Report text available as:

(PDF provides a complete and accurate display of this text.) Tip?



113th Congress                                            Rept. 113-491
                        HOUSE OF REPRESENTATIVES
 2d Session                                                      Part 1

======================================================================



 
 CHEMICAL FACILITY ANTI-TERRORISM STANDARDS PROGRAM AUTHORIZATION AND 
                       ACCOUNTABILITY ACT OF 2014

                                _______
                                

 June 23, 2014.--Committed to the Committee of the Whole House on the 
              State of the Union and ordered to be printed

                                _______
                                

  Mr. McCaul, from the Committee on Homeland Security, submitted the 
                               following

                              R E P O R T

                             together with

                            ADDITIONAL VIEWS

                        [To accompany H.R. 4007]

      [Including cost estimate of the Congressional Budget Office]

    The Committee on Homeland Security, to whom was referred 
the bill (H.R. 4007) to recodify and reauthorize the Chemical 
Facility Anti-Terrorism Standards Program, having considered 
the same, report favorably thereon with an amendment and 
recommend that the bill as amended do pass.

                                CONTENTS

                                                                   Page
Purpose and Summary..............................................     7
Background and Need for Legislation..............................     7
Hearings.........................................................     9
Committee Consideration..........................................     9
Committee Votes..................................................    12
Committee Oversight Findings.....................................    14
New Budget Authority, Entitlement Authority, and Tax Expenditures    14
Congressional Budget Office Estimate.............................    14
Statement of General Performance Goals and Objectives............    16
Duplicative Federal Programs.....................................    16
Congressional Earmarks, Limited Tax Benefits, and Limited Tariff 
  Benefits.......................................................    16
Federal Mandates Statement.......................................    16
Preemption Clarification.........................................    16
Disclosure of Directed Rule Makings..............................    16
Advisory Committee Statement.....................................    17
Applicability to Legislative Branch..............................    17
Section-by-Section Analysis of the Legislation...................    17
Changes in Existing Law Made by the Bill, as Reported............    27
Committee Correspondence.........................................    36
Additional Views.................................................    38

    The amendment is as follows:
  Strike all after the enacting clause and insert the 
following:

SECTION 1. SHORT TITLE.

  This Act may be cited as the ``Chemical Facility Anti-Terrorism 
Standards Program Authorization and Accountability Act of 2014''.

SEC. 2. CHEMICAL FACILITY ANTI-TERRORISM STANDARDS PROGRAM.

  (a) In General.--The Homeland Security Act of 2002 (6 U.S.C. 101 et 
seq.) is amended by adding at the end the following:

        ``TITLE XXI--CHEMICAL FACILITY ANTI-TERRORISM STANDARDS

``SEC. 2101. CHEMICAL FACILITY ANTI-TERRORISM STANDARDS PROGRAM.

  ``(a) Program Established.--There is in the Department a Chemical 
Facility Anti-Terrorism Standards Program. Under such Program, the 
Secretary shall establish risk-based performance standards designed to 
protect covered chemical facilities and chemical facilities of interest 
from acts of terrorism and other security risks and require such 
facilities to submit security vulnerability assessments and to develop 
and implement site security plans.
  ``(b) Security Measures.--Site security plans required under 
subsection (a) may include layered security measures that, in 
combination, appropriately address the security vulnerability 
assessment and the risk-based performance standards for security for 
the facility.
  ``(c) Approval or Disapproval of Site Security Plans.--
          ``(1) In general.--The Secretary shall review and approve or 
        disapprove each security vulnerability assessment and site 
        security plan under subsection (a). The Secretary may not 
        disapprove a site security plan based on the presence or 
        absence of a particular security measure, but the Secretary 
        shall disapprove a site security plan if the plan fails to 
        satisfy the risk-based performance standards established under 
        subsection (a).
          ``(2) Alternative security programs.--The Secretary may 
        approve an alternative security program established by a 
        private sector entity or a Federal, State, or local authority 
        or pursuant to other applicable laws, if the Secretary 
        determines that the requirements of such program meet the 
        requirements of this section. A covered chemical facility may 
        meet the site security plan requirement under subsection (a) by 
        adopting an alternative security program that has been reviewed 
        and approved by the Secretary under this paragraph.
          ``(3) Site security plan assessments.--In approving or 
        disapproving a site security plan under this subsection, the 
        Secretary shall employ the risk assessment policies and 
        procedures developed under this title. In the case of a covered 
        chemical facility for which a site security plan has been 
        approved by the Secretary before the date of the enactment of 
        this title, the Secretary may not require the resubmission of 
        the site security information solely by reason of the enactment 
        of this title.
          ``(4) Consultation.--The Secretary may consult with the 
        Government Accountability Office to investigate the feasibility 
        and applicability a third party accreditation program that 
        would work with industry stakeholders to develop site security 
        plans that may be applicable to all similarly situated 
        facilities. The program would include the development of 
        Program-Specific Handbooks for facilities to reference on site.
  ``(d) Compliance.--
          ``(1) Audits and inspections.--
                  ``(A) In general.--The Secretary shall conduct the 
                audit and inspection of covered chemical facilities for 
                the purpose of determining compliance with this Act. 
                The audit and inspection may be carried out by a non-
                Department or nongovernment entity, as approved by the 
                Secretary.
                  ``(B) Reporting structure.--Any audit or inspection 
                conducted by an individual employed by a nongovernment 
                entity shall be assigned in coordination with the head 
                of audits and inspections for the region in which the 
                audit or inspection is to be conducted. When in the 
                field, any individual employed by a nongovernment 
                entity shall report to the respective head of audits 
                and inspections for the region in which the individual 
                is operating.
                  ``(C) Requirements for nongovernment personnel.--If 
                the Secretary arranges for an audit or inspection under 
                subparagraph (A) to be carried out by a nongovernment 
                entity, the Secretary shall require, as a condition of 
                such arrangement, that any individual who conducts the 
                audit or inspection be a citizen of the United States 
                and shall prescribe standards for the qualification of 
                the individuals who carry out such audits and 
                inspections that are commensurate with the standards 
                for a Government auditor or inspector. Such standards 
                shall include--
                          ``(i) minimum training requirements for new 
                        auditors or inspectors;
                          ``(ii) retraining requirements;
                          ``(iii) minimum education and experience 
                        levels;
                          ``(iv) the submission of information as 
                        required by the Secretary to enable 
                        determination of whether the auditor or 
                        inspector has a conflict of interest;
                          ``(v) the maintenance of a secret security 
                        clearance;
                          ``(vi) reporting any issue of non-compliance 
                        with this section to the Secretary within 24 
                        hours; and
                          ``(vii) any additional qualifications for 
                        fitness of duty as the Secretary may establish.
                  ``(D) Training of department auditors and 
                inspectors.--The Secretary shall prescribe standards 
                for the training and retraining of individuals employed 
                by the Department as auditors and inspectors. Such 
                standards shall include--
                          ``(i) minimum training requirements for new 
                        auditors and inspectors;
                          ``(ii) retraining requirements; and
                          ``(iii) any additional requirements the 
                        Secretary may establish.
          ``(2) Notice of noncompliance.--
                  ``(A) Notice.--If the Secretary determines that a 
                covered chemical facility or a chemical facility of 
                interest is not in compliance with this section, the 
                Secretary shall--
                          ``(i) provide the owner or operator of the 
                        facility with--
                                  ``(I) written notification (including 
                                a clear explanation of any deficiency 
                                in the security vulnerability 
                                assessment or site security plan) by 
                                not later than 14 days after the 
                                determination is made; and
                                  ``(II) an opportunity for 
                                consultation with the Secretary or the 
                                Secretary's designee; and
                          ``(ii) issue an order to comply by such date 
                        as the Secretary determines to be appropriate 
                        under the circumstances.
                  ``(B) Continued noncompliance.--If the owner or 
                operator continues to be in noncompliance after the 
                date specified in such order, the Secretary may enter 
                an order assessing a civil penalty, an order to cease 
                operations, or both.
          ``(3) Personnel surety.--
                  ``(A) Personnel surety program.--For purposes of this 
                title, the Secretary shall carry out a Personnel Surety 
                Program that--
                          ``(i) does not require an owner or operator 
                        of a covered chemical facility that voluntarily 
                        participates to submit information about an 
                        individual more than one time;
                          ``(ii) provides a participating owner or 
                        operator of a covered chemical facility with 
                        feedback about an individual based on vetting 
                        the individual against the terrorist screening 
                        database, to the extent that such feedback is 
                        necessary for the facility's compliance with 
                        regulations promulgated under this title; and
                          ``(iii) provides redress to an individual 
                        whose information was vetted against the 
                        terrorist screening database under the program 
                        and who believes that the personally 
                        identifiable information submitted to the 
                        Department for such vetting by a covered 
                        chemical facility, or its designated 
                        representative, was inaccurate.
                  ``(B) Personnel surety implementation.--To the extent 
                that a risk-based performance standard under subsection 
                (a) is directed toward identifying individuals with 
                terrorist ties--
                          ``(i) a covered chemical facility may satisfy 
                        its obligation under such standard with respect 
                        to an individual by utilizing any Federal 
                        screening program that periodically vets 
                        individuals against the terrorist screening 
                        database, or any successor, including the 
                        Personnel Surety Program under subparagraph 
                        (A); and
                          ``(ii) the Secretary may not require a 
                        covered chemical facility to submit any 
                        information about such individual unless the 
                        individual--
                                  ``(I) is vetted under the Personnel 
                                Surety Program; or
                                  ``(II) has been identified as 
                                presenting a terrorism security risk.
                  ``(C) Responsibilities of security screening 
                coordination office.--
                          ``(i) In general.--The Secretary shall direct 
                        the Security Screening Coordination Office of 
                        the Department to coordinate with the National 
                        Protection and Programs Directorate to expedite 
                        the development of a common credential that 
                        screens against the terrorist screening 
                        database on a recurrent basis and meets all 
                        other screening requirements of this title.
                          ``(ii) Report.--Not later than March 1, 2015, 
                        and annually thereafter, the Secretary shall 
                        submit to Congress a report on the progress of 
                        the Secretary in meeting the requirements of 
                        clause (i).
          ``(4) Facility access.--For purposes of the compliance of a 
        covered chemical facility with a risk-based performance 
        standard established under subsection (a), the Secretary may 
        not require the facility to submit any information about an 
        individual who has been granted access to the facility unless 
        the individual--
                  ``(A) was vetted under the Personnel Surety Program; 
                or
                  ``(B) has been identified as presenting a terrorism 
                security risk.
          ``(5) Availability of information.--The Secretary shall share 
        with the owner or operator of a covered chemical facility such 
        information as the owner or operator needs to comply with this 
        section.
  ``(e) Responsibilities of the Secretary.--
          ``(1) Identification of facilities of interest.--In carrying 
        out this title, the Secretary shall consult with the heads of 
        other Federal agencies, States and political subdivisions 
        thereof, and relevant business associations to identify all 
        chemical facilities of interest.
          ``(2) Risk assessment.--
                  ``(A) In general.--For purposes of this title, the 
                Secretary shall develop a risk assessment approach and 
                corresponding tiering methodology that incorporates all 
                relevant elements of risk, including threat, 
                vulnerability, and consequence.
                  ``(B) Criteria for determining security risk.--The 
                criteria for determining the security risk of terrorism 
                associated with a facility shall include--
                          ``(i) the relevant threat information;
                          ``(ii) the potential economic consequences 
                        and the potential loss of human life in the 
                        event of the facility being subject to a 
                        terrorist attack, compromise, infiltration, or 
                        exploitation; and
                          ``(iii) the vulnerability of the facility to 
                        a terrorist attack, compromise, infiltration, 
                        or exploitation.
          ``(3) Changes in tiering.--Any time that tiering for a 
        covered chemical facility is changed and the facility is 
        determined to no longer be subject to the requirements of this 
        title, the Secretary shall maintain records to reflect the 
        basis for this determination. The records shall include 
        information on whether and how the information that was the 
        basis for the determination was confirmed by the Secretary.
  ``(f) Definitions.--In this title:
          ``(1) The term `covered chemical facility' means a facility 
        that the Secretary identifies as a chemical facility of 
        interest and, based upon review of a Top-Screen, as such term 
        is defined in section 27.105 of title 6 of Code of Federal 
        Regulations, determines meets the risk criteria developed 
        pursuant subsection (e)(2)(B). Such term does not include any 
        of the following:
                  ``(A) A facility regulated pursuant to the Maritime 
                Transportation Security Act of 2002 (Public Law 107-
                295).
                  ``(B) A Public Water System, as such term is defined 
                by section 1401 of the Safe Drinking Water Act (Public 
                Law 93-523; 42 U.S.C. 300f).
                  ``(C) A Treatment Works, as such term is defined in 
                section 212 of the Federal Water Pollution Control Act 
                (Public Law 92-500; 33 U.S.C. 12920).
                  ``(D) Any facility owned or operated by the 
                Department of Defense or the Department of Energy.
                  ``(E) Any facility subject to regulation by the 
                Nuclear Regulatory Commission.
          ``(2) The term `chemical facility of interest' means a 
        facility that holds, or that the Secretary has a reasonable 
        basis to believe holds, a Chemical of Interest, as designated 
        under in Appendix A of title 6 of the Code of Federal 
        Regulations, at a threshold quantity that meets relevant risk-
        related criteria developed pursuant to subsection (e)(2)(B).

