) the covered water system's resiliency and ability 
        to ensure continuity of operations in the event of a 
        disruption caused by an intentional act.
  (d) Risk-Based Tiers.--The regulations under subsection 
(a)(1) shall provide for 4 risk-based tiers applicable to 
covered water systems, with tier one representing the highest 
degree of security risk.
          (1) Assignment of risk-based tiers.--
                  (A) Submission of information.--The 
                Administrator may require a covered water 
                system to submit information in order to 
                determine the appropriate risk-based tier for 
                the covered water system.
                  (B) Factors to consider.--The Administrator 
                shall assign (and reassign when appropriate) 
                each covered water system to one of the risk-
                based tiers established pursuant to this 
                subsection. In assigning a covered water system 
                to a risk-based tier, the Administrator shall 
                consider the potential consequences (such as 
                death, injury, or serious adverse effects to 
                human health, the environment, critical 
                infrastructure, national security, and the 
                national economy) from--
                          (i) an intentional act to cause a 
                        release, including a worst-case 
                        release, of a substance of concern at 
                        the covered water system;
                          (ii) an intentional act to introduce 
                        a contaminant into the drinking water 
                        supply or disrupt the safe and reliable 
                        supply of drinking water; and
                          (iii) an intentional act to steal, 
                        misappropriate, or misuse substances of 
                        concern.
          (2) Explanation for risk-based tier assignment.--The 
        Administrator shall provide each covered water system 
        assigned to a risk-based tier with the reasons for the 
        tier assignment and whether such system is required to 
        submit an assessment under subsection (g)(2).
  (e) Development and Implementation of Site Security Plans.--
The regulations under subsection (a)(1) shall permit each 
covered water system, in developing and implementing its site 
security plan required by this section, to select layered 
security and preparedness measures that, in combination, 
appropriately--
          (1) address the security risks identified in its 
        vulnerability assessment; and
          (2) comply with the applicable risk-based performance 
        standards required under this section.
  (f) Role of Employees.--
          (1) Description of role.--Site security plans and 
        emergency response plans required under this section 
        shall describe the appropriate roles or 
        responsibilities that employees and contractor 
        employees are expected to perform to deter or respond 
        to the intentional acts described in subsection 
        (d)(1)(B).
          (2) Training for employees.--Each covered water 
        system shall annually provide employees and contractor 
        employees with roles or responsibilities described in 
        paragraph (1) with a minimum of 8 hours of training on 
        carrying out those roles or responsibilities.
          (3) Employee participation.--In developing, revising, 
        or updating a vulnerability assessment, site security 
        plan, and emergency response plan required under this 
        section, a covered water system shall include--
                  (A) at least one supervisory and at least one 
                non-supervisory employee of the covered water 
                system; and
                  (B) at least one representative of each 
                certified or recognized bargaining agent 
                representing facility employees or contractor 
                employees with roles or responsibilities 
                described in paragraph (1), if any, in a 
                collective bargaining relationship with the 
                private or public owner or operator of the 
                system or with a contractor to that system.
  (g) Methods To Reduce the Consequences of a Chemical Release 
From an Intentional Act.--
          (1) Definition.--In this section, the term ``method 
        to reduce the consequences of a chemical release from 
        an intentional act'' means a measure at a covered water 
        system that reduces or eliminates the potential 
        consequences of a release of a substance of concern 
        from an intentional act such as--
                  (A) the elimination or reduction in the 
                amount of a substance of concern possessed or 
                planned to be possessed by a covered water 
                system through the use of alternate substances, 
                formulations, or processes;
                  (B) the modification of pressures, 
                temperatures, or concentrations of a substance 
                of concern; and
                  (C) the reduction or elimination of onsite 
                handling of a substance of concern through 
                improvement of inventory control or chemical 
                use efficiency.
          (2) Assessment.--For each covered water system that 
        possesses or plans to possess a substance of concern in 
        excess of the release threshold quantity set by the 
        Administrator under subsection (a)(5), the regulations 
        under subsection (a)(1) shall require the covered water 
        system to include in its site security plan an 
        assessment of methods to reduce the consequences of a 
        chemical release from an intentional act at the covered 
        water system. The covered water system shall provide 
        such assessment to the Administrator and the State 
        exercising primary enforcement responsibility for the 
        covered water system, if any. The regulations under 
        subsection (a)(1) shall require the system, in 
        preparing the assessment, to consider factors 
        appropriate to the system's security, public health, or 
        environmental mission, and include--
                  (A) a description of the methods to reduce 
                the consequences of a chemical release from an 
                intentional act;
                  (B) how each described method to reduce the 
                consequences of a chemical release from an 
                intentional act could, if applied, reduce the 
                potential extent of death, injury, or serious 
                adverse effects to human health resulting from 
                a chemical release;
                  (C) how each described method to reduce the 
                consequences of a chemical release from an 
                intentional act could, if applied, affect the 
                presence of contaminants in treated water, 
                human health, or the environment;
                  (D) whether each described method to reduce 
                the consequences of a chemical release from an 
                intentional act at the covered water system is 
                feasible, as defined in section 1412(b)(4)(D), 
                but not including cost calculations under 
                subparagraph (E);
                  (E) the costs (including capital and 
                operational costs) and avoided costs (including 
                savings and liabilities) associated with 
                applying each described method to reduce the 
                consequences of a chemical release from an 
                intentional act at the covered water system;
                  (F) any other relevant information that the 
                covered water system relied on in conducting 
                the assessment; and
                  (G) a statement of whether the covered water 
                system has implemented or plans to implement 
                one or more methods to reduce the consequences 
                of a chemical release from an intentional act, 
                a description of any such methods, and, in the 
                case of a covered water system described in 
                paragraph (3)(A), an explanation of the reasons 
                for any decision not to implement any such 
                methods.
