For other versions of this document, see http://wikileaks.org/wiki/CRS-RL31958 ------------------------------------------------------------------------------ Order Code RL31958 CRS Report for Congress Received through the CRS Web Chemical Facility Security: A Comparison of S. 157 and S. 994 June 11, 2003 Linda-Jo Schierow Specialist in Environmental Policy Resources, Science, and Industry Division Congressional Research Service ~ The Library of Congress Chemical Facility Security: A Comparison of S. 157 and S. 994 Summary The 108th Congress is considering legislation to reduce chemical facilities' vulnerability to acts of terrorism, so as to protect critical sectors of the U.S. infrastructure and reduce risks to public health and the environment. Competing bills, S. 994 and S. 157, have been introduced into the Senate. Both would require chemical facilities to conduct vulnerability assessments and develop and implement site security plans, but the approaches of the bills differ with respect to the chemicals and facilities covered, planning requirements, and mechanisms for federal and facility accountability. In addition, S. 157 would assign the lead responsibility to the U.S. Environmental Protection Agency (EPA), while S. 994 would give this role to the Department of Homeland Security (DHS). Both S. 157 and S. 994 would provide considerable discretionary authority to the lead agency to define the universe of regulated chemicals and facilities. The bills would initially include chemicals for which risk management plans are required under the Clean Air Act. From that list, S. 157 would exclude "liquified petroleum gas" that is used as fuel or held by a retail facility for sale as a fuel; S. 994 would exclude similar facilities using "flammable substances," as well as all federal facilities. S. 994, but not S. 157, would require the Secretary to consider cost and technical feasibility, and scale of operations in selecting facilities. With respect to planning, the emphasis of S. 994 is on enhancing the security of facilities against acts of terrorism, while S. 157 emphasizes lessening potential consequences of releases caused by criminal acts. S. 994 would require security measures, and identification of equipment, plans, and procedures that could be used to respond to a chemical release. S. 157 would require "to the extent practicable" (1) practices that reduce the possibility of a release and the associated threat to public health and the environment; (2) measures to contain, control, or mitigate a release; (3) buffer zones; and (4) security measures. S. 157 has numerous requirements for consultation, and would direct EPA to review each vulnerability assessment and security plan. S. 994 would not require submission to DHS of plans or assessments, except at the request of the Secretary, but the bill would direct the Secretary, "as appropriate," to ensure compliance. Information provided to the government would be protected from public disclosure under both bills, but only S. 994 preempts state and local disclosure laws. Both bills specify procedures that would allow owners and operators to prepare assessments or plans without reference to federal regulations, but only S. 157 requires federal review of facility-specific assessments and plans. Table 1 summarizes selected provisions of the two bills in a side-by-side format. For a broader discussion of the potential threat from, vulnerability to, and consequences of terrorist acts at chemical facilities, and for summaries of other legislative proposals, see CRS Report RL31530, Chemical Plant Security. This report will be updated as events warrant. Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 S. 157, the Chemical Security Act . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 S. 994, the Chemical Facilities Security Act . . . . . . . . . . . . . . . . . . . . . 2 Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Chemicals and facilities covered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Planning requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Accountability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 List of Tables Table 1. Comparison of Selected Provisions of S. 157 and S. 994 in the 108th Congress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Chemical Facility Security: A Comparison of S. 157 and S. 994 Introduction Facilities that handle large quantities of very hazardous chemicals may be attractive targets for terrorists. In the event of a terrorist attack on, or theft from, such facilities, release of such chemicals could threaten public health and the environment. In addition, many of these chemical facilities provide products or services that are strategically or economically critical to the U.S. infrastructure or public health. For a discussion of the potential threat from, vulnerability to, and consequences of terrorist acts at chemical facilities, see CRS Report RL31530, Chemical Plant Security. The 108th Congress is considering legislation to reduce chemical facilities' vulnerability to acts of terrorism, in order to protect critical sectors of the U.S. infrastructure (such as oil refineries, chemical plants, and electric utilities), and also to reduce risks of chemical releases to public health and the environment. Two bills with these goals, S. 994 and S. 157, have been introduced into the Senate. Both would require chemical facilities to conduct vulnerability assessments and develop and implement site security plans, but the approaches of the bills differ with respect to the chemicals and facilities covered, planning requirements, and mechanisms for federal and facility accountability. In addition, S. 994 would assign lead responsibility to the Department of Homeland Security (DHS), while S. 157 would give this role to the U.S. Environmental Protection Agency (EPA). This report describes