``SEC. 2102. PROTECTION AND SHARING OF INFORMATION.

  ``(a) In General.--Notwithstanding any other provision of law, 
information developed pursuant to this title, including vulnerability 
assessments, site security plans, and other security related 
information, records, and documents shall be given protections from 
public disclosure consistent with similar information developed by 
chemical facilities subject to regulation under section 70103 of title 
46, United States Code.
  ``(b) Sharing of Information With States and Local Governments.--This 
section does not prohibit the sharing of information developed pursuant 
to this title, as the Secretary deems appropriate, with State and local 
government officials possessing the necessary security clearances, 
including law enforcement officials and first responders, for the 
purpose of carrying out this title, if such information may not be 
disclosed pursuant to any State or local law.
  ``(c) Sharing of Information With First Responders.--The Secretary 
shall provide to State, local, and regional fusion centers (as such 
term is defined in section 210A(j)(1) of this Act) and State and local 
government officials, as determined appropriate by the Secretary, such 
information as is necessary to help ensure that first responders are 
properly prepared and provided with the situational awareness needed to 
respond to incidents at covered chemical facilities. Such information 
shall be disseminated through the Homeland Security Information Network 
or the Homeland Secure Data Network, as appropriate.
  ``(d) Enforcement Proceedings.--In any proceeding to enforce this 
section, vulnerability assessments, site security plans, and other 
information submitted to or obtained by the Secretary under this 
section, and related vulnerability or security information, shall be 
treated as if the information were classified material.

``SEC. 2103. CIVIL PENALTIES.

  ``(a) Violations.--Any person who violates an order issued under this 
title shall be liable for a civil penalty under section 70119(a) of 
title 46, United States Code.
  ``(b) Right of Action.--Nothing in this title confers upon any person 
except the Secretary a right of action against an owner or operator of 
a covered chemical facility to enforce any provision of this title.

``SEC. 2104. WHISTLEBLOWER PROTECTIONS.

  ``The Secretary shall publish on the Internet website of the 
Department and in other materials made available to the public the 
whistleblower protections that an individual providing such information 
would have.

``SEC. 2105. RELATIONSHIP TO OTHER LAWS.

  ``(a) Other Federal Laws.--Nothing in this title shall be construed 
to supersede, amend, alter, or affect any Federal law that regulates 
the manufacture, distribution in commerce, use, sale, other treatment, 
or disposal of chemical substances or mixtures.
  ``(b) States and Political Subdivisions.--This title shall not 
preclude or deny any right of any State or political subdivision 
thereof to adopt or enforce any regulation, requirement, or standard of 
performance with respect to chemical facility security that is more 
stringent than a regulation, requirement, or standard of performance 
issued under this section, or otherwise impair any right or 
jurisdiction of any State with respect to chemical facilities within 
that State, unless there is an actual conflict between this section and 
the law of that State.
  ``(c) Rail Transit.--
          ``(1) Duplicative regulations.--The Secretary shall 
        coordinate with the Assistant Secretary of Homeland Security 
        (Transportation Security Administration) to eliminate any 
        provision of this title applicable to rail security that would 
        duplicate any security measure under the Rail Transportation 
        Security Rule under section 1580 of title 49 of the Code of 
        Federal Regulations, as in effect as of the date of the 
        enactment of this title. To the extent that there is a conflict 
        between this title and any regulation under the jurisdiction of 
        the Transportation Security Administration, the regulation 
        under the jurisdiction of the Transportation Security 
        Administration shall prevail.
          ``(2) Exemption from top-screen.--A rail transit facility or 
        a rail facility, as such terms are defined in section 1580.3 of 
        title 49 of the Code of Federal Regulations, to which subpart 3 
        of such title applies pursuant to section 1580.100 of such 
        title shall not be required to complete a Top-Screen as such 
        term is defined in section 27.105 of title 6 of the Code of 
        Federal Regulations.

``SEC. 2106. REPORTS.

  ``(a) Report to Congress.--Not later than 18 months after the date of 
the enactment of this title, the Secretary shall submit to Congress a 
report on the Chemical Facilities Anti-Terrorism Standards Program. 
Such report shall include each of the following:
          ``(1) Certification by the Secretary that the Secretary has 
        made significant progress in the identification of all chemical 
        facilities of interest pursuant to section 2101(e)(1), 
        including a description of the steps taken to achieve such 
        progress and the metrics used to measure it, information on 
        whether facilities that submitted Top-Screens as a result of 
        such efforts were tiered and in what tiers they were placed, 
        and an action plan to better identify chemical facilities of 
        interest and bring those facilities into compliance.
          ``(2) Certification by the Secretary that the Secretary has 
        developed a risk assessment approach and corresponding tiering 
        methodology pursuant to section 2101(e)(2).
          ``(3) An assessment by the Secretary of the implementation by 
        the Department of any recommendations made by the Homeland 
        Security Studies and Analysis Institute as outlined in the 
        Institute's Tiering Methodology Peer Review (Publication 
        Number: RP12-22-02).
  ``(b) Semiannual GAO Report.--During the 3-year period beginning on 
the date of the enactment of this title, the Comptroller General of the 
United States shall submit a semiannual report to Congress containing 
the assessment of the Comptroller General of the implementation of this 
title. The Comptroller General shall submit the first such report by 
not later than the date that is 180 days after the date of the 
enactment of this title.

``SEC. 2107. CFATS REGULATIONS.

  ``(a) In General.--The Secretary is authorized, in accordance with 
chapter 5 of title 5, United States Code, to promulgate regulations 
implementing the provisions of this title.
  ``(b) Existing CFATS Regulations.--In carrying out the requirements 
of this title, the Secretary shall use the CFATS regulations, as in 
effect immediately before the date of the enactment of this title, that 
the Secretary determines carry out such requirements, and may issue new 
regulations or amend such regulations pursuant to the authority in 
subsection (a).
  ``(c) Definition of CFATS Regulations.--In this section, the term 
`CFATS regulations' means the regulations prescribed pursuant to 
section 550 of the Department of Homeland Security Appropriations Act, 
2007 (Public Law 109-295; 120 Stat. 1388; 6 U.S.C. 121 note), as well 
as all Federal Register notices and other published guidance concerning 
section 550 of the Department of Homeland Security Appropriations Act, 
2007.
  ``(d) Authority.--The Secretary shall exclusively rely upon authority 
provided in this title for determining compliance with this title in--
          ``(1) identifying chemicals of interest;
          ``(2) designating chemicals of interest; and
          ``(3) determining security risk associated with a chemical 
        facility.

``SEC. 2108. SMALL COVERED CHEMICAL FACILITIES.

  ``(a) In General.--The Secretary may provide guidance and, as 
appropriate, tools, methodologies, or computer software, to assist 
small covered chemical facilities in developing their physical 
security.
  ``(b) Report.--The Secretary shall submit to the Committee on 
Homeland Security of the House of Representatives and the Committee on 
Homeland Security and Governmental Affairs of the Senate a report on 
best practices that may assist small chemical facilities, as defined by 
the Secretary, in development of physical security best practices.
  ``(c) Definition.--For purposes of this section, the term `small 
covered chemical facility' means a covered chemical facility that has 
fewer than 350 employees employed at the covered chemical facility, and 
is not a branch or subsidiary of another entity.

``SEC. 2109. OUTREACH TO CHEMICAL FACILITIES OF INTEREST.

  `` Not later than 90 days after the date of the enactment of this 
title, the Secretary shall establish an outreach implementation plan, 
in coordination with the heads of other appropriate Federal and State 
agencies and relevant business associations, to identify chemical 
facilities of interest and make available compliance assistance 
materials and information on education and training.

``SEC. 2110. AUTHORIZATION OF APPROPRIATIONS.

  ``There is authorized to be appropriated to carry out this title 
$87,436,000 for each of fiscal years 2015, 2016, and 2017.''.
  (b) Clerical Amendment.--The table of contents in section 1(b) of 
such Act is amended by adding at the end the following:

        ``TITLE XXI--CHEMICAL FACILITY ANTI-TERRORISM STANDARDS

``Sec. 2101. Chemical Facility Anti-Terrorism Standards Program.
``Sec. 2102. Protection and sharing of information.
``Sec. 2103. Civil penalties.
``Sec. 2104. Whistleblower protections.
``Sec. 2105. Relationship to other laws.
``Sec. 2106. Reports.
``Sec. 2107. CFATS regulations.
``Sec. 2108. Small covered chemical facilities.
``Sec. 2109. Outreach to chemical facilities of interest.
``Sec. 2110. Authorization of appropriations.''.

  (c) Third-party Assessment.--Using amounts authorized to be 
appropriated under section 2110 of the Homeland Security Act of 2002, 
as added by subsection (a), the Secretary of Homeland Security shall 
commission a third-party study to assess vulnerabilities to acts of 
terrorism associated with the Chemical Facility Anti-Terrorism 
Standards program, as authorized pursuant to section 550 of the 
Department of Homeland Security Appropriations Act, 2007 (Public Law 
109-295; 120 Stat. 1388; 6 U.S.C. 121 note).
  (d) Metrics.--Not later than 180 days after the date of the enactment 
of this Act, the Secretary shall submit to Congress a plan for the 
utilization of metrics to assess the effectiveness of the Chemical 
Facility Anti-Terrorism Standards program to reduce the risk of a 
terrorist attack or other security risk to those citizens and 
communities surrounding covered chemical facilities. The plan shall 
include benchmarks on when the program will begin utilizing the metrics 
and how the Department of Homeland Security plans to use the 
information to inform the program.

SEC. 3. EFFECTIVE DATE.

  This Act, and the amendments made by this Act, shall take effect on 
the date that is 30 days after the date of the enactment of this Act.

                          Purpose and Summary

    H.R. 4007 authorizes the Department of Homeland Security's 
Chemical Facility Anti-Terrorism Standards program (CFATS) for 
three years at present funding levels in order to provide the 
stability and certainty both the Department and industry argue 
is necessary to ensure the program's success, while at the same 
time, using the authorization as a vehicle to mandate certain 
fundamental programmatic improvements. CFATS was enacted under 
an Appropriations rider, Pub. Law 109-295, the Department of 
Homeland Security Appropriations Act of 2007, Sec. 550, and has 
technically never been authorized. Thus, chemical facility 
security hangs in the balance with each new appropriations 
cycle. H.R. 4007 incorporates CFATS into the Homeland Security 
Act of 2002 (6 U.S.C. 101 et seq.), under Title XXI, and gives 
the program official status under law.