          (3) Required methods.--
                  (A) Application.--This paragraph applies to a 
                covered water system--
                          (i) that is assigned to one of the 
                        two highest risk-based tiers under 
                        subsection (d); and
                          (ii) that possesses or plans to 
                        possess a substance of concern in 
                        excess of the release threshold 
                        quantity set by the Administrator under 
                        subsection (a)(5).
                  (B) Highest-risk systems.--If, on the basis 
                of its assessment under paragraph (2), a 
                covered water system described in subparagraph 
                (A) decides not to implement methods to reduce 
                the consequences of a chemical release from an 
                intentional act, the State exercising primary 
                enforcement responsibility for the covered 
                water system, if the system is located in such 
                a State, or the Administrator, if the covered 
                water system is not located in such a State, 
                shall, in accordance with a timeline set by the 
                Administrator--
                          (i) determine whether to require the 
                        covered water system to implement the 
                        methods; and
                          (ii) for States exercising primary 
                        enforcement responsibility, report such 
                        determination to the Administrator.
                  (C) State or administrator's 
                considerations.--Before requiring, pursuant to 
                subparagraph (B), the implementation of a 
                method to reduce the consequences of a chemical 
                release from an intentional act, the State 
                exercising primary enforcement responsibility 
                for the covered water system, if the system is 
                located in such a State, or the Administrator, 
                if the covered water system is not located in 
                such a State, shall consider factors 
                appropriate to the security, public health, and 
                environmental missions of covered water 
                systems, including an examination of whether 
                the method--
                          (i) would significantly reduce the 
                        risk of death, injury, or serious 
                        adverse effects to human health 
                        resulting directly from a chemical 
                        release from an intentional act at the 
                        covered water system;
                          (ii) would not increase the interim 
                        storage of a substance of concern by 
                        the covered water system;
                          (iii) would not render the covered 
                        water system unable to comply with 
                        other requirements of this Act or 
                        drinking water standards established by 
                        the State or political subdivision in 
                        which the system is located; and
                          (iv) is feasible, as defined in 
                        section 1412(b)(4)(D), to be 
                        incorporated into the operation of the 
                        covered water system.
                  (D) Appeal.--Before requiring, pursuant to 
                subparagraph (B), the implementation of a 
                method to reduce the consequences of a chemical 
                release from an intentional act, the State 
                exercising primary enforcement responsibility 
                for the covered water system, if the system is 
                located in such a State, or the Administrator, 
                if the covered water system is not located in 
                such a State, shall provide such covered water 
                system an opportunity to appeal the 
                determination to require such implementation 
                made pursuant to subparagraph (B) by such State 
                or the Administrator.
          (4) Incomplete or late assessments.--
                  (A) Incomplete assessments.--If the 
                Administrator finds that the covered water 
                system, in conducting its assessment under 
                paragraph (2), did not meet the requirements of 
                paragraph (2) and the applicable regulations, 
                the Administrator shall, after notifying the 
                covered water system and the State exercising 
                primary enforcement responsibility for that 
                system, if any, require the covered water 
                system to submit a revised assessment not later 
                than 60 days after the Administrator notifies 
                such system. The Administrator may require such 
                additional revisions as are necessary to ensure 
                that the system meets the requirements of 
                paragraph (2) and the applicable regulations.
                  (B) Late assessments.--If the Administrator 
                finds that a covered water system, in 
                conducting its assessment pursuant to paragraph 
                (2), did not complete such assessment in 
                accordance with the deadline set by the 
                Administrator, the Administrator may, after 
                notifying the covered water system and the 
                State exercising primary enforcement 
                responsibility for that system, if any, take 
                appropriate enforcement action under subsection 
                (o).
                  (C) Review.--The State exercising primary 
                enforcement responsibility for the covered 
                water system, if the system is located in such 
                a State, or the Administrator, if the system is 
                not located in such a State, shall review a 
                revised assessment that meets the requirements 
                of paragraph (2) and applicable regulations to 
                determine whether the covered water system will 
                be required to implement methods to reduce the 
                consequences of an intentional act pursuant to 
                paragraph (3).