the different approaches taken in the two bills and analyzes associated policy implications. It does not discuss the many minor differences between the two bills, which do not generally raise controversial policy issues. The report begins with overviews of the two bills, followed by the issue analysis. Table 1 summarizes selected provisions of the two bills in a side-by-side format. Other proposed legislation is discussed in the CRS report referenced above. Background S. 157, the Chemical Security Act. S. 157 was introduced January 14, 2003, by Senator Jon Corzine, and referred to the Committee on Environment and Public Works. The bill is similar to S. 1602, which was reported by the Committee on Environment and Public Works in the 107th Congress (S. Rpt. 107-342). S. 157 would direct the EPA, in consultation with DHS, to issue regulations designating "certain combinations of chemical sources and substances of concern" as high priority categories for oversight, based on the severity of potential harm in the event of a release; proximity to population centers; threats to national security; threats to critical infrastructure; threshold quantities of substances that pose a serious threat; CRS-2 and other safety or security factors that the Administrator of EPA, in consultation with the Secretary of DHS, determined to be appropriate.1 Owners and operators of listed facilities would be required to conduct vulnerability assessments; identify hazards; and prepare prevention, preparedness, and response plans to eliminate or significantly lessen the potential consequences of an unauthorized release. Each owner or operator of a regulated facility also would be required to certify in writing that the vulnerability assessment and plan had been completed, and the plan implemented. The bill would require facility owners and operators to submit to EPA copies of vulnerability assessments and plans, along with certifications, within 12 months of enactment of the Chemical Security Act for assessments, and 18 months for plans. Assessments, plans, and certifications would have to be updated periodically. S. 157 would direct EPA to review each assessment and plan, determine compliance, and certify that determination. Vulnerability assessments and plans would be protected from public disclosure under the Freedom of Information Act (FOIA). The bill also provides for early review and certification of assessments and plans that are submitted before EPA issues regulations. EPA would be authorized to issue compliance orders 30 days after either notifying a chemical source that its assessment or plan was inadequate, or first offering compliance assistance, if the plan were not revised to comply with EPA requirements. If DHS notified a chemical source that its plan or implementation was insufficient to address a threat of terrorist attack, and the chemical source failed to take adequate action in response to that notice, DHS would be authorized to secure necessary relief from a district court to abate the threat. S. 994, the Chemical Facilities Security Act. S. 994 was introduced May 5, 2003, by Senator James Inhofe, and referred to the Committee on Environment and Public Works. S. 994 would authorize the DHS to oversee security assessments and planning at selected chemical facilities. The Secretary would be directed to list, and may promulgate the list by regulation, chemical facilities that should be subject to regulation, based on: the likelihood that a facility will be the target of terrorism; nature and quantity of substances of concern present; potential extent of death, injury, or serious adverse effects to human health or the environment; potential harm to critical infrastructure and national security; cost and technical feasibility; scale of operations; and other security-related factors that the Secretary determines to be appropriate and necessary. S. 994 would require the Secretary to promulgate regulations directing owners and operators of listed facilities to conduct vulnerability assessments, identify hazards, and prepare security plans to reduce vulnerability to a terrorist release and to respond in the event of a release. Written certification of compliance would be required by DHS from each owner or operator on a schedule to be determined by the Secretary. Copies of vulnerability assessments and plans would be retained at facilities, but must be submitted to DHS on request, and updated periodically. 1 Both bills define `security measures" generally in terms of "hardening" the defenses of potential targets, using methods that detect adversary action, impede adversary progress, and respond to neutralize the threat. For more discussion of options for reducing risks, see CRS Report RL31530, Chemical Plant Security, pages 24-27. CRS-3 S. 994 would direct DHS to conduct, or require the conduct of, vulnerability assessments and other activities (including third-party audits) to evaluate and ensure compliance with promulgated regulations and procedures endorsed by rule. (Endorsements are discussed below.) Vulnerability assessments and plans would be protected from public disclosure under FOIA and state and local disclosure laws. Penalties are provided for unauthorized disclosure. The bill would authorize the Secretary to identify and endorse security measures that are substantially similar to any requirements promulgated by DHS. Endorsement would indicate compliance with assessment or planning requirements, if the endorsed assessment or security procedures were implemented. Any person could petition the Secretary for endorsement of existing procedures. If the Secretary chose not to endorse such procedures, the Secretary would have to provide written notice explaining why the petition was denied. Vulnerability assessments and response plans that were in accord with endorsed procedures would be exempt from