                  Background and Need for Legislation

    Chemical facilities continually rank among the highest-risk 
targets for terrorists because an attack on a chemical facility 
could result in large-scale physical damage and catastrophic 
loss of life. To protect against this threat, Congress in 2007 
authorized the Department of Homeland Security (DHS) to develop 
a set of risk assessment standards for chemical facilities, and 
to implement a set of corresponding regulations to ensure the 
physical security of those at highest risk. The result was the 
Chemical Facility Anti-Terrorism Standards (CFATS) program, 
which was established and funded for three years under Sec. 550 
of Pub. L. 109-295, the Homeland Security Appropriation Act of 
2007.
    In the first five years of CFATS existence, the DHS 
Infrastructure Security Compliance Division (ISCD), a component 
of the Department's National Protection and Programs 
Directorate (NPPD), struggled to implement the program. Both 
the Government Accountability Office (GAO) and DHS Office of 
Inspector General (OIG) shed light on some serious shortcomings 
that had hamstrung the Department's efforts to effectively and 
efficiently carryout the CFTAS mission. Specifically, GAO and 
OIG reported that inadequate tools, management issues, and an 
absence of appropriate metrics had undermined the program's 
effectiveness.
    Yet over the course of the last two years, and under new 
leadership, ISCD has made significant progress. The management 
team has taken very seriously the recommendations made by GAO 
and OIG, and has accordingly made important improvements, 
including enhanced engagement with the regulated community and 
industry stakeholders; a streamlined Site Security Plan review 
process; stronger coordination with State and local chemical 
facility regulators and fellow Federal agencies to identify 
outlier facilities; and the development of a solid plan to 
increase the pace of site security authorizations, approvals, 
and inspections. Additionally, ISCD has taken steps to execute 
the Action Plan laid out by GAO in April 2013 by initiating and 
completing a ``Tiering Methodology Peer Review.'' All of these 
improvements have subsequently been recognized and commended by 
GAO and OIG.
    Given the progress ISCD has made in moving the CFATS 
program forward, and taking into account the immense investment 
of resources industry has already made in an effort to comply 
with the CFATS regulatory scheme, the Committee believes now is 
the right time to authorize CFATS in the short term, with an 
eye towards permanently authorizing the program.
    The Committee's approach in crafting H.R. 4007 was 
intentionally modest. Some have argued that the program should, 
for all intents and purposes, be dismantled and replaced by a 
more comprehensive regulatory scheme. Yet past attempts to do 
just that have failed. As GAO, industry stakeholders, and the 
Department itself have all recognized, at this stage, a major 
overhaul of the program would create a significant setback to 
chemical facility security, arresting ISCD's momentum at a 
critical phase. By contrast, a multi-year authorization would 
provide needed stability for advancing incremental progress, 
while instilling oversight and accountability that is needed to 
ensure continued improvement.
    Thus, H.R. 4007 mandates critical improvements, including 
fixing the program's risk assessment methodology; developing an 
efficient and workable Personnel Surety requirement; ensuring 
that the full universe of chemical facilities is known to the 
Department; and drawing down the tremendous backlog of facility 
inspections ISCD currently faces, among other things. Moreover, 
H.R. 4007 requires GAO to conduct an ongoing assessment of 
ISCD's progress in implementing these directives throughout the 
course of the authorization term.
    The Committee's intent in passing this bill is not to give 
DHS a blank check. Rather, this authorization is intended as a 
trial. NPPD must solidify certain foundational elements of the 
CFATS program in order to establish its continued viability--
and it must do so within a short timeframe. Over the course of 
three years, the Committee will have the opportunity, through 
hearings and other mechanisms, to hold NPPD's new leadership to 
account for implementing the improvements mandated in the 
legislation, and to assess the program's merit going forward.
    In short, H.R. 4007 codifies the parts of Sec. 550, the 
original CFATS enacting statute, that are currently working, 
while mandating changes aimed at improving the efficiency and 
effectiveness of the program with the hope that the Committee 
will, in three years time, feel confident that CFATS should be 
permanently authorized.

                                Hearings

    On August 1, 2013, the Subcommittee on Cybersecurity, 
Infrastructure Protection, and Security Technologies held a 
hearing entitled ``West Fertilizer, Off the Grid: The Problem 
of Unidentified Chemical Facilities.'' The Subcommittee 
received testimony from Mr. David Wulf, ISCD Director, National 
Protection and Programs Directorate, U.S. Department of 
Homeland Security; Mr. Stephen L. Caldwell, Director, Homeland 
Security and Justice, U.S. Government Accountability Office; 
Mr. Donnie Dippel, President, Texas Ag Industries Association; 
Mr. Paul Derig, Environmental Health and Safety Manger III, 
J.R. Simplot Company, testifying on behalf of the Agricultural 
Retailers Association; Mr. Timothy J. Scott, Chief Security 
Officer, Corporate Director, Emergency Services and Security, 
The Dow Chemical Company; and Mr. Sean Moulton, Director, Open 
Government Policy, Center for Effective Government.
    On February 27, 2014, the Subcommittee on Cybersecurity, 
Infrastructure Protection, and Security Technologies held a 
hearing on H.R. 4007. The Subcommittee received testimony from 
Ms. Caitlin Durkovich, Assistant Secretary, Infrastructure 
Protection, U.S. Department of Homeland Security; accompanied 
by Mr. David Wulf, Deputy Director, Infrastructure Security 
Compliance Division; Mr. Stephen L. Caldwell, Director, 
Homeland Security and Justice, U.S. Government Accountability 
Office; Ms. Marcia Hodges, Chief Inspector, Office of Inspector 
General, U.S. Department of Homeland Security; Mr. Clyde 
Miller, Director for Corporate Security, BASF Corporation, 
testifying on behalf of BASF and The American Chemistry 
Council; Ms. Kate Hampford Donahue, President, Hampford 
Research, Inc., testifying on behalf of the Society of Chemical 
Manufacturers and Affiliates; and Ms. Anna Fendley, Legislative 
Representative, United Steelworkers.

                        Committee Consideration

    The Subcommittee on Cybersecurity, Infrastructure 
Protection, and Security Technologies met on April 3, 2014, to 
consider H.R. 4007, and ordered the measure to be forwarded to 
the Full Committee with a favorable recommendation, amended, by 
voice vote. The Committee took the following actions:
    The following amendments were offered:

 An Amendment in the Nature of a Substitute offered by Mr. 
Meehan (#1); was AGREED TO, as amended, by voice vote.
 An amendment to the Amendment in the Nature of a Substitute to 
H.R. 4007 offered by Ms. Clarke (#1A); was AGREED TO by voice 
vote.

     Insert opening quotation marks before each provisions of section 2 
through 9, insert closing quotation marks and a following period at the 
end of section 9, and before section 2 (page 1, after line 4), and 
insert the following (and make appropriate technical and conforming 
changes):
     Sec. 2. Amendment to Homeland Security Act of 2002 to Provide For 
the Regulation of Security Practices at Chemical Facilities.
     The Homeland Security Act of 2002 is amended by adding at the end 
the following: ``Title XXI-Regulation of Security Practices at Chemical 
Facilities''.

 An amendment to the Amendment in the Nature of a Substitute to 
H.R. 4007 offered by Mr. Perry (#1B); was AGREED TO by a 
recorded vote of 5 yeas and 3 nays (Roll Call Vote No. 1).

     Page 3, starting on line 12, strike paragraph (1) and inserting a 
new paragraph entitled ``(1) Audits and Inspections.''

 An amendment to the Amendment in the Nature of a Substitute to 
H.R. 4007 offered by Ms. Clarke (#1C); was NOT AGREED TO by 
voice vote.

     Page 3, line 12, insert before ``The Secretary'' the following: 
``The Secretary shall audit and inspect chemical facilities subject to 
regulation under this Act for the purposes of determining compliance 
with this Act.''.
     Page 3, line 17, strike ``a non-Department or non-government 
entity'' and insert ``another government entity''.

 An amendment to the Amendment in the Nature of a Substitute to 
H.R. 4007 offered by Ms. Clarke (#1D); was NOT AGREED TO by 
voice vote.

     In section 2(a), strike ``and require such facilities to submit 
security vulnerability assessments and to develop and implement site 
security plans'' and insert ``, assign such facilities to risk-based 
tiers, require such facilities to submit vulnerability assessments and 
to develop and implement site security plans, approve or disapprove the 
security vulnerability assessments and site security plans submitted by 
such facilities, audit and inspect such facilities, and enforce 
compliance with the requirements of this Act''.

 An amendment to the Amendment in the Nature of a Substitute to 
H.R. 4007 offered by Ms. Clarke (#1E); was NOT AGREED TO by 
voice vote.

     In Section 2, strike subsection (f).

 An amendment to the Amendment in the Nature of a Substitute to 
H.R. 4007 offered by Ms. Clarke (#1F); was WITHDRAWN by 
unanimous consent.

     Page 11, after line 21, insert a new section (and renumber the 
subsequent sections accordingly): entitled ``Sec. 9. Assessment of 
Chemical Facility Anti-Terrorism Standards Exemptions.

 An amendment to the Amendment in the Nature of a Substitute to 
H.R. 4007 offered by Ms. Clarke (#1G); was NOT AGREED TO by a 
recorded vote of 3 yeas and 5 nays (Roll Call Vote No. 2).

     Page 7, after line 15, insert a new subsection entitled ``(g) 
Personnel Surety Program.''

 An amendment to the Amendment in the Nature of a Substitute to 
H.R. 4007 offered by Ms. Clarke (#1H); was AGREED TO by voice 
vote.

     Strike section 2 and redesignate sections 8 through 11 as sections 
7 through 10, respectively.
     Page 11, line 24-25, strike ``for each fiscal year'' and insert 
``for each of fiscal years 2015, 2016, and 2017''.

 An amendment to the Amendment in the Nature of a Substitute to 
H.R. 4007 offered by Ms. Clarke (#1I) was NOT AGREED TO by 
voice vote.

     In section 2, redesignate subsections (d) through (f) as 
subsections (e) through (g), respectively, and insert after subsection 
(c) a new subsection entitled ``(d) Assistance to High Risk Chemical 
Facilities.''
     In subsection (g) of section 2, as redesignated, strike 
``subsection (e)(1)'' and insert ``subsection (f)(1)''.;

 An amendment to the Amendment in the Nature of a Substitute to 
H.R. 4007 offered by Mr. Horsford (#1J); NOT AGREED TO by a 
recorded vote of 3 yeas and 5 nays (Roll Call Vote No. 3).

     Page 2, line 2, after the period insert the following ``The 
preparation of a security vulnerability assessment and site security 
plan, as required under subsection (a), shall include, to the greatest 
extent possible, at least one supervisory employee and at least one 
non-supervisory employee of the covered chemical facility, and at least 
one employee representative from each bargaining agent at the covered 
chemical facility, if any, who possesses relevant knowledge, 
experience, training, or education.''.

 An amendment to the Amendment in the Nature of a Substitute to 
H.R. 4007 offered by Mr. Horsford  (#1K); NOT AGREED TO by a 
recorded vote of 3 yeas and 5 nays (Roll Call Vote No. 4).

     Insert after section 2 a new section entitled ``Sec. 4. 
Whistleblower Protections.''

 An amendment to the Amendment in the Nature of a Substitute to 
H.R. 4007 offered by Ms. Clarke (#1L); was WITHDRAWN by 
unanimous consent.

     Page 5, after line 14, insert a new paragraph entitled ``(5) 
Exemption for certain personnel engaged in transportation activities.''

    The Committee met on April 30, 2014, to consider H.R. 4007, 
and ordered the measure to be reported to the House with a 
favorable recommendation, amended, by voice vote. The Committee 
took the following actions:
    The following amendments were offered:

 An Amendment in the Nature of a Substitute to H.R. 4007 
offered by Mr. Meehan (#1); was AGREED TO, amended, by voice 
vote.
 An amendment to the Amendment in the Nature of a Substitute to 
H.R. 4007 offered by Mr. Meehan (#1A); was AGREED TO by voice 
vote.

     Strike section 3.; was AGREED TO by voice vote.

 An en bloc amendment to the Amendment in the Nature of a 
Substitute to H.R. 4007 offered by Mr. Thompson of Mississippi 
(#1B); was AGREED TO by voice vote.

     Consisting of the following amendments:
     Page 5, line 13, insert ``not later than 14 days after the 
determination was made'' after ``security plan)''.
     Page 17, before line 10, insert a new subsection entitled ``(c) 
Third-party Assessment''.

 An en bloc amendment to the Amendment in the Nature of a 
Substitute to H.R. 4007 offered by Ms. Loretta Sanchez of 
California (#1C); was AGREED TO by voice vote.

     Consisting of the following amendments:
     Page 10, after line 3, insert a new paragraph entitled ``(3) 
Changes in Tiering.''
     Page 17, after line 2, insert the following new section (and 
renumber the subsequent section and revise the table of contents 
amendment accordingly):
     ``Sec. 2107. Outreach to Chemical Facilities of Interest.''
     Page 15, line 6, insert before the period the following: ``, 
information on whether facilities that submitted Top-Screens as a 
result of such efforts were tiered and in what tiers they were placed, 
and an action plan to better identify chemical facilities of interest 
and bring those facilities into compliance''.
     Page 17, before line 10, insert a new subsection entitled (c) 
Metrics.''

 An en bloc amendment to the Amendment in the Nature of a 
Substitute to H.R. 4007 offered by Ms. Clarke (#1D); was AGREED 
TO by voice vote.