          (5) Enforcement.--
                  (A) Failure by state to make determination.--
                Whenever the Administrator finds that a State 
                exercising primary enforcement responsibility 
                for a covered water system has failed to 
                determine whether to require the covered water 
                system to implement methods to reduce the 
                consequences of a chemical release from an 
                intentional act, as required by paragraph 
                (3)(B), the Administrator shall so notify the 
                State and covered water system. If, beyond the 
                thirtieth day after the Administrator's 
                notification under the preceding sentence, the 
                State has failed to make the determination 
                described in such sentence, the Administrator 
                shall so notify the State and covered water 
                system and shall determine whether to require 
                the covered water system to implement methods 
                to reduce the consequences of a chemical 
                release from an intentional act based on the 
                factors described in paragraph (3)(C).
                  (B) Failure by state to bring enforcement 
                action.--If the Administrator finds, with 
                respect to a period in which a State has 
                primary enforcement responsibility for a 
                covered water system, that the system has 
                failed to implement methods to reduce the 
                consequences of a chemical release from an 
                intentional act (as required by the State or 
                the Administrator under paragraph (3)(B) or the 
                Administrator under subparagraph (A)), the 
                Administrator shall so notify the State and the 
                covered water system. If, beyond the thirtieth 
                day after the Administrator's notification 
                under the preceding sentence, the State has not 
                commenced appropriate enforcement action, the 
                Administrator shall so notify the State and may 
                commence an enforcement action against the 
                system, including by seeking or imposing civil 
                penalties under subsection (o), to require 
                implementation of such methods.
                  (C) Consideration of continued primary 
                enforcement responsibility.--For a State with 
                primary enforcement responsibility for a 
                covered water system, the Administrator may 
                consider the failure of such State to make a 
                determination as described under subparagraph 
                (A) or to bring enforcement action as described 
                under subparagraph (B) when determining whether 
                a State may retain primary enforcement 
                responsibility under this Act.
          (6) Guidance for covered water systems assigned to 
        tier 3 and tier 4.--For covered water systems required 
        to conduct an assessment under paragraph (2) and 
        assigned by the Administrator to tier 3 or tier 4 under 
        subsection (d), the Administrator shall issue guidance 
        and, as appropriate, provide or recommend tools, 
        methodologies, or computer software, to assist such 
        covered water systems in complying with the 
        requirements of this section.
  (h) Review by Administrator.--
          (1) In general.--The regulations under subsection 
        (a)(1) shall require each covered water system to 
        submit its vulnerability assessment and site security 
        plan to the Administrator for review according to 
        deadlines set by the Administrator. The Administrator 
        shall review each vulnerability assessment and site 
        security plan submitted under this section and--
                  (A) if the assessment or plan has any 
                significant deficiency described in paragraph 
                (2), require the covered water system to 
                correct the deficiency; or
                  (B) approve such assessment or plan.
          (2) Significant deficiencies.--A vulnerability 
        assessment or site security plan of a covered water 
        system has a significant deficiency under this 
        subsection if the Administrator, in consultation, as 
        appropriate, with the State exercising primary 
        enforcement responsibility for such system, if any, 
        determines that--
                  (A) such assessment does not comply with the 
                regulations established under section (a)(1); 
                or
                  (B) such plan--
                          (i) fails to address vulnerabilities 
                        identified in a vulnerability 
                        assessment; or
                          (ii) fails to meet applicable risk-
                        based performance standards.
          (3) State, regional, or local governmental 
        entities.--No covered water system shall be required 
        under State, local, or tribal law to provide a 
        vulnerability assessment or site security plan 
        described in this section to any State, regional, 
        local, or tribal governmental entity solely by reason 
        of the requirement set forth in paragraph (1) that the 
        system submit such an assessment and plan to the 
        Administrator.
  (i) Emergency Response Plan.--
          (1) In general.--Each covered water system shall 
        prepare or revise, as appropriate, an emergency 
        response plan that incorporates the results of the 
        system's most current vulnerability assessment and site 
        security plan.
          (2) Certification.--Each covered water system shall 
        certify to the Administrator that the system has 
        completed an emergency response plan. The system shall 
        submit such certification to the Administrator not 
        later than 6 months after the system's first completion 
        or revision of a vulnerability assessment under this 
        section and shall submit an additional certification 
        following any update of the emergency response plan.
          (3) Contents.--A covered water system's emergency 
        response plan shall include--
                  (A) plans, procedures, and identification of 
                equipment that can be implemented or used in 
                the event of an intentional act at the covered 
                water system; and
                  (B) actions, procedures, and identification 
                of equipment that can obviate or significantly 
                lessen the impact of intentional acts on public 
                health and the safety and supply of drinking 
                water provided to communities and individuals.
          (4) Coordination.--As part of its emergency response 
        plan, each covered water system shall provide 
        appropriate information to any local emergency planning 
        committee, local law enforcement officials, and local 
        emergency response providers to ensure an effective, 
        collective response.
  (j) Maintenance of Records.--Each covered water system shall 
maintain an updated copy of its vulnerability assessment, site 
security plan, and emergency response plan.
  (k) Audit; Inspection.--
          (1) In general.--Notwithstanding section 1445(b)(2), 
        the Administrator, or duly designated representatives 
        of the Administrator, shall audit and inspect covered 
        water systems, as necessary, for purposes of 
        determining compliance with this section.