other regulatory requirements. DHS would be authorized to disapprove any assessment or plan, and to order revision if it does not comply with regulations, or if the plan or implementation is insufficient to address the results of a vulnerability assessment or a threat of a terrorist release. The Secretary would be required to provide notice of disapproval explaining deficiencies, and to identify appropriate steps to achieve compliance. S. 994 would require the Secretary to issue a compliance order if a plan were disapproved, and compliance had not been achieved by a date determined by the Secretary to be appropriate. The bill also would authorize the Secretary to provide training relevant to the Chemical Facilities Security Act to state and local officials and facility owners or operators. Issues Although the two bills are similar in many ways, some differences raise significant policy issues. Selected issues are discussed in this section. Chemicals and facilities covered. Both S. 157 and S. 994 would provide considerable discretionary authority to the administering agency to define the universe of regulated chemicals and facilities. Both would have the lead agency begin by looking at the chemicals listed by EPA under the Clean Air Act (CAA), Section 112(r)(3). This list includes chlorine, anhydrous ammonia, methyl chloride, ethylene oxide, vinyl chloride, methyl isocyanate, hydrogen cyanide, ammonia, hydrogen sulfide, toluene diisocyanate, phosgene, bromine, anhydrous sulfur dioxide, and sulfur trioxide (all designated in the CAA), and other chemicals that have been determined by EPA to pose the greatest risks to human health or to the environment, based on three criteria: severity of potential acute adverse health effects, the likelihood of accidental releases, and the potential magnitude of human exposure. EPA has promulgated a list containing 77 acutely toxic substances, 63 flammable gases and volatile flammable liquids, and "high explosive substances" (59 Federal Register 4478, Jan. 31, 1994). Both bills would allow the list to be revised as necessary. CRS-4 S. 994 would exclude "flammable substances" that are used as fuel or held by a retail facility for sale as a fuel. Congress adopted this exclusion in a 1999 amendment to the CAA, primarily in response to complaints from propane retailers and users. They argued that the original CAA risk management planning requirements were redundant, given laws in 48 states requiring compliance with national safety standards established by the National Fire Protection Association (NFPA). Prior to the 1999 amendment, EPA argued that the CAA required it to list flammable and combustible liquids, other than gasoline, because they were involved in more than 128,000 reported accidental releases from 1987 through 1996, according to federal databases. However, Congress overrode EPA's objections. S. 994 maintains this exemption which covers facilities that store or use any flammable substance, including propane, butane, natural gas, acetylene, or proylene. S. 157 would adopt a narrower exclusion for "liquified petroleum gas" (propane or a mixture of propane and butane), when used as a fuel or held by a retail facility for sale as fuel. Thus, S. 157 would exempt from security requirements propane dealers and users, without exempting other facilities that might store or use other fuels. Another explicit difference between the bills is that S. 157 would include, and S. 994 would exempt, federal facilities from assessment and planning requirements. Federal facilities include headquarters, as well as regional facilities, such as military bases, federal penitentiaries, office buildings, and national laboratories. Finally, the bills differ with respect to the selection criteria the administrating officer is to use in listing or designating facilities for regulation. Both bills direct the government to consider severity of threat and severity of potential harm in designating facilities, but the bills appear to emphasize threats from different causes, as well as different consequences of chemical releases. The emphasis in S. 157 is on eliminating or significantly lessening potential consequences of "unauthorized" releases. An unauthorized release is defined as a release that is not authorized by the owner or operator of the facility and that is caused, at least in part, by a criminal act. On the other hand, S. 994 focuses on ensuring or enhancing the security of facilities against acts of terrorism.2 Thus, the final catch-all criterion in S. 994 is to consider "other security-related factors," while S. 157 requires considering "other safety or security factors." S. 994 includes criteria not mentioned in S. 157: cost and technical feasibility, and scale of operations. Since the purpose of the criteria, according to S. 994, Section 4(f)((3)(B), is to help the Secretary determine which facilities present "a risk sufficient to justify ... classification as a chemical source," inclusion of these criteria seems to imply that a "sufficient" risk under S. 994 would depend in part on the burden of reducing it. Although S. 157 does not incorporate these criteria, neither does it prohibit such consideration. Planning requirements. The different emphases of the bills (i.e., on reducing potential consequences of criminal acts, as in S. 157, vs. securing facilities from terrorists, as in S. 994) are reflected in their requirements for vulnerability assessments and planning. S. 157 requires an assessment of the vulnerability of the 2 For a definition of "security measures," see note 1. CRS-5 source to an unauthorized release, and preparation of a prevention, preparedness, and response plan. Required plan components are "actions and procedures, including safer design and maintenance,"aimed at reducing consequences to public health and the environment. The bill defines "safer design