     Consisting of the following amendments:
     Page 3, lines 20-21, strike ``shall arrange for'' and insert 
``shall conduct''.
     Page 3, lines 23-24, strike ``Under such arrangement, the'' and 
insert ``The''.
     Page 4, line after line 2, insert the following new subparagraph 
(and renumber the subsequent subparagraph accordingly):
     ``(B) Reporting Structure.''
     Page 5, line 2, strike: ``and''.
     Page 5, after line 2, insert the following (and renumber the 
subsequent clause accordingly):
     ``(vi) reporting any issue of non-compliance with this section to 
the Secretary within 24 hours; and''.
     Page 5 after line 5, insert a new subparagraph entitled ``(C) 
Training of Department Auditors and Inspectors.''

 An amendment to the Amendment in the Nature of a Substitute to 
H.R. 4007 offered by Ms. Clarke (#1E); was AGREED TO, as 
modified, by voice vote.

     Page 13, after line 4, insert the following new section (and 
renumber the subsequent section and revise the table of contents 
amendment accordingly):
     ``Sec. 2104. Whistleblower Protections.''

 An en bloc amendment to the Amendment in the Nature of a 
Substitute to H.R. 4007 offered by Ms. Jackson Lee (#1F); was 
AGREED TO by voice vote.

     Consisting of the following amendments:
     Page 5, after line 5, insert a new Subparagraph entitled ``(C) 
Consultation.''
     Page 17, after line 2, insert the following (and renumber the 
subsequent sections and revise the table of contents amendment 
accordingly:)
     A new section entitled ``Sec. 2107. Small Covered Chemical 
Facilities.''

 An amendment to the Amendment in the Nature of a Substitute to 
H.R. 4007 on the roster by Mr. Higgins (#1G); was ADOPTED by 
unanimous consent.

     Page 12, line 9, after ``section 210A(j)(1) of this Act)'' insert 
the following: ``and State and local government officials, as 
determined appropriate by the Secretary,''.
     Page 12, line 14, after ``Homeland Security Information Network'' 
insert the following: ``or Homeland Secure Data Network, as 
appropriate''.

                            Committee Votes

    Clause 3(b) of rule XIII of the Rules of the House of 
Representatives requires the Committee to list the recorded 
votes on the motion to report legislation and amendments 
thereto.
    The Committee on Homeland Security considered H.R. 4007 on 
April 30, 2014, no recorded votes were requested during Full 
Committee consideration.
    The Subcommittee on Cybersecurity, Infrastructure 
Protection, and Security Technologies considered H.R. 4007 on 
April 3, 2014, and took the following votes:

?

SUBCOMMITTEE ON CYBERSECURITY, INFRASTRUCTURE PROTECTION,
AND SECURITY TECHNOLOGIES
ROLL CALL 1




Amendment offered by Mr. Perry--on agreeing to the amendment to the amendment in the Nature of a Substitute
 offered by Mr. Perry (#1B).
Agreed to: 5 yeas and 3 nays.



----------------------------------------------------------------------------------------------------------------
                Representative                  Yea    Nay               Representative              Yea    Nay
----------------------------------------------------------------------------------------------------------------
Mr. Meehan, Chair............................     X          Ms. Clarke, Ranking Member...........            X
Mr. Rogers of Alabama........................     X          Mr. Keating..........................            X
Mr. Marino...................................     X          Mr. Vela.............................
Mr. Chaffetz.................................                Mr. Horsford.........................            X
Mr. Daines...................................     X
Mr. Perry, Vice Chair........................     X
                                                                                                   -------------
                                                             Vote Total:                               5      3
----------------------------------------------------------------------------------------------------------------



SUBCOMMITTEE ON CYBERSECURITY, INFRASTRUCTURE PROTECTION,
AND SECURITY TECHNOLOGIES
ROLL CALL 2




Amendment offered by Ms. Clarke--on agreeing to the amendment to the amendment in the Nature of a Substitute
 offered by Ms. Clarke (#1G).
Not Agreed to: 3 yeas and 5 nays.



----------------------------------------------------------------------------------------------------------------
                Representative                  Yea    Nay               Representative              Yea    Nay
----------------------------------------------------------------------------------------------------------------
Mr. Meehan, Chair............................            X   Ms. Clarke, Ranking Member...........     X
Mr. Rogers of Alabama........................            X   Mr. Keating..........................     X
Mr. Marino...................................            X   Mr. Vela.............................
Mr. Chaffetz.................................                Mr. Horsford.........................     X
Mr. Daines...................................            X
Mr. Perry, Vice Chair........................            X
                                                                                                   -------------
                                                             Vote Total:                               3      5
----------------------------------------------------------------------------------------------------------------



SUBCOMMITTEE ON CYBERSECURITY, INFRASTRUCTURE PROTECTION,
AND SECURITY TECHNOLOGIES
ROLL CALL 3




Amendment offered by Mr. Horsford--on agreeing to the amendment to the amendment in the Nature of a Substitute
 offered by Mr. Horsford (#1J).
Not Agreed to: 3 yeas and 5 nays.



----------------------------------------------------------------------------------------------------------------
                Representative                  Yea    Nay               Representative              Yea    Nay
----------------------------------------------------------------------------------------------------------------
Mr. Meehan, Chair............................            X   Ms. Clarke, Ranking Member...........     X
Mr. Rogers of Alabama........................            X   Mr. Keating..........................     X
Mr. Marino...................................            X   Mr. Vela.............................
Mr. Chaffetz.................................                Mr. Horsford.........................     X
Mr. Daines...................................            X
Mr. Perry, Vice Chair........................            X
                                                                                                   -------------
                                                             Vote Total:                               3      5
----------------------------------------------------------------------------------------------------------------



SUBCOMMITTEE ON CYBERSECURITY, INFRASTRUCTURE PROTECTION,
AND SECURITY TECHNOLOGIES
ROLL CALL 4




Amendment offered by Mr. Horsford--on agreeing to the amendment to the amendment in the Nature of a Substitute
 offered by Mr. Horsford (#1K).
Not Agreed to: 3 yeas and 5 nays.



----------------------------------------------------------------------------------------------------------------
                Representative                  Yea    Nay               Representative              Yea    Nay
----------------------------------------------------------------------------------------------------------------
Mr. Meehan, Chair............................            X   Ms. Clarke, Ranking Member...........     X
Mr. Rogers of Alabama........................            X   Mr. Keating..........................     X
Mr. Marino...................................            X   Mr. Vela.............................
Mr. Chaffetz.................................                Mr. Horsford.........................     X
Mr. Daines...................................            X
Mr. Perry, Vice Chair........................            X
                                                                                                   -------------
                                                             Vote Total:                               3      5
----------------------------------------------------------------------------------------------------------------

                      Committee Oversight Findings

    Pursuant to clause 3(c)(1) of rule XIII of the Rules of the 
House of Representatives, the Committee has held oversight 
hearings and made findings that are reflected in this report.

   New Budget Authority, Entitlement Authority, and Tax Expenditures

    In compliance with clause 3(c)(2) of rule XIII of the rules 
of the House of Representatives, the Committee finds that H.R. 
4007, the Chemical Facility Anti-Terrorism Standards Program 
Authorization and Accountability Act of 2014, would result in 
no new or increased budget authority, entitlement authority, or 
tax expenditures or revenues.

                  Congressional Budget Office Estimate

    The Committee adopts as its own the cost estimate prepared 
by the Director of the Congressional Budget Office pursuant to 
section 402 of the Congressional Budget Act of 1974.

                                     U.S. Congress,
                               Congressional Budget Office,
                                      Washington, DC, May 30, 2014.
Hon. Michael McCaul,
Chairman, Committee on Homeland Security,
House of Representatives, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for H.R. 4007, the Chemical 
Facilities Anti-Terrorism Standards Program Authorization and 
Accountability Act of 2014.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contact is Jason 
Wheelock.
            Sincerely,
                                                 Douglas Elmendorf.
    Enclosure.

H.R. 4007--Chemical Facilities Anti-Terrorism Standards Program 
        Authorization and Accountability Act of 2014

    H.R. 4007 would make permanent the Department of Homeland 
Security's (DHS's) authority to regulate security at certain 
chemical facilities in the United States. Under the Chemical 
Facility Anti-Terrorism Standards (CFATS) program, DHS collects 
and reviews information from chemical facilities in the United 
States to determine which facilities present security risks. 
Facilities determined to present a high level of security risk 
are then required to develop a Site Security Plan (SSP). DHS in 
turn conducts inspections to validate the adequacy of a 
facility's SSP and their compliance with it. The program is set 
to end on October 4, 2014.
    H.R. 4007 would authorize appropriations of slightly more 
than $87 million annually for the CFATS program over the 2015-
2017 period. That program received $81 million in 2014. Based 
on the proposed authorization level for the 2015-2017 period 
and adjusting for inflation, CBO estimates that the continued 
implementation of CFATS would require appropriations of $90 
million in 2018 and $93 million in 2019. Assuming appropriation 
of the authorized and estimated amounts, CBO estimates that 
implementing H.R. 4007 would cost $427 million over the 2015-
2019 period.

----------------------------------------------------------------------------------------------------------------
                                                                 By fiscal year, in millions of dollars--
                                                         -------------------------------------------------------
                                                            2015     2016     2017     2018     2019   2015-2019
----------------------------------------------------------------------------------------------------------------
                                  CHANGES IN SPENDING SUBJECT TO APPROPRIATION

Estimated Authorization Level...........................       87       87       87       90       93       445
Estimated Outlays.......................................       46       76       98      102      105       427
----------------------------------------------------------------------------------------------------------------
Note. Numbers do not add to totals because of rounding.

    Enacting H.R. 4007 could result in the collection of 
additional civil penalties, which are recorded as revenues and 
deposited in the Treasury; therefore, pay-as-you-go procedures 
apply. However, CBO estimates that such collections would be 
insignificant. Enacting the bill would not affect direct 
spending.
    H.R. 4007 would extend intergovernmental and private-sector 
mandates, as defined in the Unfunded Mandates Reform Act 
(UMRA), on owners and operators of public and private 
facilities where certain chemicals are present. Current law 
requires owners and operators to assess the vulnerability of 
their facilities to a terrorist incident and to prepare and 
implement facility security plans. This bill would make 
permanent the authority for DHS to regulate those facilities by 
establishing minimum standards to protect facilities from acts 
of terrorism and other security risks. Because public and 
private entities already meet the requirements of similar 
regulations, CBO estimates that the aggregate additional costs 
to comply with the mandates would be small and would fall below 
the annual thresholds established in UMRA for intergovernmental 
and private-sector mandates ($76 million and $152 million, 
respectively, in 2014, adjusted for inflation).
    The CBO staff contacts for this estimate are Jason Wheelock 
(for federal costs), Melissa Merrell (for the intergovernmental 
impact), and Marin Burnett (for the private-sector impact). The 
estimate was approved by Theresa Gullo, Deputy Assistant 
Director for Budget Analysis.

         Statement of General Performance Goals and Objectives

    Pursuant to clause 3(c)(4) of rule XIII of the Rules of the 
House of Representatives, H.R. 4007 contains the following 
general performance goals and objectives, including outcome 
related goals and objectives authorized.
    The Infrastructure Security Compliance Division (ISCD) must 
reduce its backlog of facility audits and inspections and make 
significant progress in identifying the full universe of 
chemical facilities of interest in the United States. The 
Secretary must report to Congress on progress in both regards 
within 18 months of this Title's enactment. ISCD must also 
develop a workable risk assessment and tiering methodology 
based on the Homeland Security Studies and Analysis Institute 
Tiering Methodology Peer Review (Publication Number: RP12-22-
02), and the Secretary must report to Congress on the 
Division's progress in doing so within 18 months of this 
Title's enactment. In addition, the Secretary must define and 
submit to Congress a report on best practices that may assist 
small chemical facilities, as defined by the Secretary, in the 
development of physical security measures in order to 
facilitate small facility compliance.

                      Duplicative Federal Programs

    The Committee finds that H.R. 4007 does not contain any 
provision that establishes or reauthorizes a program known to 
be duplicative of another Federal program.

   Congressional Earmarks, Limited Tax Benefits, and Limited Tariff 
                                Benefits

    In compliance with rule XXI of the Rules of the House of 
Representatives, this bill, as reported, contains no 
congressional earmarks, limited tax benefits, or limited tariff 
benefits as defined in clause 9(e), 9(f), or 9(g) of rule XXI.

                       Federal Mandates Statement

    The Committee adopts as its own the estimate of Federal 
mandates prepared by the Director of the Congressional Budget 
Office pursuant to section 423 of the Unfunded Mandates Reform 
Act.