          (2) Access.--In conducting an audit or inspection of 
        a covered water system, the Administrator or duly 
        designated representatives of the Administrator, as 
        appropriate, shall have access to the owners, 
        operators, employees and contractor employees, and 
        employee representatives, if any, of such covered water 
        system.
          (3) Confidential communication of information; aiding 
        inspections.--The Administrator, or a duly designated 
        representative of the Administrator, shall offer non-
        supervisory employees of a covered water system the 
        opportunity confidentially to communicate information 
        relevant to the employer's compliance or noncompliance 
        with this section, including compliance or 
        noncompliance with any regulation or requirement 
        adopted by the Administrator in furtherance of the 
        purposes of this section. A representative of each 
        certified or recognized bargaining agent described in 
        subsection (f)(3)(B), if any, or, if none, a non-
        supervisory employee, shall be given an opportunity to 
        accompany the Administrator, or the duly designated 
        representative of the Administrator, during the 
        physical inspection of any covered water system for the 
        purpose of aiding such inspection, if representatives 
        of the covered water system will also be accompanying 
        the Administrator or the duly designated representative 
        of the Administrator on such inspection.
  (l) Protection of Information.--
          (1) Prohibition of public disclosure of protected 
        information.--Protected information shall--
                  (A) be exempt from disclosure under section 
                552 of title 5, United States Code; and
                  (B) not be made available pursuant to any 
                State, local, or tribal law requiring 
                disclosure of information or records.
          (2) Information sharing.--
                  (A) In general.--The Administrator shall 
                prescribe such regulations, and may issue such 
                orders, as necessary to prohibit the 
                unauthorized disclosure of protected 
                information, as described in paragraph (7).
                  (B) Sharing of protected information.--The 
                regulations under subparagraph (A) shall 
                provide standards for and facilitate the 
                appropriate sharing of protected information 
                with and between Federal, State, local, and 
                tribal authorities, first responders, law 
                enforcement officials, designated supervisory 
                and non-supervisory covered water system 
                personnel with security, operational, or 
                fiduciary responsibility for the system, and 
                designated facility employee representatives, 
                if any. Such standards shall include procedures 
                for the sharing of all portions of a covered 
                water system's vulnerability assessment and 
                site security plan relating to the roles and 
                responsibilities of system employees or 
                contractor employees under subsection (f)(1) 
                with a representative of each certified or 
                recognized bargaining agent representing such 
                employees, if any, or, if none, with at least 
                one supervisory and at least one non-
                supervisory employee with roles and 
                responsibilities under subsection (f)(1).
                  (C) Penalties.--Protected information, as 
                described in paragraph (7), shall not be shared 
                except in accordance with the standards 
                provided by the regulations under subparagraph 
                (A). Any person who purposefully publishes, 
                divulges, discloses, or makes known protected 
                information in any manner or to any extent not 
                authorized by the standards provided by the 
                regulations under subparagraph (A), shall, upon 
                conviction, be imprisoned for not more than one 
                year or fined in accordance with the provisions 
                of chapter 227 of title 18, United States Code, 
                applicable to class A misdemeanors, or both, 
                and, in the case of Federal employees or 
                officeholders, shall be removed from Federal 
                office or employment.
          (3) Treatment of information in adjudicative 
        proceedings.--In any judicial or administrative 
        proceeding, protected information, as described in 
        paragraph (7), shall be treated in a manner consistent 
        with the treatment of Sensitive Security Information 
        under section 525 of the Department of Homeland 
        Security Appropriations Act, 2007 (Public Law 109-295; 
        120 Stat. 1381).
          (4) Other obligations unaffected.--Except as provided 
        in subsection (h)(3), nothing in this section amends or 
        affects an obligation of a covered water system--
                  (A) to submit or make available information 
                to system employees, employee organizations, or 
                a Federal, State, tribal, or local government 
                agency under any other law; or
                  (B) to comply with any other law.
          (5) Congressional oversight.--Nothing in this section 
        permits or authorizes the withholding of information 
        from Congress or any committee or subcommittee thereof.
          (6) Disclosure of independently furnished 
        information.--Nothing in this section amends or affects 
        any authority or obligation of a Federal, State, local, 
        or tribal agency to protect or disclose any record or 
        information that the Federal, State, local, or tribal 
        agency obtains from a covered water system or the 
        Administrator under any other law.
          (7) Protected information.--
                  (A) In general.--For purposes of this 
                section, protected information is any of the 
                following:
                          (i) Vulnerability assessments and 
                        site security plans under this section, 
                        including any assessment developed 
                        pursuant to subsection (g)(2).
                          (ii) Documents directly related to 
                        the Administrator's review of 
                        assessments and plans described in 
                        clause (i) and, as applicable, the 
                        State's review of an assessment 
                        prepared under subsection (g)(2).
                          (iii) Documents directly related to 
                        inspections and audits under this 
                        section.
                          (iv) Orders, notices, or letters 
                        regarding the compliance of a covered 
                        water system with the requirements of 
                        this section.
                          (v) Information required to be 
                        provided to, or documents and records 
                        created by, the Administrator under 
                        subsection (d).
                          (vi) Documents directly related to 
                        security drills and training exercises, 
                        security threats and breaches of 
                        security, and maintenance, calibration, 
                        and testing of security equipment.