and maintenance" as "implementation, to the extent practicable" of (1) practices that reduce the possibility of a release and the associated threat to public health and the environment (i.e., so- called "inherently safer technologies"); (2) measures that contain, control, or mitigate a release; (3) buffer zones; and (4) security measures. S. 994 requires an assessment of the vulnerability of the source to a terrorist release, and a site security plan that includes security measures and equipment, plans and procedures to respond in the event of a terrorist release, but it does not require implementation of buffer zones or inherently safer technologies. Accountability. As mentioned previously, both S. 157 and S. 994 provide considerable discretionary authority to the EPA Administrator and the DHS Secretary, respectively. Within broad guidelines, they may choose which facilities to regulate, which substances are of concern, threshold levels of chemicals that pose a significant threat, and appropriate levels of vulnerability analysis and security planning. The general advantage of executive discretion is the flexibility it allows the decision maker to efficiently adjust a program to accommodate new information or unusual circumstances. Another possible benefit is that sensitive information about facility security, as well as confidential business information, might be protected more effectively, if agencies are not obligated to publicly defend their decisions. A possible disadvantage is that Congress, and the general public, may find it more difficult to oversee and evaluate agency performance, due to a lack of specific statutory requirements to which the agency can be held accountable, as well as lack of access to decision-making processes. Several bill provisions that might open decision-making processes to public scrutiny, or otherwise provide some independent assurance that the purposes of the bills would be achieved, are described below. Agency consultation and certification. S. 157 has numerous requirements for consultation. The EPA Administrator is directed at key decision points to consult with the DHS Secretary. When designating high-priority facilities, the Administrator also must consult with state and local agencies responsible for planning for, and responding to, releases, and providing emergency health care. The Administrator must consult with all of those groups, as well as the Chemical Safety and Hazard Investigation Board [established under the CAA Section 112(r)], when promulgating regulations requiring vulnerability assessments and security planning. After facility assessments and plans have been submitted to EPA and reviewed, the Administrator must certify in writing the Administrator's determination as to whether each assessment and plan complies with regulations. S. 157 also requires facility owners and operators to work with local law enforcement, first responders, and employees of facilities when assessing vulnerability and preparing the security plan. S. 994 does not require the Secretary to consult or certify determinations about individual facilities, but the bill does authorize the Secretary to request technical and analytical support (other than field work) from other agencies and to reimburse such agencies as appropriate. CRS-6 Facility submissions. S. 157 would require all owners and operators of chemical facilities identified by EPA regulations to submit completed vulnerability assessments and security plans to EPA before deadlines established by statute. Furthermore, owners and operators must certify in writing that assessments and plans comply with EPA regulations, and must submit such certifications to EPA. S. 994 does not require submission to DHS of plans or assessments, except at the request of the Secretary. It does, however, require owners and operators of listed facilities to certify to the Secretary in writing their compliance with DHS regulations. The Secretary is required to promulgate deadlines for certification. Neither bill would protect these self-certification documents from public disclosure. Third-party audit. S. 994 would require the Secretary, "as appropriate," to conduct, or require to be conducted, vulnerability assessments and other activities (including third-party audits) to evaluate compliance with the Chemical Facilities Security Act. Third-party audits are inspections of facilities, assessments, and/or plans conducted by an uninterested, but expert party. S. 157 has no similar provision. Early compliance/Endorsement. Both bills provide procedures that would allow facility owners and operators to prepare vulnerability assessments or security plans without reference to federal regulations, if such assessments or plans met certain criteria. Three key differences exist between the provisions of S. 157 and S. 994. ! S. 157 would authorize approval of plans and assessments submitted prior to promulgation of final regulations, while S. 994 would allow approval of plans and assessments no matter when they were produced, as long as they were in accord with endorsed model practices. ! S. 157 would require the Administrator to review and approve or reject facility plans and assessments on a case-by-case basis, while S. 994 would authorize approval or rejection of model security practices (e.g., perhaps the vulnerability assessment methodology established by the American Chemistry Council, a trade group for chemical manufacturers, for its members), and de facto approval of all facility plans and assessments that are in accord with those models. ! S. 157 specifies procedural and substantive standards that facility owners or operators would have to meet, while S. 994 directs the Secretary to accept security measures that the Secretary finds substantially equivalent to whatever requirements the Secretary might choose to promulgate. S. 157 would