                        Preemption Clarification

    In compliance with section 423 of the Congressional Budget 
Act of 1974, requiring the report of any Committee on a bill or 
joint resolution to include a statement on the extent to which 
the bill or joint resolution is intended to preempt State, 
local, or Tribal law, the Committee finds that H.R. 4007 does 
not preempt any State, local, or Tribal law.

                  Disclosure of Directed Rule Makings

    The Committee estimates that H.R. 4007 would require no 
directed rule makings.

                      Advisory Committee Statement

    No advisory committees within the meaning of section 5(b) 
of the Federal Advisory Committee Act were created by this 
legislation.

                  Applicability to Legislative Branch

    The Committee finds that the legislation does not relate to 
the terms and conditions of employment or access to public 
services or accommodations within the meaning of section 
102(b)(3) of the Congressional Accountability Act.

             Section-by-Section Analysis of the Legislation


Section 1. Short title

    This section provides that the bill may be cited as the 
``Chemical Facility Anti-Terrorism Standards Program 
Authorization and Accountability Act of 2014.''

Sec. 2. Chemical Facility Anti-Terrorism Standards Program

    This section modifies the Homeland Security Act of 2002 (6 
U.S.C. 101 et seq.) Title XXI--Chemical Facility Anti-Terrorism 
Standards.

    SECTION 2101. CHEMICAL FACILITY ANTI-TERRORISM STANDARDS PROGRAM

Subsection (a) Program established

    This subsection directs the Secretary of Homeland Security 
(the Secretary) to establish standards to ensure the security 
of chemical facilities through the Chemical Facility Anti-
Terrorism Standards Program (CFATS). The Secretary shall 
establish risk-based performance standards to protect covered 
chemical facilities from acts of terrorism and other security 
risks, require covered facilities to submit to the Department 
of Homeland Security (DHS) vulnerability assessments, and 
assist in developing and implementing site security plans.
    The key elements of this subsection were included in the 
original CFATS authorizing statute, Pub. Law 109-295, the 
Department of Homeland Security Appropriations Act of 2007, 
Sec. 550, hereinafter referred to as ``Sec. 550''. Thus, this 
subsection's language is simply intended to reiterate the 
purpose of the CFATS program and the Secretary's general charge 
to develop risk-based performance standards. Given that CFATS 
has been in effect since 2007, the Secretary has already 
developed these standards, and this legislation does not intend 
to direct the Secretary to develop anything new in that regard. 
This legislation seeks to codify that language in the United 
States Code, and to change it only in the specific instances 
described below.

Subsection (b) Security measures

    The security measures described in this subsection 
highlight the basic requirements for a site security plan, and 
are unchanged in pertinent part from Sec. 550. Site security 
plans should include a layered security approach to 
appropriately address the security vulnerability assessment and 
risk-based performance standards for the facility.

Subsection (c) Approval or disapproval of site security plans

    Under this subsection, the Secretary is directed to 
evaluate and approve site security plans described under 
subsection (a). The Secretary may not, however, require the 
presence or absence of particular measures, as long as the 
risk-based performance standards established under subsection 
(a) are satisfied. This subsection further instructs that the 
Secretary may approve alternative security programs (ASP), if 
they satisfy all the requirements of the subsection. The 
approval and disapproval process for site security plans 
reflects current practice and is consistent with the original 
provisions of Sec. 550.
    The original CFATS legislation authorized DHS to approve 
ASPs ``established by private sector entities,'' among others, 
and the draft CFATS rules issued in December 2006 anticipated 
DHS being able to approve ``an Alternative Security Program for 
covered facilities.'' However, the DHS 2007 Interim Final Rule 
inexplicably changed course and required ASPs to be approved on 
a facility-by-facility basis--largely eliminating any benefit 
from an ASP.
    This provision seeks to address DHS's 2007 change in 
course, and bring CFATS back into alignment with the original 
intent of the legislation by following the lead of the U.S. 
Coast Guard's Maritime Transportation Security Act (MTSA) 
protocol. The Coast Guard regulations provide for ASPs to be 
approved for certain types of facilities or vessels, and the 
Coast Guard has approved a variety of ASPs submitted by 
industry trade associations. Facilities and vessels owned or 
operated by members of those associations can choose to use the 
relevant ASP in lieu of developing an individual facility or 
vessel security plan.
    Following that model, section 2101(c)(2) clarifies that DHS 
can approve an ASP for a class or type of facilities, and that 
facilities of that class or type have the option of adopting 
such an ASP in lieu of developing a facility-specific Site 
Security Plan. The Committee intends that DHS will promptly 
revise its regulations to allow this to occur. Approval of 
generic ASPs will save facilities significant resources. It 
will also simplify and expedite DHS's review and approval of 
facility plans.
    Expanding on this idea, this section allows the Secretary 
to consult with the Government Accountability Office (GAO) in 
order to explore the feasibility of developing a pre-approved 
site security template, which could potentially be used by 
multiple similarly-situated facilities. The Secretary is not 
authorized to compel facilities themselves to participate in 
this process, however. They may do so voluntarily, but have no 
obligation. This possible approach is intended to lighten the 
burden on industry--not increase it.
    Finally, this subsection creates a ``grandfather clause'' 
to provide that a site security plan, which has been approved 
by the Secretary prior to the date of enactment of this title, 
need not be reevaluated solely by reason of that enactment. In 
other words, those facilities that have already had their site 
security plans approved will not be required to resubmit site 
security information or to repeat the approval process.

Subsection (d) compliance

    This subsection aims to facilitate DHS-industry 
coordination and simplify the compliance process. It allows 
non-Department and nongovernment facility auditors and 
inspectors to be leveraged, upon approval by the Secretary. In 
April 2013, GAO estimated that at its present pace, it could 
take the DHS Infrastructure Security Compliance Division (ISCD) 
upwards of 7 years to complete audits and inspections of the 
3,120 facilities that have already been assigned a final tier. 
ISCD is in the process of looking at ways to successfully hire, 
train and deploy additional ISCD-specific auditors and 
inspectors. But at present, ISCD simply does not have the 
workforce to get the job done in a timely way. In order to 
improve this situation, the legislation allows the Secretary to 
utilize both non-Department auditors and inspectors--that is, 
auditors and inspectors who do similar work for a different 
agencies, the U.S. EPA or the Occupational Safety and Health 
Administration (OSHA), for example--and nongovernment 
professional auditors and inspectors (contractors), as approved 
by the Secretary, to supplement ISCD's internal cadre.
    In the interest of ensuring consistent standards and 
procedures with regard to audits and inspections, this 
subsection further directs the Secretary to prescribe standards 
for the qualification of the individuals who carry out such 
audits and inspections that are commensurate with the standards 
for a government auditor or inspector, and to prescribe 
standards for the training and retraining of individuals 
employed by the Department as auditors and inspectors, as well.
    Finally, the legislation specifies that any nongovernment 
inspector shall be assigned in coordination with the head of 
audits and inspections for the region in which the audit or 
inspection is to be conducted, and shall report to the 
respective head of audits and inspections for the region in 
which the individual is operating. This provision ensures that 
while a contractor may not be an employee of the Government, 
they are still under the Government's auspices in carrying out 
his audits and inspections. The ultimate responsibility still 
rests with the Secretary.
    This subsection also provides that if a facility is found 
to be non-compliant the Secretary must first present the 
facility with written notice of that non-compliance before 
issuing fines or penalties. However, in the event of continued 
non-compliance the Secretary may order a facility to cease 
operations. These provisions are consistent with language 
included in Sec. 550.
    To further improve workability and efficiency, the 
legislation sets parameters for the Personnel Surety 
requirement under the CFATS regulations (Risk Based Performance 
Standard [RBPS] 12). Industry stakeholders have long protested 
that despite the simple, straightforward language of RBPS 12, 
the Department has been imposing on facilities onerous 
obligations that go well beyond the scope of what is actually 
needed to meet the requirement. Members of the Committee agree. 
The specific RBPS 12 provision at issue has been (iv), 
regarding ``[m]easures designed to identify persons with 
terrorist ties.''
    In a series of Federal Register notices published in 
compliance with the Paperwork Reduction Act, DHS has described 
its plans for a Personnel Surety Program (PSP), to be 
implemented as part of the Chemical Security Assessment Tool 
website, which would allow facilities to submit information 
regarding covered individuals for checking against the 
Terrorist Screening Data Base (TSDB). A variety of other 
Federal security screening programs currently perform such 
checks. Nonetheless, DHS announced that it would not approve a 
Site Security Plan that seeks to satisfy RBPS-12(iv) by 
allowing an individual to present a similarly-vetted 
credential. Rather, DHS insisted that facilities (or other 
entities acting on the facility's behalf) submit information on 
such individuals through the PSP website, at least 48 hours 
prior to such a person's initial access to the facility. DHS 
maintains that this is necessary to allow it to determine if 
the presented credential is still valid.
    The Committee believes that such a submission requirement 
is redundant and unnecessary. Accordingly, subparagraphs (A) 
and (B) of section 2101(d)(3) provide that a facility may 
satisfy its obligation under RBPS-12(iv) by relying upon 
presentation and visual validation of any credential issued by 
a Federal screening program that periodically vets individuals 
against the TSDB. A facility cannot be required to submit 
information about an individual to DHS unless the person has 
been identified as presenting a terrorism security risk.
    Section 2102(d)(4) ensures that DHS does not attempt to re-
impose this requirement as an access control security measure, 
separate from any notion of personnel surety.
    The Committee is aware that the DHS Office of Screening 
Coordination has been considering how DHS component agencies 
might work together to establish a single credential that an 
individual could use to satisfy any DHS program regarding 
identity or other background checking purposes. Rather than 
issuing separate credentials or requiring the repeated 
submission of information, different DHS programs could issue 
program-specific endorsements to that credential. The Committee 
strongly supports this initiative, which holds the promise of 
reversing the unfortunate proliferation of credentials and 
screening programs that we have witnessed over the past decade 
and a half. Section 2101(d)(3)(C) directs the Secretary to 
submit a report describing its progress by March 1, 2015 and 
annually thereafter.
    Additionally, this subsection provides a participating 
owner or operator of a covered chemical facility with feedback 
about an individual based on vetting the individual against the 
TSDB, to the extent that such feedback is necessary for the 
facility's compliance with CFATS regulations. The regulated 
community has argued that the security of a facility is 
jeopardized when an owner or operator unknowingly allows access 
to a suspected terrorist. Yet to date, DHS has refused to tell 
facility owners and operators when an individual with access 
has come up as a TSDB match. The concern from DHS's perspective 
is that the Department does not want to potentially interfere 
with an open CIA or FBI operation that might involve the 
individual in question. The conditional disclosure of 
information expressed in this section represents a compromise 
reached between industry and DHS. This compromise allows DHS to 
notify a facility owner or operator that a suspected terrorist 
has access to their facility if that individual presents a 
threat to the facility's physical security in such a way as to 
undermine the facility's efforts to comply with the regulations 
promulgated under this title.
    Finally, this subsection requires any such program to make 
available redress to an individual who wishes to challenge a 
determination based on DHS vetting.

Subsection (e) Responsibilities of the Secretary

    The explosion of the West Fertilizer facility in West, 
Texas in April 2013 brought to light the troubling fact that 
there were potentially thousands of small chemical facilities 
across the country that were unknown to DHS, and not compliant 
with CFATS regulations. The Committee's Subcommittee on 
Cybersecurity, Infrastructure Protection and Security 
Technologies (CIPST) subsequently held a hearing on the topic 
of ``outliers'' to assess the root of the problem from the 
perspectives of both the Department and the regulated 
community. What the hearing and additional investigation 
revealed was that the problem involved shortcomings in DHS' 
outreach and education at the local level, as well as a failure 
of the Federal agencies that regulate chemical facilities to 
share information among themselves.
    In response to the West, Texas tragedy, the National 
Protection and Programs Directorate (NPPD) developed an 
Outreach and Engagement Strategy and Implementation Plan to 
raise awareness of CFATS and the concern of outlier facilities, 
and has begun working with other Federal agencies to facilitate 
data matching and technology systems compatibility. The 
Committee intends to enhance the Department's efforts and 
expedite its success in identifying the full universe of 
chemical facilities of interest by mandating further 
communication with Federal agencies, in addition to increased 
outreach to State and local authorities with knowledge of 
chemical facilities located in their areas.
    This subsection also ensures that DHS is taking into 
account all relevant risk information when developing its risk 
assessment standards and corresponding tiering methodology, and 
instructs that the Secretary must maintain records of a change 
to any facility's tiering status, to include the rationale 
behind the change. In its April 2013 report on ISCD's progress, 
GAO recommended that DHS should enhance its risk assessment 
approach to incorporate all elements of risk, and conduct a 
peer review to help ensure that ISCD is effectively doing so. 
DHS concurred with that recommendation, and has taken steps to 
address it, including commissioning a Peer Review which was 
published in September, 2013 (The Homeland Security Studies and 
Analysis Institute's Tiering Methodology Peer Review, 
Publication Number: RP12-22-02). In this subsection, the 
legislation directs the Secretary to implement the GAO's 
recommendation to consider all areas of risk in developing risk 
assessments in order to more accurately reflect the core 
criteria of risk: threat; consequence, to include both economic 
consequences and fatalities; and vulnerability. The legislation 
further directs the Secretary to maintain records of any 
changes to a facility's tiering designation in order to ensure 
that sensible rationale was used in making the change, and to 
reinforce consistent standards.
    Under Section 2106 the legislation directs the Secretary to 
certify, within 18 months of the date of enactment of this 
title, that a risk assessment approach has been developed, and 
corresponding tiering methodology pursuant to this subsection 
and to include in that certification an assessment of the 
Department's efforts to implement the recommendations made in 
the Peer Review.