                          (vii) Other information, documents, 
                        and records developed exclusively for 
                        the purposes of this section that the 
                        Administrator determines would be 
                        detrimental to the security of one or 
                        more covered water systems if 
                        disclosed.
                  (B) Detriment requirement.--For purposes of 
                clauses (ii), (iii), (iv), (v), and (vi) of 
                subparagraph (A), the only portions of 
                documents, records, orders, notices, and 
                letters that shall be considered protected 
                information are those portions that--
                          (i) would be detrimental to the 
                        security of one or more covered water 
                        systems if disclosed; and
                          (ii) are developed by the 
                        Administrator, the State, or the 
                        covered water system for the purposes 
                        of this section.
                  (C) Exclusions.--For purposes of this 
                section, protected information does not 
                include--
                          (i) information that is otherwise 
                        publicly available, including 
                        information that is required to be made 
                        publicly available under any law;
                          (ii) information that a covered water 
                        system has lawfully disclosed other 
                        than in accordance with this section; 
                        and
                          (iii) information that, if disclosed, 
                        would not be detrimental to the 
                        security of one or more covered water 
                        systems, including aggregate regulatory 
                        data that the Administrator determines 
                        appropriate to describe system 
                        compliance with the requirements of 
                        this section and the Administrator's 
                        implementation of such requirements.
  (m) Relation to Chemical Facility Security Requirements.--The 
following provisions (and any regulations promulgated 
thereunder) shall not apply to any public water system subject 
to this Act:
          (1) Title XXI of the Homeland Security Act of 2002 
        (as proposed to be added by H.R. 2868, the Chemical 
        Facility Anti-Terrorism Act of 2009).
          (2) Section 550 of the Department of Homeland 
        Security Appropriations Act, 2007 (Public Law 109-295).
          (3) The Chemical Facility Anti-Terrorism Act of 2009.
  (n) Preemption.--This section does not preclude or deny the 
right of any State or political subdivision thereof to adopt or 
enforce any regulation, requirement, or standard of performance 
with respect to a covered water system that is more stringent 
than a regulation, requirement, or standard of performance 
under this section.
  (o) Violations.--
          (1) In general.--A covered water system that violates 
        any requirement of this section, including by not 
        implementing all or part of its site security plan by 
        such date as the Administrator requires, shall be 
        liable for a civil penalty of not more than $25,000 for 
        each day on which the violation occurs.
          (2) Procedure.--When the Administrator determines 
        that a covered water system is subject to a civil 
        penalty under paragraph (1), the Administrator, after 
        consultation with the State, for covered water systems 
        located in a State exercising primary responsibility 
        for the covered water system, and, after considering 
        the severity of the violation or deficiency and the 
        record of the covered water system in carrying out the 
        requirements of this section, may--
                  (A) after notice and an opportunity for the 
                covered water system to be heard, issue an 
                order assessing a civil penalty under such 
                paragraph for any past or current violation, 
                requiring compliance immediately or within a 
                specified time period; or
                  (B) commence a civil action in the United 
                States district court in the district in which 
                the violation occurred for appropriate relief, 
                including temporary or permanent injunction.
          (3) Methods to reduce the consequences of a chemical 
        release from an intentional act.--Except as provided in 
        subsections (g)(4) and (g)(5), if a covered water 
        system is located in a State exercising primary 
        enforcement responsibility for the system, the 
        Administrator may not issue an order or commence a 
        civil action under this section for any deficiency in 
        the content or implementation of the portion of the 
        system's site security plan relating to methods to 
        reduce the consequences of a chemical release from an 
        intentional act (as defined in subsection (g)(1)).
  (p) Report to Congress.--
          (1) Periodic report.--Not later than 3 years after 
        the effective date of the regulations under subsection 
        (a)(1), and every 3 years thereafter, the Administrator 
        shall transmit to the Committee on Energy and Commerce 
        of the House of Representatives and the Committee on 
        Environment and Public Works of the Senate a report on 
        progress in achieving compliance with this section. 
        Each such report shall include, at a minimum, the 
        following:
                  (A) A generalized summary of measures 
                implemented by covered water systems in order 
                to meet each risk-based performance standard 
                established by this section.
                  (B) A summary of how the covered water 
                systems, differentiated by risk-based tier 
                assignment, are complying with the requirements 
                of this section during the period covered by 
                the report and how the Administrator is 
                implementing and enforcing such requirements 
                during such period including--
                          (i) the number of public water 
                        systems that provided the Administrator 
                        with information pursuant to subsection 
                        (d)(1);
                          (ii) the number of covered water 
                        systems assigned to each risk-based 
                        tier;
                          (iii) the number of vulnerability 
                        assessments and site security plans 
                        submitted by covered water systems;
                          (iv) the number of vulnerability 
                        assessments and site security plans 
                        approved and disapproved by the 
                        Administrator;
                          (v) the number of covered water 
                        systems without approved vulnerability 
                        assessments or site security plans;
                          (vi) the number of covered water 
                        systems that have been assigned to a 
                        different risk-based tier due to 
                        implementation of a method to reduce 
                        the consequences of a chemical release 
                        from an intentional act and a 
                        description of the types of such 
                        implemented methods;
                          (vii) the number of audits and 
                        inspections conducted by the 
                        Administrator or duly designated 
                        representatives of the Administrator;
                          (viii) the number of orders for 
                        compliance issued by the Administrator;
                          (ix) the administrative penalties 
                        assessed by the Administrator for non-
                        compliance with the requirements of 
                        this section;
                          (x) the civil penalties assessed by 
                        courts for non-compliance with the 
                        requirements of this section; and
                          (xi) any other regulatory data the 
                        Administrator determines appropriate to 
                        describe covered water system 
                        compliance with the requirements of 
                        this section and the Administrator's 
                        implementation of such requirements.