direct the Administrator to review assessments and plans that facility owners or operators submit prior to publication of final EPA regulations. If the Administrator, in consultation with the Secretary, determined that an assessment or plan met the consultation, planning, and assessment requirements for high-priority facilities that are specified in Section 4(a)(3) of the Act, the Administrator would be required to certify compliance without requiring any revision of the assessment or plan. Section 4(a)(3) would require owners or operators of facilities to: (1) consult with local first responders and employees in assessing vulnerability of the source to a terrorist attack or other unauthorized release; identifying hazards that may result from release; and preparing a prevention, preparedness, and response plan; and (2) include in the plan actions and procedures, to eliminate or significantly lessen the CRS-7 potential consequences of an unauthorized release, including "implementation, to the extent practicable," of any technology, product, raw material, or practice that reduces the possibility of a release prior to secondary containment, control, or mitigation; well-maintained secondary containment, control, or mitigation equipment; security measures; and buffer zones. S. 994 would not require facility owners or operators to submit assessments or plans to the Secretary. Rather, the bill would authorize the Secretary to promulgate regulations endorsing certain security practices as being in compliance with the law. S. 994 would authorize any person to petition the Secretary for endorsement of procedures, protocols, and standards established by law, industry, or federal, state, or local government authorities. The Secretary would be authorized to endorse such measures, if they are implemented, and if the Secretary finds them "substantially equivalent" to any requirements the Secretary may establish. S. 994 directs the Secretary to provide to each petitioner a written notice and explanation, if the Secretary chooses not to endorse the petitioner's security measures. The bill would exempt from other regulatory requirements any vulnerability assessments and plans that are in accord with endorsed security measures. The intent of S. 157, it appears, is to ensure, through EPA oversight, the quality of vulnerability assessments and security planning at individual facilities. Quality is likely to come at the price of considerable EPA resources, however, because there may be thousands of facility assessments and plans submitted before EPA issues regulations. On the other hand, facility owners and operators may fear that under the provisions of S. 157, their early planning efforts might be in vain, if EPA later decides to reject their facility plans; that fear might cause owners and operators to delay assessments and planning until EPA's final regulations take effect, thus defeating the purpose of the "early compliance" provision. In contrast, S. 994 would minimize the paperwork burden, and might provide assurance to facility owners and operators that their facility assessments and plans, if prepared in accord with established governmental or industrial guidance, will be acceptable to DHS. However, S. 994 provides limited means for reassuring the public that individual facility plans and assessments are adequate for security needs. This potential problem might be resolved by the Secretary, however, for example, if the Secretary promulgated rules requiring submission of copies of facility plans or required third-party audits. Disclosure. Both bills would prevent public disclosure under FOIA of any information provided to EPA or DHS, except the self-certification of compliance submitted by facility owners and operators. S. 994 has several additional provisions to prevent disclosure of information. First, it would preempt state and local laws that require disclosure. Secondly, S. 994 would require (with some exceptions) punishment of anyone who "knowingly or recklessly" disclosed protected information ­ removal from federal employment or office, and either imprisonment for up to one year, a fine, or both. A third provision would prevent public disclosure of the Secretary's disapproval of an assessment or plan. Finally, S. 994 would require all information obtained or submitted by the Secretary to be treated in any judicial or administrative action as if it were classified. CRS-8 These provisions of S. 994 might make it difficult for terrorists to obtain useful information about the vulnerability or security arrangements of chemical facilities. On the other hand, the same provisions may make it difficult for U.S. citizens to learn about risks to which they might be exposed, and prevent informed public involvement in federal, state, and local policy development and contingency planning with respect to such risks. Conclusion S. 157 and S. 994 are similar in that both bills would require chemical facilities to conduct vulnerability assessments and develop and implement site security plans. In addition, both bills provide the federal lead agency with considerable discretionary authority in selecting facilities and chemicals for regulation. The bills differ in the extent to which federal (congressional and agency) and public oversight would be facilitated. S. 157 generally provides more opportunities for oversight and informed public policy development and contingency planning, while S. 994 is more protective of sensitive information so as to avoid facilitating terrorist acts. The bills also address somewhat different threats (i.e., criminal acts vs. terrorist acts) and prescribe different approaches to reduce risks: S. 994 would mandate planning and implementation to ensure plant security and adequate resources to respond to any emergency, while S. 157 would require (to the extent practicable) actions and procedures