Subsection (f) Definitions

    This subsection specifies what facilities are considered to 
be ``covered chemical facilities'' and which are exempted, and 
what facilities are considered to be ``chemical facilities of 
interest.''
    As discussed, the West Fertilizer explosion brought to 
light the problem of noncompliant outlier facilities. During 
the CIPST Subcommittee's hearing on the issue, and its 
subsequent meetings with ISCD principals, it became evident 
that ISCD did not have clear authority to identify chemical 
facilities that had not affirmatively communicated with the 
Department by submitting a Top Screen. CFATS relies on 
facilities to initiate the compliance process through their Top 
Screen submissions. Thus, when a facility fails to do so, ISCD 
technically has no relationship with that facility. This lack 
of a relationship contributes to the outlier phenomenon. DHS 
should not need to wait for a chemical facility to take the 
first step in order to help ensure its security--because, as in 
the case of West Fertilizer, some facilities never do. In an 
effort to bridge the gap and solve the problem, the Committee 
has established a new category of facility: the ``chemical 
facility of interest.'' With the authority to reach out to a 
facility of interest, ISCD is no longer limited to a purely 
passive role in identifying facilities that may be at risk. If 
the Secretary has reason to believe a facility is holding 
threshold quantities of dangerous chemicals, he may now 
initiate contact with that facility and order the submission of 
a Top Screen. It should be noted, however, that the facility 
will only qualify as a regulated--or ``covered''--facility if, 
after having submitted its Top Screen, the Department 
determines that the facility meets the relevant risk criteria. 
If the facility does not meet that standard, it will not be 
considered a ``covered chemical facility.''
    This subsection also maintains the exemptions already in 
place for facilities regulated under MTSA or the Safe Drinking 
Water Act; wastewater treatment works regulated under the 
Federal Water Pollution Control Act; facilities owned or 
operated by the Department of Defense or the Department of 
Energy; and facilities regulated by the Nuclear Regulatory 
Commission. The Committee did not alter these exemptions from 
Sec. 550. First required by Congress to do vulnerability 
assessments and emergency response plans in 2002 under the 
Public Health Security and Bioterrorism Preparedness and 
Response Act (Safe Drinking Water Act Sections 1433-1435), 
drinking water facilities are covered under a mature regulatory 
scheme that is working well. Moreover, according to the DHS 
Inspector General, the United States contains approximately 
52,000 community water systems and 16,500 wastewater treatment 
facilities. Thus, although some have called for a removal of 
these exemptions, the Committee believes that to expand the 
CFATS mission to cover an additional 70,000 facilities--at 
precisely the time when the program is working to successfully 
manage its basic responsibilities--would be misguided.

Section 2102. Protection and sharing of information

    Another lesson learned from the tragedy at West, Texas was 
that first responders are not always properly trained or 
adequately prepared to fight chemical fires. Various chemicals 
and other hazardous materials call for various techniques in 
handling them. For example, because ammonium nitrate is an 
oxidizing material (decomposes under certain conditions to 
yield oxygen and increase a fire's intensity) smothering agents 
such as inert gases, steam, foam, dry chemicals, sand, etc. 
will have no effect, whereas anhydrous ammonia fires can be 
extinguished by the use of dry chemicals, carbon dioxide, or a 
water spray. Employing improper techniques to fight a chemical 
fire can have disastrous consequences. As the U.S. Chemical 
Safety Board's investigation of the West explosion noted, West 
volunteer firefighters were not made aware of the explosion 
hazard from the ammonium nitrate stored at West Fertilizer, and 
were caught in harm's way when the blast occurred.
    However, as recognized in subsections (a), (b) and (d) 
under this section, information about the exact location, 
nature and placement of hazardous chemicals is often kept 
classified in the interest of protecting homeland security. 
Should these details fall into the hands of a terrorist, for 
example, the results could be catastrophic. Information of this 
kind must be kept secure. In the interest of balancing these 
two equally important considerations--the safety and lives of 
first responders and the sensitive nature of chemical 
facilities information--the Committee directs the Secretary to 
provide Chemical-terrorism Vulnerability Information (CVI) to 
State and local government officials possessing proper 
clearances, and to State and local Fusion Centers for 
dissemination to first responders, as needed. Fusion Centers 
are designed to facilitate the sharing of sensitive information 
in a secure and responsible way.
    It should be noted that Section 2102(c) is not expressly 
made subject to section 2102(b). Thus, it is possible that, for 
example, a firefighter who does not possess a security 
clearance might be provided CVI by operation of section 
2102(c). However, the Committee emphatically does not intend 
for subsection 2102(c) to operate as a loophole that undercuts 
the protections provided by section 2102(b). It is for that 
reason that we have specified that information may only be 
disseminated by Fusion Centers, via the Homeland Security 
Information Network (HSIN) or the Homeland Secure Data Network 
(HSDN). The Committee will monitor the operation of this 
subsection to ensure that statutory protections for CVI are not 
loosened in practice.

Section 2103. Civil penalties

    This section provides that civil penalties may be assessed 
against a person who violates an order under this title, and 
that no one, save the Secretary, may bring an action against 
the owner or operator of a covered facility to enforce any of 
the title's provision. These penalties are consistent with Sec. 
550.

Section 2104. Whistleblower protections

    With regard to notifying the Department of failures to 
comply with CFATS regulations, whistleblowers can play an 
important role. Those employees who are on site and involved in 
a facility's day-to-day operations are sometimes in the best 
position to spot a security violation. Yet whistleblowers are 
often reticent to come forward for fear of retaliation from 
their employers.
    There are many State laws protecting whistleblowers from 
their private sector employers. Yet the average worker may not 
be aware those protections exist. Although the DHS Chemical 
Security webpage does display information on the ``CFATS 
Chemical Facility Security Tip Line,'' the information posted 
there with regard to whistleblower protections is scant. The 
posting simply reads, ``You may report concerns on voicemail 
anonymously.''
    In the interest of encouraging whistleblowers to come 
forward, this section requires that whistleblower protections 
available to chemical facilities employees are clearly 
articulated on the website, and published in relevant DHS 
materials.
    Some Committee Members felt that DHS should develop a 
program-specific whistleblower scheme in order to encourage 
more robust reporting. However, in the security context, 
employees may not--and should not--always have the sensitive 
security information that would explain why certain actions are 
or are not being taken. If the whistleblower investigative 
process allows discovery of security sensitive information, the 
process could be exploited to access this sensitive security 
information by any party, and in essence remove the security 
protection that needs to exist for the information. Moreover, 
if an action were to be brought, proceedings could result in 
public disclosure, intentional or otherwise, of sensitive 
security information. Such release is contrary to the very 
spirit of security programs like CFATS, because it is the 
limitation on access to information that protects against 
``increased risk of terrorist and other criminal activity.'' 
Thus, a CFATS-specific whistleblower protection scheme would be 
inadvisable without a great deal more consideration of 
unintended consequences and how sensitive information can be 
protected within such a framework.

Section 2105. Relationship to other laws

    This section specifies the parameters of preemption, 
directs the Secretary to coordinate with the Transportation 
Security Administration (TSA) to avoid duplicative rail transit 
regulation, and exempts rail facilities from CFATS. This will 
help to ensure that duplicative regulation is minimized.
    The Committee's meetings with industry stakeholders 
highlighted the fact ISCD's regulation of rail transit was in 
fact duplicative of TSA's regulation. Under the Aviation and 
Transportation Security Act (ATSA) and delegated authority from 
the Secretary of Homeland Security, TSA has far-reaching 
responsibility and authority for ``security in all modes of 
transportation . . . including security responsibilities . . . 
over modes of transportation that are exercised by the 
Department of Transportation.'' The Rail Transportation 
Security Rule under section 1580 of title 49 of the Code of 
Federal Regulations provides for the secure transport of 
hazardous materials. Therefore, where any CFATS regulation 
applicable to rail transit is duplicative of a TSA regulation, 
the CFATS regulation will be considered unnecessary and the TSA 
regulation will control. The same shall apply to rail 
facilities, which will not be required to register under CFATS.
    This section further provides that nothing in this title 
supersedes Federal law governing the manufacture, sale or 
handling of chemical substances or mixtures. Moreover, States 
and political subdivisions may adopt more stringent 
requirements with respect to chemical facility security, unless 
there is an actual conflict between this section and the law of 
that State or subdivision. This provision is consistent with 
language included in Sec. 550.

Section 2106. Reports

    One of the chief objectives of this legislation is to hold 
DHS accountable for implementing the CFATS program efficiently 
and effectively. With that in mind, the legislation requires 
the Secretary to report back to Congress on the Department's 
progress in carrying out the specific directives set forth in 
this title. The report shall detail the steps the Department 
has taken to satisfy the directives, as well as the metrics the 
Department has used to measure progress. Specifically, the 
Secretary is required to report on the identification of 
outliers, the development of a risk assessment approach that 
comports with the directive under subsection 2101(e)(2), and 
efforts to implement recommendations made in the Peer Review 
with regard to risk assessment and tiering methodology.
    Here, the Committee intends for the Secretary will have to 
provide hard data to support any claims, and more detail needs 
to be provided than simply ``progress is being made''.
    Further, the legislation requires GAO to monitor the 
Department's progress in implementing all of the directives 
issued under this title. GAO will provide to Congress its first 
report 180 days after enactment, and every 6 months thereafter. 
The Committee's intent in commissioning such regular reporting 
is to ensure that the Committee is fully aware of the 
Department's progress, or lack thereof, as it is occurring. 
This ``real time'' familiarity with CFATS operations will 
enable the Committee to tailor its oversight to ensure 
compliance with this title.

Section 2107. CFATS Regulations

    This section provides that the Secretary shall use the 
CFATS regulations already in effect in order to carry out the 
requirements of this title, so long as the Secretary determines 
they are appropriate. In other words, DHS is directed not to 
reissue its CFATS regulations, or undertake new rulemaking, 
unless it is absolutely necessary in order to implement a part 
of this title.
    This section also stipulates that the Secretary shall rely 
on the authority provided in this title to identify and 
designate chemicals of interest and relevant security risks. In 
August 2013, the President issued Executive Order 13650, 
``Improving Chemical Facility Safety and Security'' (EO). The 
EO's stated purpose is to investigate what ``additional 
measures can be taken by executive departments and agencies 
with regulatory authority to further improve chemical facility 
safety and security in coordination with owners and 
operators.''
    The Committee agrees that more must be done to improve 
chemical facility safety and security, and is very supportive 
of certain initiatives introduced in the EO. Indeed, this title 
reinforces many of them, such as increasing coordination with 
State and local partners; supporting first responders; and 
improving information sharing among Federal agencies.
    However, the Committee has two specific concerns. First, 
any conflation of ``safety'' and ``security'' should be 
avoided. Chemical facility ``safety'' and the ``physical 
security'' of chemical facilities are distinct concerns, and 
they require distinct approaches. Facility safety issues reside 
with the Environmental Protection Agency (EPA), which is 
charged with protecting human health and the environment, and 
with OSHA, which is charged with ensuring that employers 
provide a safe and healthful workplace. By contrast, DHS is 
specifically and uniquely equipped to mitigate the risk of 
terrorism. While coordination among the agencies responsible 
for regulating chemical facilities in various capacities can be 
useful (in sharing data about the existence of facilities in 
order to identify outliers, for example), to confuse their 
distinct missions is inadvisable.
    The Committee's second concern is that the EO could result 
in an expansion of CFATS authority at precidely the time when 
it is striving to manage its current responsibilities. Although 
the EO itself states, ``Nothing in this order shall be 
construed to impair or otherwise affect the authority granted 
by law to a department, agency, or head thereof,'' the 
Committee reiterates that fact in this section. The Committee 
will exercise its responsibility to evaluate the 
recommendations resulting from the EO, and provide guidance to 
DHS accordingly.