          (2) Public availability.--A report submitted under 
        this section shall be made publicly available.
  (q) Grant Programs.--
          (1) Implementation grants to states.--The 
        Administrator may award grants to, or enter into 
        cooperative agreements with, States, based on an 
        allocation formula established by the Administrator, to 
        assist the States in implementing this section.
          (2) Research, training, and technical assistance 
        grants.--The Administrator may award grants to, or 
        enter into cooperative agreements with, non-profit 
        organizations to provide research, training, and 
        technical assistance to covered water systems to assist 
        them in carrying out their responsibilities under this 
        section.
          (3) Preparation grants.--
                  (A) Grants.--The Administrator may award 
                grants to, or enter into cooperative agreements 
                with, covered water systems to assist such 
                systems in--
                          (i) preparing and updating 
                        vulnerability assessments, site 
                        security plans, and emergency response 
                        plans;
                          (ii) assessing and implementing 
                        methods to reduce the consequences of a 
                        release of a substance of concern from 
                        an intentional act; and
                          (iii) implementing any other security 
                        reviews and enhancements necessary to 
                        comply with this section.
                  (B) Priority.--
                          (i) Need.--The Administrator, in 
                        awarding grants or entering into 
                        cooperative agreements for purposes 
                        described in subparagraph (A)(i), shall 
                        give priority to covered water systems 
                        that have the greatest need.
                          (ii) Security risk.--The 
                        Administrator, in awarding grants or 
                        entering into cooperative agreements 
                        for purposes described in subparagraph 
                        (A)(ii), shall give priority to covered 
                        water systems that pose the greatest 
                        security risk.
          (4) Worker training grants program authority.--
                  (A) In general.--The Administrator shall 
                establish a grant program to award grants to 
                eligible entities to provide for training and 
                education of employees and contractor employees 
                with roles or responsibilities described in 
                subsection (f)(1) and first responders and 
                emergency response providers who would respond 
                to an intentional act at a covered water 
                system.
                  (B) Administration.--The Administrator shall 
                enter into an agreement with the National 
                Institute of Environmental Health Sciences to 
                make and administer grants under this 
                paragraph.
                  (C) Use of funds.--The recipient of a grant 
                under this paragraph shall use the grant to 
                provide for--
                          (i) training and education of 
                        employees and contractor employees with 
                        roles or responsibilities described in 
                        subsection (f)(1), including the annual 
                        mandatory training specified in 
                        subsection (f)(2) or training for first 
                        responders in protecting nearby 
                        persons, property, or the environment 
                        from the effects of a release of a 
                        substance of concern at the covered 
                        water system, with priority given to 
                        covered water systems assigned to tier 
                        one or tier two under subsection (d); 
                        and
                          (ii) appropriate training for first 
                        responders and emergency response 
                        providers who would respond to an 
                        intentional act at a covered water 
                        system.
                  (D) Eligible entities.--For purposes of this 
                paragraph, an eligible entity is a nonprofit 
                organization with demonstrated experience in 
                implementing and operating successful worker or 
                first responder health and safety or security 
                training programs.
  (r) Authorization of Appropriations.--
          (1) In general.--To carry out this section, there are 
        authorized to be appropriated--
                  (A) $315,000,000 for fiscal year 2011, of 
                which up to--
                          (i) $30,000,000 may be used for 
                        administrative costs incurred by the 
                        Administrator or the States, as 
                        appropriate; and
                          (ii) $125,000,000 may be used to 
                        implement methods to reduce the 
                        consequences of a chemical release from 
                        an intentional act at covered water 
                        systems with priority given to covered 
                        water systems assigned to tier one or 
                        tier two under subsection (d); and
                  (B) such sums as may be necessary for fiscal 
                years 2012 through 2015.
          (2) Security enhancements.--Funding under this 
        subsection for basic security enhancements shall not 
        include expenditures for personnel costs or monitoring, 
        operation, or maintenance of facilities, equipment, or 
        systems.

           *       *       *       *       *       *       *


                            DISSENTING VIEWS

    We, the undersigned Members of the Committee on Energy and 
Commerce oppose the passage of H.R. 3258 and submit the 
following comments to express our significant concerns with 
this legislation.
    In early 2002, Congress enacted the Public Health Security 
and Bioterrorism Preparedness and Response Act (P.L. 107-188). 