to reduce the potential for harm, in the event of a chemical release, in addition to security and emergency preparedness measures. CRS-9 Table 1. Comparison of Selected Provisions of S. 157 and S. 994 in the 108th Congress Chemical Facilities Security Provision Chemical Security Act (S. 157) Act (S. 994) Lead agency Environmental Protection Agency Department of Homeland (EPA) Security (DHS) Regulated facilities Stationary sources when coupled Non-federal, stationary sources with certain substances that the that: are regulated by EPA under Administrator designates as high the Clean Air Act (CAA) priority categories. Requires the §112(r)(7)(B)(ii);3 contain Administrator to designate such regulated substances; and are combinations of chemical sources listed4 by the Secretary. Requires and substances of concern within the Secretary to list chemical one year of the date of enactment sources within 180 days after the of the Chemical Security Act. The date of enactment of the Administrator must review and Chemical Facilities Security Act. revise the designations as needed Within 3 years after the date of within 5 years after the date of promulgation of regulations, and promulgation. every 3 years thereafter, the [§4(a)(1)] Secretary must review and update the list of regulated facilities as appropriate. [§3(1); §4(f)] Regulated substances Substances listed by the EPA Substances listed by the EPA under the CAA§112(r)(3) (other under the CAA §112(r)(3) (other than liquified petroleum gas used than flammable substances used as fuel), as well as other as fuel) that are present at substances that the Administrator regulated facilities in quantities designates, together with certain greater than or equal to threshold stationary sources, as high quantities established by EPA priority. Requires the under the CAA§112(r)(5). The Administrator to designate such Secretary may exempt a combinations of chemical sources substance or adjust the threshold and substances of concern within quantity. The Secretary also may one year of the date of enactment designate additional substances of this Act. [§3(3); §3(9); for regulation. [§3(8); §4(g)] §4(a)(1); §4(a)(5)] 3 The CAA§112(r) directs EPA to require risk management planning by facilities handling more than threshold amounts of listed chemicals. EPA lists chemicals under subsection 112(r)(3), sets thresholds under subsection 112(r)(5), and requires hazard assessments and planning to prevent and respond to accidental releases of chemicals under subsection 112(r)(7)(B)(ii). 4 Due to the bill's syntax ("... the Secretary develop a list ..."), it is not clear from S. 994, Section 4(f)(1) whether the Secretary is required or only authorized to develop this list, although the inclusion of a deadline ­ "Not later than 180 days after the enactment of Chemical Facilities Security Act" ­ implies a mandate. CRS-10 Chemical Facilities Security Provision Chemical Security Act (S. 157) Act (S. 994) Basis for selecting Requires the Administrator to Requires the Secretary to substances and designate combinations of designate substances of concern facilities for chemical sources and substances based on "the potential extent of regulation of concern based on "severity of death, injury, or serious adverse the threat posed by an effects to human health or the unauthorized release from the environment that would result chemical sources." Requires from a terrorist release." consideration of: severity of Chemical sources are selected potential harm; proximity to based on: consideration of population centers; threats to likelihood that a chemical source national security; threats to will be the target of terrorism; critical infrastructure; threshold nature and quantity of substances quantities of substances that pose of concern present; potential a serious threat; and other safety extent of death, injury, or serious or security factors the adverse effects to human health Administrator, in consultation or the environment; potential with the Secretary, determines to harm to critical infrastructure and be appropriate. [§4(a)(1) - (2)] national security; cost and technical feasibility; scale of operations; and other security- related factors the Secretary determines to be appropriate and necessary. [§4(e) and (f)] Consultation Requires consultation with the No similar provision Secretary, and in some cases with State and local agencies responsible for planning for and responding to unauthorized releases and providing emergency health care; the Chemical Safety and Hazard Investigation Board; local law enforcement, first responders, and employees. [§4(a)(1)-(5)] Technical support No similar provision Authorizes the Secretary to request technical and analytical support (other than field work) from other agencies, and to reimburse for such support as the Secretary determines to be appropriate. [§6] Emphasis Actions and procedures to Appropriate actions to ensure or eliminate or significantly lessen enhance the security of sources of the potential consequences of a potentially dangerous chemicals release of a covered substance of against acts of terrorism. concern that is caused in part by a [§2(3)-(4) and §3(7)] criminal act. [§2(4); §3(10); §4(a)(3)(B)] CRS-11 Chemical Facilities Security Provision Chemical Security Act (S. 157) Act (S. 994) Vulnerability and risk Requires the Administrator to Requires the Secretary to assessments promulgate regulations within one promulgate regulations within year of the date of enactment of one year of the date of enactment this Act, requiring of this Act requiring owners/operators of high-priority owners/operators of sources chemical sources, in consultation listed by the Secretary to assess with local first responders and vulnerability to a terrorist release employees, to assess the and identify hazards that may vulnerability of the source to a result