Section 2108. Small covered chemical facilities

    This section defines a ``small covered chemical facility'' 
as a facility with 350 employees or fewer. This designation is 
important because chemical facilities can be vastly different 
from one another in terms of their operations and security 
measures, depending on their size. Yet, according to industry 
stakeholders, DHS often thinks in terms of a ``one size fits 
all'' approach. Small, independently-owned facilities often do 
not have the resources, either in terms of capital or manpower, 
to conduct a security assessment in the same way that 
facilities owned by a large corporation do. Thus, in order to 
assist small facilities, the legislation requires the Secretary 
to report to Congress with recommended best practices for small 
facilities, specifically. In addition, this section allows the 
Secretary to provide voluntary assistance and guidance to small 
covered chemical facilities in the development of their 
physical security plans. This section is not intended to put 
any additional burden on small chemical facilities, nor is the 
Secretary authorized to impose any particular security 
measures. This section is only intended to provide a potential 
resource to small facilities. Implementation of any 
methodologies or best practices the Secretary might recommend 
would remain at the discretion of the facility.

Section 2109. Outreach to chemical facilities of interest

    This section builds on Section 2101(e) by directing the 
Secretary to develop an implementation plan for outreach to 
chemical facilities of interest in order to minimize the number 
of outliers. Once again, the Committee expects DHS to provide 
more than vague assurances that something is being done. Here, 
the legislation requires that DHS develop and submit to 
Congress a well thought out plan, with tangible steps for 
achievement.
    Through its Subcommittee hearing on the subject of 
outliers, the Committee learned that solving the problem of 
unidentified chemical facilities is far from insurmountable. As 
discussed, DHS has already begun to address the issue. But the 
legislation here directs the Secretary to take more than a 
piecemeal approach. Rather, the Secretary must develop a 
comprehensive strategy for bringing all outliers into the fold.

Section 2110. Authorization of appropriations

    This section sets a funding level for the CFATS program for 
$87,436,000 for each of fiscal years 2015, 2016 and 2017. This 
is the funding amount requested in the President's FY15 Budget 
Request to Congress, which reflected a modest increase of $3.4 
million over the FY14 enacted amount. The Committee supports 
this funding level because the increase will be directed toward 
enhancing efforts by ISCD to identify outlier facilities and 
implementing modifications to the tiering methodology based on 
recommendations made in the Peer Review.
    This section further directs the Secretary to commission a 
third-party study assessing the effectiveness of the current 
CFATS framework with regard to acts of terrorism, specifically. 
This directive reflects the Committee's interest in ensuring 
that the CFATS program sufficiently incorporates assessments 
for acts of terrorism into its basic framework. Threat 
assessment plays a critical role in the development and 
management of Homeland Security programs, allowing the 
Department to dedicate its limited resources to its various 
programs in a manner that is consistent with the specific 
threats each program is designed to mitigate. Vulnerabilities 
are more likely to exist where threat assessments are 
disconnected from, or not properly incorporated into, the 
organizing principles of program. The third party assessment 
required in this section shall examine CFATS programming for 
the degree to which it successfully aligns its priorities with 
ongoing threat assessment.
    Finally, this section directs the Secretary to develop a 
plan for the utilization of metrics to assess the effectiveness 
of the CFATS program, specifically with regard to those 
citizens and communities surrounding covered chemical 
facilities.

Sec. 3. Effective date

    This section states that the Act shall take effect 30 days 
after the date of enactment.

         Changes in Existing Law Made by the Bill, as Reported

  In compliance with clause 3(e) of rule XIII of the Rules of 
the House of Representatives, changes in existing law made by 
the bill, as reported, are shown as follows (new matter is 
printed in italic and existing law in which no change is 
proposed is shown in roman):

                     HOMELAND SECURITY ACT OF 2002


SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

  (a) * * *
  (b) Table of Contents.--The table of contents for this Act is 
as follows:

Sec. 1. Short title; table of contents.
     * * * * * * *

          TITLE XXI--CHEMICAL FACILITY ANTI-TERRORISM STANDARDS

Sec. 2101. Chemical Facility Anti-Terrorism Standards Program.
Sec. 2102. Protection and sharing of information.
Sec. 2103. Civil penalties.
Sec. 2104. Whistleblower protections.
Sec. 2105. Relationship to other laws.
Sec. 2106. Reports.
Sec. 2107. CFATS regulations.
Sec. 2108. Small covered chemical facilities.
Sec. 2109. Outreach to chemical facilities of interest.
Sec. 2110. Authorization of appropriations.

           *       *       *       *       *       *       *


         TITLE XXI--CHEMICAL FACILITY ANTI-TERRORISM STANDARDS

SEC. 2101. CHEMICAL FACILITY ANTI-TERRORISM STANDARDS PROGRAM.

  (a) Program Established.--There is in the Department a 
Chemical Facility Anti-Terrorism Standards Program. Under such 
Program, the Secretary shall establish risk-based performance 
standards designed to protect covered chemical facilities and 
chemical facilities of interest from acts of terrorism and 
other security risks and require such facilities to submit 
security vulnerability assessments and to develop and implement 
site security plans.
  (b) Security Measures.--Site security plans required under 
subsection (a) may include layered security measures that, in 
combination, appropriately address the security vulnerability 
assessment and the risk-based performance standards for 
security for the facility.
  (c) Approval or Disapproval of Site Security Plans.--
          (1) In general.--The Secretary shall review and 
        approve or disapprove each security vulnerability 
        assessment and site security plan under subsection (a). 
        The Secretary may not disapprove a site security plan 
        based on the presence or absence of a particular 
        security measure, but the Secretary shall disapprove a 
        site security plan if the plan fails to satisfy the 
        risk-based performance standards established under 
        subsection (a).
          (2) Alternative security programs.--The Secretary may 
        approve an alternative security program established by 
        a private sector entity or a Federal, State, or local 
        authority or pursuant to other applicable laws, if the 
        Secretary determines that the requirements of such 
        program meet the requirements of this section. A 
        covered chemical facility may meet the site security 
        plan requirement under subsection (a) by adopting an 
        alternative security program that has been reviewed and 
        approved by the Secretary under this paragraph.
          (3) Site security plan assessments.--In approving or 
        disapproving a site security plan under this 
        subsection, the Secretary shall employ the risk 
        assessment policies and procedures developed under this 
        title. In the case of a covered chemical facility for 
        which a site security plan has been approved by the 
        Secretary before the date of the enactment of this 
        title, the Secretary may not require the resubmission 
        of the site security information solely by reason of 
        the enactment of this title.
          (4) Consultation.--The Secretary may consult with the 
        Government Accountability Office to investigate the 
        feasibility and applicability a third party 
        accreditation program that would work with industry 
        stakeholders to develop site security plans that may be 
        applicable to all similarly situated facilities. The 
        program would include the development of Program-
        Specific Handbooks for facilities to reference on site.
  (d) Compliance.--
          (1) Audits and inspections.--
                  (A) In general.--The Secretary shall conduct 
                the audit and inspection of covered chemical 
                facilities for the purpose of determining 
                compliance with this Act. The audit and 
                inspection may be carried out by a non-
                Department or nongovernment entity, as approved 
                by the Secretary.
                  (B) Reporting structure.--Any audit or 
                inspection conducted by an individual employed 
                by a nongovernment entity shall be assigned in 
                coordination with the head of audits and 
                inspections for the region in which the audit 
                or inspection is to be conducted. When in the 
                field, any individual employed by a 
                nongovernment entity shall report to the 
                respective head of audits and inspections for 
                the region in which the individual is 
                operating.
                  (C) Requirements for nongovernment 
                personnel.--If the Secretary arranges for an 
                audit or inspection under subparagraph (A) to 
                be carried out by a nongovernment entity, the 
                Secretary shall require, as a condition of such 
                arrangement, that any individual who conducts 
                the audit or inspection be a citizen of the 
                United States and shall prescribe standards for 
                the qualification of the individuals who carry 
                out such audits and inspections that are 
                commensurate with the standards for a 
                Government auditor or inspector. Such standards 
                shall include--
                          (i) minimum training requirements for 
                        new auditors or inspectors;
                          (ii) retraining requirements;
                          (iii) minimum education and 
                        experience levels;
                          (iv) the submission of information as 
                        required by the Secretary to enable 
                        determination of whether the auditor or 
                        inspector has a conflict of interest;
                          (v) the maintenance of a secret 
                        security clearance;
                          (vi) reporting any issue of non-
                        compliance with this section to the 
                        Secretary within 24 hours; and
                          (vii) any additional qualifications 
                        for fitness of duty as the Secretary 
                        may establish.
                  (D) Training of department auditors and 
                inspectors.--The Secretary shall prescribe 
                standards for the training and retraining of 
                individuals employed by the Department as 
                auditors and inspectors. Such standards shall 
                include--
                          (i) minimum training requirements for 
                        new auditors and inspectors;
                          (ii) retraining requirements; and
                          (iii) any additional requirements the 
                        Secretary may establish.
          (2) Notice of noncompliance.--
                  (A) Notice.--If the Secretary determines that 
                a covered chemical facility or a chemical 
                facility of interest is not in compliance with 
                this section, the Secretary shall--
                          (i) provide the owner or operator of 
                        the facility with--
                                  (I) written notification 
                                (including a clear explanation 
                                of any deficiency in the 
                                security vulnerability 
                                assessment or site security 
                                plan) by not later than 14 days 
                                after the determination is 
                                made; and
                                  (II) an opportunity for 
                                consultation with the Secretary 
                                or the Secretary's designee; 
                                and
                          (ii) issue an order to comply by such 
                        date as the Secretary determines to be 
                        appropriate under the circumstances.
                  (B) Continued noncompliance.--If the owner or 
                operator continues to be in noncompliance after 
                the date specified in such order, the Secretary 
                may enter an order assessing a civil penalty, 
                an order to cease operations, or both.
          (3) Personnel surety.--
                  (A) Personnel surety program.--For purposes 
                of this title, the Secretary shall carry out a 
                Personnel Surety Program that--
                          (i) does not require an owner or 
                        operator of a covered chemical facility 
                        that voluntarily participates to submit 
                        information about an individual more 
                        than one time;
                          (ii) provides a participating owner 
                        or operator of a covered chemical 
                        facility with feedback about an 
                        individual based on vetting the 
                        individual against the terrorist 
                        screening database, to the extent that 
                        such feedback is necessary for the 
                        facility's compliance with regulations 
                        promulgated under this title; and
                          (iii) provides redress to an 
                        individual whose information was vetted 
                        against the terrorist screening 
                        database under the program and who 
                        believes that the personally 
                        identifiable information submitted to 
                        the Department for such vetting by a 
                        covered chemical facility, or its 
                        designated representative, was 
                        inaccurate.
                  (B) Personnel surety implementation.--To the 
                extent that a risk-based performance standard 
                under subsection (a) is directed toward 
                identifying individuals with terrorist ties--
                          (i) a covered chemical facility may 
                        satisfy its obligation under such 
                        standard with respect to an individual 
                        by utilizing any Federal screening 
                        program that periodically vets 
                        individuals against the terrorist 
                        screening database, or any successor, 
                        including the Personnel Surety Program 
                        under subparagraph (A); and
                          (ii) the Secretary may not require a 
                        covered chemical facility to submit any 
                        information about such individual 
                        unless the individual--
                                  (I) is vetted under the 
                                Personnel Surety Program; or
                                  (II) has been identified as 
                                presenting a terrorism security 
                                risk.
                  (C) Responsibilities of security screening 
                coordination office.--
                          (i) In general.--The Secretary shall 
                        direct the Security Screening 
                        Coordination Office of the Department 
                        to coordinate with the National 
                        Protection and Programs Directorate to 
                        expedite the development of a common 
                        credential that screens against the 
                        terrorist screening database on a 
                        recurrent basis and meets all other 
                        screening requirements of this title.
                          (ii) Report.--Not later than March 1, 
                        2015, and annually thereafter, the 
                        Secretary shall submit to Congress a 
                        report on the progress of the Secretary 
                        in meeting the requirements of clause 
                        (i).
          (4) Facility access.--For purposes of the compliance 
        of a covered chemical facility with a risk-based 
        performance standard established under subsection (a), 
        the Secretary may not require the facility to submit 
        any information about an individual who has been 
        granted access to the facility unless the individual--
                  (A) was vetted under the Personnel Surety 
                Program; or
                  (B) has been identified as presenting a 
                terrorism security risk.
          (5) Availability of information.--The Secretary shall 
        share with the owner or operator of a covered chemical 
        facility such information as the owner or operator 
        needs to comply with this section.
  (e) Responsibilities of the Secretary.--
          (1) Identification of facilities of interest.--In 
        carrying out this title, the Secretary shall consult 
        with the heads of other Federal agencies, States and 
        political subdivisions thereof, and relevant business 
        associations to identify all chemical facilities of 
        interest.
          (2) Risk assessment.--
                  (A) In general.--For purposes of this title, 
                the Secretary shall develop a risk assessment 
                approach and corresponding tiering methodology 
                that incorporates all relevant elements of 
                risk, including threat, vulnerability, and 
                consequence.
                  (B) Criteria for determining security risk.--
                The criteria for determining the security risk 
                of terrorism associated with a facility shall 
                include--
                          (i) the relevant threat information;
                          (ii) the potential economic 
                        consequences and the potential loss of 
                        human life in the event of the facility 
                        being subject to a terrorist attack, 
                        compromise, infiltration, or 
                        exploitation; and
                          (iii) the vulnerability of the 
                        facility to a terrorist attack, 
                        compromise, infiltration, or 
                        exploitation.
          (3) Changes in tiering.--Any time that tiering for a 
        covered chemical facility is changed and the facility 
        is determined to no longer be subject to the 
        requirements of this title, the Secretary shall 
        maintain records to reflect the basis for this 
        determination. The records shall include information on 
        whether and how the information that was the basis for 
        the determination was confirmed by the Secretary.
  (f) Definitions.--In this title:
          (1) The term ``covered chemical facility'' means a 
        facility that the Secretary identifies as a chemical 
        facility of interest and, based upon review of a Top-
        Screen, as such term is defined in section 27.105 of 
        title 6 of Code of Federal Regulations, determines 
        meets the risk criteria developed pursuant subsection 
        (e)(2)(B). Such term does not include any of the 
        following:
                  (A) A facility regulated pursuant to the 
                Maritime Transportation Security Act of 2002 
                (Public Law 107-295).
                  (B) A Public Water System, as such term is 
                defined by section 1401 of the Safe Drinking 
                Water Act (Public Law 93-523; 42 U.S.C. 300f).
                  (C) A Treatment Works, as such term is 
                defined in section 212 of the Federal Water 
                Pollution Control Act (Public Law 92-500; 33 
                U.S.C. 12920).
                  (D) Any facility owned or operated by the 
                Department of Defense or the Department of 
                Energy.
                  (E) Any facility subject to regulation by the 
                Nuclear Regulatory Commission.
          (2) The term ``chemical facility of interest'' means 
        a facility that holds, or that the Secretary has a 
        reasonable basis to believe holds, a Chemical of 
        Interest, as designated under in Appendix A of title 6 
        of the Code of Federal Regulations, at a threshold 
        quantity that meets relevant risk-related criteria 
        developed pursuant to subsection (e)(2)(B).