Title IV of this Act amended the Safe Drinking Water Act to 
require community water systems serving more than 3,300 people 
to perform site vulnerability assessments and develop emergency 
response plans. Under that legislation, vulnerability 
assessments were required to be conducted and submitted to the 
U.S. Environmental Protection Agency (EPA) by community 
(drinking) water systems providing water to more than 3,300 
persons; the required emergency response plans did not need to 
be sent to EPA. In addition, community water facilities were 
provided some federal funding to aid in assessing and 
addressing of their critical vulnerabilities. Finally, this law 
contains very strict information protection requirements which 
include mandatory loss of employment for federal personnel 
disclosing sensitive information regarding a water facility's 
vulnerabilities.
    Following enactment of Title IV in 2002, drinking water 
systems across the country took serious steps to prepare 
against chemical, biological, and radiological threats that 
would be posed by a terrorist event. The result has been that 
not a single terrorism event has occurred at a community 
drinking water system since then.
    While we think it is reasonable to have updates of the 
vulnerability assessments, site security plans, and reviews of 
emergency response plans, we are not reassured that EPA's 
existing track record of success for this program will be 
continued or enhanced under the provisions contained in H.R. 
3258.
    We consider protection of drinking water to be of paramount 
concern. While the effects from an explosion at a facility 
depend in part on the direction the wind is blowing, the 
provision of drinking water in a community reflects no such 
variable. Drinking water is supplied to homes and businesses 
for health and sanitary purposes. For this reason, we are 
concerned by efforts that move the drinking water security 
program at EPA away from the construct established by Title 
IV--with direct input and flexibility for local experts to 
adopt feasible solutions--to one that seeks to accomplish the 
goals of environmental advocacy groups under the guise of 
homeland security. We are especially concerned that H.R. 3258 
turns the focus of Title IV away from chemical, biological, and 
radiological contaminants and only focuses on chemical ones.
    In addition, we are extremely concerned about Section 2 
(new Section 1433(g)) of H.R. 3258, which requires an 
evaluation by drinking water facilities of Methods to Reduce 
the Consequence of a Terrorist Attack. This section forces the 
highest risk facilities, and others picked by the Administrator 
of EPA, to justify to EPA or their State drinking water 
regulator, if that State has primary enforcement of federal 
drinking water requirements, why they should not be forced to 
make process, input, or storage changes to their drinking water 
system.
    Exacerbating our concerns with these provisions are the 
remarks at the full committee markup by the Energy and 
Environment Subcommittee chairman, Mr. Markey, that this 
subsection was not about bolstering security. Our amendment 
that would require security to be a consideration when making a 
local water utility change its disinfection process was 
rejected by the Majority. If the Committee wanted to 
investigate drinking water disinfection efforts, that should be 
another debate on another day.
    Moreover, at an October 1, 2009, hearing before the Energy 
and Environment Subcommittee, testimony was received that 
inherently safer technology (IST)--the forerunner notion 
enshrined in proposed subsection 1443(g)--is hard to define and 
that experts have repeatedly testified before Congress that the 
government should not be in the business of mandating IST 
because of ``significant technical challenges that requires 
more research.'' Considering the implications of the 
requirements, the enforcement authority attendant to the 
requirements, the universe of unique and diversity facilities--
and their resources--and the public health and welfare issues 
that would be swept into this requirement, we are very 
concerned that such a mandate is contained in the bill. For 
this reason, we attempted to strike proposed subsection 
1433(g), but this amendment was rejected by the Majority.
    Finally, as it relates to our concerns with the provisions 
of proposed subsection 1433(g), no one should be under the 
impression that without this bill nothing is being done at 
these facilities. To the contrary, in addition to required 
compliance with the EPA's Risk Management program, the U.S. 
Occupational Safety and Health Administration's Process Safety 
Management standard, and the Emergency Planning and Community 
Right to Know Act; many facilities, without the benefit of a 
federal mandate, have voluntarily reduced their risks. These 
facilities did so because it made sense for many reasons, and 
these facilities could do it on their own timeline, minimizing 
risks to their workers, their plants, and the surrounding 
community.
    Further, we are keenly aware that drinking water treatment 
can be complex and is closely constrained by Safe Drinking 
Water Act (SDWA) regulations, production demands, and customer 
affordability. Evaluating changes to water treatment must be 
thoughtful and consider the effects those changes will have on 
the quality of water provided to consumers, and the 
sustainability of the treatment process over time and under 
adverse conditions. The evaluation must be technically 
transparent and fully consider all the alternatives available 
to the water system. An example that illustrates a robust and 
transparent technical approach is ``Selecting Disinfectants in 
a Security-Conscious Environment,'' a guide published by the 
American Water Works Association. This guide outlines a five 
step process beginning with assessing the current situation and 
ending in implementation of necessary actions; linkages to 
routinely used engineering tools, techniques, and references 
are provided for each step in the process. It also incorporates 
accepted risk communication principles throughout the 
evaluation process, and incorporates ties to existing EPA and 
DHS guidance where relevant.