from a release. [§4(a)(1)] terrorist attack or other Authorizes the Secretary to unauthorized release, and identify promulgate procedures, hazards that may result from protocols, and standards for release. [§4(a)(3)A)] assessments. [§4(c)] The Administrator must review Requires that the Secretary and revise as necessary such promulgate deadlines for regulations within 5 years of their completion of vulnerability date of promulgation. [ §4(a)(4)] assessments. [§4(a)(2)] Planning and Requires the Administrator to Requires the Secretary to implementation promulgate regulations within one promulgate regulations within year of the date of enactment of one year of the date of enactment this Act, requiring owners and of this Act requiring covered operators of high-priority facilities to prepare and chemical sources, in consultation implement a site security plan. with local first responders and [§4(a)(1)] employees, to prepare a Requires that the Secretary prevention, preparedness, and promulgate deadlines for response plan. [§4(a)(3)] completion of plans. [§4(a)(2)] The Administrator must review Authorizes the Secretary to and revise as necessary such promulgate procedures, regulations within 5 years of their protocols, and standards for date of promulgation. [§4(a)(4)] plans. [§4(c)] Required plan The plan must include actions and The plan must include security components procedures to eliminate or measures to reduce vulnerability significantly lessen the potential to a terrorist release, and consequences of an unauthorized equipment, plans, and procedures release, including that might be used in the event of "implementation, to the extent a release. [§4(a)(1)] practicable," of any technology, product, raw material, or practice that reduces the possibility of a release prior to secondary containment, control, or mitigation; well-maintained secondary containment, control, or mitigation equipment; security measures; and buffer zones. [§3(7); §3(11); §4(a)(3)] CRS-12 Chemical Facilities Security Provision Chemical Security Act (S. 157) Act (S. 994) Self-certification Requires owners/operators of Requires owners/operators to high priority chemical sources to certify completion of a certify compliance with vulnerability assessment and assessment and planning development and implementation requirements. Vulnerability of a plan, in accord with any assessments must be certified regulations promulgated by the within one year, and plans within Secretary or with protocols and 18 months after the date of standards endorsed by the promulgation of regulations Secretary. [§4(b)(1)] Requires regarding requirements for that the Secretary promulgate planning. [§4(b)] deadlines for certification of vulnerability assessments and plans. [§4(a)(2)] Reviews Requires owners/operators to Requires owners/operators to review and recertify vulnerability review and recertify vulnerability assessments and plans within 5 assessments and plans within 5 years of the date of first years of the date of first certification, and every 3 years certification, and every 5 years thereafter. [§4(b)] thereafter (or on a schedule established by the Secretary). [§4(h)] Third-party audit or No similar provision Requires the Secretary to certification conduct, or require to be conducted, vulnerability assessments and other activities (including third-party audits) to evaluate and ensure compliance. [§4(b)(3)] Submission of Requires submission of copies of Requires submission of copies of documents assessments and plans to EPA. assessments and plans to DHS, [§4(b)] on request. [§4(a)(1); §4(b)(2)] Threat information Directs the Secretary, in Directs the Secretary, "to the consultation with the maximum extent practicable Administrator, "to the maximum under applicable authority," to extent permitted by applicable provide an owner/operator threat authorities," to provide to information relevant to the owners/operators threat chemical source. [§4(a)(4)] information relevant to assessments and plans. [§4(a)(3)(C)] CRS-13 Chemical Facilities Security Provision Chemical Security Act (S. 157) Act (S. 994) Information All information provided to EPA, Same as S. 157, but also exempts protection or derived from that information, such information from disclosure except self-certification, is under state or local disclosure exempt from disclosure under laws. Provides that anyone who section 552 of title 5, United "knowingly or recklessly States Code (FOIA). [§4(b)(4)] discloses the information" shall be removed from federal office or employment, and be imprisoned up to one year, fined, or both. Some exceptions are allowed. [§4(i)] Also protects from disclosure any determination or order by the Secretary with respect to disapproval of an assessment or plan. [§5(d)] (See below "Compliance assistance" and "Compliance orders.") Requires that information submitted or obtained by the Secretary, and information derived from that information, and information submitted by the Secretary be treated in any judicial or administrative action as if it were classified. [§8] Agency review The Administrator must review Requires the Secretary to ensure each assessment and plan to and evaluate compliance with determine compliance and must regulations and endorsed certify each determination. procedures, protocols, or [§5(a)] standards. [§4(b)(3)] CRS-14 Chemical Facilities Security Provision Chemical Security Act (S. 157) Act (S. 994) Early compliance Before EPA rules are Authorizes the Secretary to promulgated, the Administrator, identify and endorse security in consultation with the Secretary, measures that, if implemented, must review each assessment or would indicate compliance with plan submitted and determine assessment or planning whether it meets consultation, requirements. Authorizes any planning, and assessment person to petition the Secretary requirements for