    In addition to our objections to the bill described above, 
H.R. 3258 raises genuine national and homeland security 
concerns by rejecting security-enhancing provisions in favor of 
environmental law type standards in other areas, most notably 
information protection. H.R. 3258 changes existing information 
protection requirements instituted in Title IV and contained in 
Section 1433(a) of SDWA. Instead, H.R. 3258 adopts a public 
``right-to-know'' view that only documents and information 
specifically identified in the law should be included as 
protected, and the bill effectively leaves unprotected 
materials that may have security implications. We are further 
concerned that, unlike the chemical facility security 
legislation considered by our Committee, that proposed 
subsection 1433(l)(7)(B) allows certain sensitive materials to 
be released as long as it contains redactions of potentially 
seriously sensitive information. We question the need to even 
have amended versions of these items in the public domain. We 
do not underestimate the potential for such materials to be 
sought in discovery and compelled in litigation by people who 
wish us harm. For that reason, we are troubled by the 
legislation's conscious exclusion of certain materials from 
protection, allowing them to serve as terror ``blue-prints'' 
for the able.
    Most strikingly, H.R. 3258 places an extremely high bar on 
prosecution of improper disclosures of sensitive, protected 
information, and requires a showing that such information was 
divulged ``purposefully'' before penalties would apply. 
Specifically, H.R. 3258 repeals the ``knowingly or recklessly'' 
prosecution standard contained in SDWA Section 1433(a) and 
replaces it with a much higher prosecution standard to meet 
under the law--``purposefully''--when trying to penalize 
persons for disclosure of protected, sensitive information--we 
doubt that there are many scenarios, if any, in which sanctions 
could be enforced. The ``purposefully'' standard would not 
allow the United States to prosecute anyone who has been 
careless, negligent, or reckless with sensitive, protected 
information. At both subcommittee and full committee we offered 
to reinsert the well-established standard of ``knowingly or 
recklessly,'' each time being rejected by arguments that did 
not reflect an understanding of the provisions of the bill or 
an appreciation for what was at stake. We believe a deterrent 
of a strong penalty is only efficacious if it can actually be 
enforced. We are disappointed that the Majority did not share 
this paramount concern as well.
    Additionally, we are opposed to H.R. 3258's silence on 
citizen suit provisions, allowing any person to sue a drinking 
water facility under Section 1449 of SDWA and compel sensitive 
information on these plants through discovery. We do not 
understand how the Majority would try to make an effort to try 
and protect individual chemical plants from these suits because 
of potential problems, but leave drinking water systems exposed 
to this assault. It is no secret that terrorists hire lawyers, 
and DHS has testified to Congress that citizen suits may lead 
to the disclosure of sensitive information in these 
proceedings. We question why it is needed at all. We are 
disappointed that the Majority defeated amendments to bar this 
provision, unsympathetic to the potential unintended 
consequences it might engender.
    Finally, on the matter of preemption, proposed subsection 
1433(n) allows States and local governments to enact laws that 
are more ``stringent'' than the federal law. This is a new 
standard for a security program and one modeled after, but not 
identical to other provisions in SDWA on drinking water 
contaminant standards. We believe the EPA program should be a 
uniform, national standard which States and local governments 
should not disrupt. This is not a novel approach; it is already 
the case in nuclear, hazmat transportation, aviation, and port 
security programs where the federal government is the dominant 
regulator. Embracing a patchwork approach to national security, 
however, the Majority on the Committee voted against an 
amendment offered by the Minority that would have restricted 
States from enacting laws that pose obstacles to, hinder, or 
frustrate the purpose of this drinking water safety law. While 
it may be appropriate in many localized pollution cases to have 
State and local laws that are more stringent than the relevant 
federal environmental statutes, we cannot treat homeland 
security like a local problem relegated to one area or State.
    There are other provisions in this bill that give us pause, 
but they are secondary to the larger issues we have mentioned. 
Ultimately, we had hoped that because this bill relates to 
homeland security protection, long a bipartisan issue, that it 
would have been possible to reach a legislative compromise. We 
believe, however, that partisanship and misdirected ideology 
have left our committee reporting a bill that naively 
sacrifices sound, homeland security policy in the name of 
environmental goals.
    We will continue to fight the provisions we have identified 
above because they do not make us safer in defense of the 
country and people we have taken an oath to protect. Absent 
significant changes that balance real security with economic 
freedom; openness with firm, meaningful protections; and local 
flexibility with a strong, overarching framework; we must 
oppose this bill, as reported, and urge the Congress to do the 
same.
                                   Joe Barton,
                                           Ranking Member.
                                   Fred Upton.
                                   Greg Walden.
                                   Cliff Stearns.
                                   John Shimkus.
                                   George Radanovich.
                                   Ralph M. Hall.
                                   Ed Whitfield.
                                   Nathan Deal.
                                   Roy Blunt.
                                   Steve Buyer.
                                   Lee Terry.
                                   Joseph R. Pitts.
                                   Steve Scalise.
                                   John Shadegg.
                                   John Sullivan.
                                   Tim Murphy.
                                   Marsha Blackburn.
                                   Phil Gingrey.
                                   Michael Burgess.
                                   Sue Myrick.
                                   Mike Rogers.
                                   Mary Bono Mack.

                                  