high-priority for endorsement of procedures, categories under §4(a)(3). See protocols, and standards above "Vulnerability and risk established by law, industry, or assessment" and "Planning and federal, state, or local implementation." If such government authorities. requirements are met, the Authorizes the Secretary to Administrator must certify endorse in regulations such compliance without requiring any procedures, protocols, and revision of the assessment or plan. standards, if the Secretary finds [§5(a)(2)(C)] them in effect and substantially equivalent to any requirements the Secretary may establish. If the Secretary chooses not to endorse such procedures, protocols, and standards, the Secretary must provide to each petitioner written notice explaining why. Also authorizes petitions requesting that plans or assessments be required to address particular threats or types of threats, and authorizes the Secretary to promulgate such requirements. [§4(c)] Vulnerability assessments and response plans that are in accord with provisions endorsed by the Secretary are exempt from other regulatory requirements for plans or assessments. [§4(d)] Compliance Requires the Administrator to Authorizes the Secretary to assistance notify a source if an assessment or disapprove a vulnerability plan does not comply with EPA assessment or plan, or to order regulations, or if a threat exists revision, recertification, and beyond the scope of the plan, or resubmission of such, to correct current implementation of the deficiencies, if they do not plan is insufficient. Directs EPA comply with regulations, or if the to provide advice and technical plan, or its implementation, is assistance to bring the assessment insufficient. The Secretary must or plan into compliance, or to provide notice of disapproval, address any threat. [§5(b)] explaining deficiencies and consult to identify appropriate steps to achieve compliance. [§5(a)-(c)] CRS-15 Chemical Facilities Security Provision Chemical Security Act (S. 157) Act (S. 994) Compliance orders Thirty days after assistance is If an owner/operator fails to provided, or a source receives certify or submit a satisfactory notice, if the plan or assessment is assessment or plan, the Secretary not brought into compliance, or is authorized to order the source has not complied with certification and submission. an entry or information request, Requires the Secretary to issue a the Administrator may issue an compliance order if an order directing compliance, after assessment or plan has been providing the source notice of the disapproved, and compliance is order and opportunity for a not achieved by an appropriate hearing. [§5(c)] date. [§5(c)] Threat notification The Secretary must notify a No similar provision and abatement action source or sources of an elevated threat, if the Secretary determines that a terrorist threat exists that is beyond the scope of a submitted plan or plans, or current implementation is insufficient to address the results of vulnerability assessment or existing threat. If a source's response to notification is insufficient, the Secretary must notify the source, the Administrator, and the Attorney General. In response to such notice, the Administrator or Attorney General may secure necessary relief to abate a threat, including orders necessary to protect public health or welfare. [§5(d)] Record-keeping and High-priority sources are required Sources required to prepare entry to keep a current copy of each assessments and plans must keep assessment and plan. The a current copy. The Secretary Administrator may enter the has authority to enter premises premises of an owner or operator and to copy records and other of a source, or any premises documentation that is necessary where records are stored, on for analysis of a vulnerability presenting credentials. The assessment or site security plan Administrator also may at or for implementation of the plan. reasonable times have access to Authorizes the Secretary to issue and may copy records, reports, an order requiring compliance plans, or assessments. The with this section. [§7] Administrator may require a source to provide any information necessary to enforce this Act and to promulgate or enforce regulations. [§6] CRS-16 Chemical Facilities Security Provision Chemical Security Act (S. 157) Act (S. 994) Penalties A district court may assess a civil A district court may assess a civil penalty for violation or non- penalty for violation or non- compliance with an order equal to compliance with an order or a or less than $25,000 per day. site security plan (or endorsed EPA may assess civil penalties security measure) submitted to less than or equal to $125,000 in the Secretary of not more than an order, after providing notice $50,000 per day, and may issue and the opportunity to request an order for injunctive relief. The within 30 days a hearing. Secretary may assess civil Knowing violation or failure to penalties less than or equal to comply with an order may be $250,000 in an order, after punished with a fine of at least providing notice and the $2,500, but less than $25,000, per opportunity to request within 30 day, and imprisonment for up to days a hearing. Authorizes the one year, or both. Subsequent Secretary to establish procedures violation or failure to comply may for administrative hearings and result in a fine of not more than review. [§8] $50,000 per day, imprisonment for up to 2 years, or both. [§7] Authorization of Authorizes such sums as are No similar provision appropriations necessary. [§9] Training No similar provision Authorizes the Secretary to provide training relevant to this Act to state and local officials and owners/operators. [§9] ------------------------------------------------------------------------------ For other versions of this document, see http://wikileaks.org/wiki/CRS-RL31958