SEC. 2102. PROTECTION AND SHARING OF INFORMATION.

  (a) In General.--Notwithstanding any other provision of law, 
information developed pursuant to this title, including 
vulnerability assessments, site security plans, and other 
security related information, records, and documents shall be 
given protections from public disclosure consistent with 
similar information developed by chemical facilities subject to 
regulation under section 70103 of title 46, United States Code.
  (b) Sharing of Information With States and Local 
Governments.--This section does not prohibit the sharing of 
information developed pursuant to this title, as the Secretary 
deems appropriate, with State and local government officials 
possessing the necessary security clearances, including law 
enforcement officials and first responders, for the purpose of 
carrying out this title, if such information may not be 
disclosed pursuant to any State or local law.
  (c) Sharing of Information With First Responders.--The 
Secretary shall provide to State, local, and regional fusion 
centers (as such term is defined in section 210A(j)(1) of this 
Act) and State and local government officials, as determined 
appropriate by the Secretary, such information as is necessary 
to help ensure that first responders are properly prepared and 
provided with the situational awareness needed to respond to 
incidents at covered chemical facilities. Such information 
shall be disseminated through the Homeland Security Information 
Network or the Homeland Secure Data Network, as appropriate.
  (d) Enforcement Proceedings.--In any proceeding to enforce 
this section, vulnerability assessments, site security plans, 
and other information submitted to or obtained by the Secretary 
under this section, and related vulnerability or security 
information, shall be treated as if the information were 
classified material.

SEC. 2103. CIVIL PENALTIES.

  (a) Violations.--Any person who violates an order issued 
under this title shall be liable for a civil penalty under 
section 70119(a) of title 46, United States Code.
  (b) Right of Action.--Nothing in this title confers upon any 
person except the Secretary a right of action against an owner 
or operator of a covered chemical facility to enforce any 
provision of this title.

SEC. 2104. WHISTLEBLOWER PROTECTIONS.

  The Secretary shall publish on the Internet website of the 
Department and in other materials made available to the public 
the whistleblower protections that an individual providing such 
information would have.

SEC. 2105. RELATIONSHIP TO OTHER LAWS.

  (a) Other Federal Laws.--Nothing in this title shall be 
construed to supersede, amend, alter, or affect any Federal law 
that regulates the manufacture, distribution in commerce, use, 
sale, other treatment, or disposal of chemical substances or 
mixtures.
  (b) States and Political Subdivisions.--This title shall not 
preclude or deny any right of any State or political 
subdivision thereof to adopt or enforce any regulation, 
requirement, or standard of performance with respect to 
chemical facility security that is more stringent than a 
regulation, requirement, or standard of performance issued 
under this section, or otherwise impair any right or 
jurisdiction of any State with respect to chemical facilities 
within that State, unless there is an actual conflict between 
this section and the law of that State.
  (c) Rail Transit.--
          (1) Duplicative regulations.--The Secretary shall 
        coordinate with the Assistant Secretary of Homeland 
        Security (Transportation Security Administration) to 
        eliminate any provision of this title applicable to 
        rail security that would duplicate any security measure 
        under the Rail Transportation Security Rule under 
        section 1580 of title 49 of the Code of Federal 
        Regulations, as in effect as of the date of the 
        enactment of this title. To the extent that there is a 
        conflict between this title and any regulation under 
        the jurisdiction of the Transportation Security 
        Administration, the regulation under the jurisdiction 
        of the Transportation Security Administration shall 
        prevail.
          (2) Exemption from top-screen.--A rail transit 
        facility or a rail facility, as such terms are defined 
        in section 1580.3 of title 49 of the Code of Federal 
        Regulations, to which subpart 3 of such title applies 
        pursuant to section 1580.100 of such title shall not be 
        required to complete a Top-Screen as such term is 
        defined in section 27.105 of title 6 of the Code of 
        Federal Regulations.

SEC. 2106. REPORTS.

  (a) Report to Congress.--Not later than 18 months after the 
date of the enactment of this title, the Secretary shall submit 
to Congress a report on the Chemical Facilities Anti-Terrorism 
Standards Program. Such report shall include each of the 
following:
          (1) Certification by the Secretary that the Secretary 
        has made significant progress in the identification of 
        all chemical facilities of interest pursuant to section 
        2101(e)(1), including a description of the steps taken 
        to achieve such progress and the metrics used to 
        measure it, information on whether facilities that 
        submitted Top-Screens as a result of such efforts were 
        tiered and in what tiers they were placed, and an 
        action plan to better identify chemical facilities of 
        interest and bring those facilities into compliance.
          (2) Certification by the Secretary that the Secretary 
        has developed a risk assessment approach and 
        corresponding tiering methodology pursuant to section 
        2101(e)(2).
          (3) An assessment by the Secretary of the 
        implementation by the Department of any recommendations 
        made by the Homeland Security Studies and Analysis 
        Institute as outlined in the Institute's Tiering 
        Methodology Peer Review (Publication Number: RP12-22-
        02).
  (b) Semiannual GAO Report.--During the 3-year period 
beginning on the date of the enactment of this title, the 
Comptroller General of the United States shall submit a 
semiannual report to Congress containing the assessment of the 
Comptroller General of the implementation of this title. The 
Comptroller General shall submit the first such report by not 
later than the date that is 180 days after the date of the 
enactment of this title.

SEC. 2107. CFATS REGULATIONS.

  (a) In General.--The Secretary is authorized, in accordance 
with chapter 5 of title 5, United States Code, to promulgate 
regulations implementing the provisions of this title.
  (b) Existing CFATS Regulations.--In carrying out the 
requirements of this title, the Secretary shall use the CFATS 
regulations, as in effect immediately before the date of the 
enactment of this title, that the Secretary determines carry 
out such requirements, and may issue new regulations or amend 
such regulations pursuant to the authority in subsection (a).
  (c) Definition of CFATS Regulations.--In this section, the 
term ``CFATS regulations'' means the regulations prescribed 
pursuant to section 550 of the Department of Homeland Security 
Appropriations Act, 2007 (Public Law 109-295; 120 Stat. 1388; 6 
U.S.C. 121 note), as well as all Federal Register notices and 
other published guidance concerning section 550 of the 
Department of Homeland Security Appropriations Act, 2007.
  (d) Authority.--The Secretary shall exclusively rely upon 
authority provided in this title for determining compliance 
with this title in--
          (1) identifying chemicals of interest;
          (2) designating chemicals of interest; and
          (3) determining security risk associated with a 
        chemical facility.

SEC. 2108. SMALL COVERED CHEMICAL FACILITIES.

  (a) In General.--The Secretary may provide guidance and, as 
appropriate, tools, methodologies, or computer software, to 
assist small covered chemical facilities in developing their 
physical security.
  (b) Report.--The Secretary shall submit to the Committee on 
Homeland Security of the House of Representatives and the 
Committee on Homeland Security and Governmental Affairs of the 
Senate a report on best practices that may assist small 
chemical facilities, as defined by the Secretary, in 
development of physical security best practices.
  (c) Definition.--For purposes of this section, the term 
``small covered chemical facility'' means a covered chemical 
facility that has fewer than 350 employees employed at the 
covered chemical facility, and is not a branch or subsidiary of 
another entity.

SEC. 2109. OUTREACH TO CHEMICAL FACILITIES OF INTEREST.

   Not later than 90 days after the date of the enactment of 
this title, the Secretary shall establish an outreach 
implementation plan, in coordination with the heads of other 
appropriate Federal and State agencies and relevant business 
associations, to identify chemical facilities of interest and 
make available compliance assistance materials and information 
on education and training.

SEC. 2110. AUTHORIZATION OF APPROPRIATIONS.

  There is authorized to be appropriated to carry out this 
title $87,436,000 for each of fiscal years 2015, 2016, and 
2017.



                            ADDITIONAL VIEWS

    We are pleased to support the Committee-approved version of 
H.R. 4007, ``The Chemical Facility Anti-Terrorism Standards 
Authorization and Accountability Act of 2014''. Upon 
introduction, the Democratic Members of the Committee on 
Homeland Security identified a number of fundamental weaknesses 
in the bill but, through the legislative process, were pleased 
that Democratic amendments were accepted that not only address 
those weaknesses but also significantly improve the measure.
    At the February 27, 2014 legislative hearing held in the 
Cybersecurity, Infrastructure Protection, and Security 
Technologies (CIPST) Subcommittee, Ranking Member Yvette Clarke 
highlighted the following four fundamental weaknesses in the 
bill, as introduced: (1) a requirement that authorization for 
the Chemical Facility Anti-Terrorism Standards (CFATS) program 
terminate after two years; (2) the absence of an authorization 
of appropriations; (3) the failure to codify this critical 
infrastructure protection program in the Homeland Security Act; 
and (4) the perpetuation of the statutory prohibition of any 
Department of Homeland Security (DHS) regulation of security at 
water facilities, wastewater facilities and other possible 
targets that have been in place since the Fiscal Year 2007 
appropriation bill. Additionally, Democrats raised concerns 
about worker participation, the extent to which whistleblower 
protections would attach for a private sector worker who puts 
their job at risk by coming forward to report a CFATS 
violation, and the prospect that CFATS audits and inspections 
would be carried out by nongovernmental persons.
    At the conclusion of the April 3, 2014 CIPST markup, three 
of the four fundamental weaknesses that CIPST Ranking Member 
Clarke identified were resolved. Thanks to the leadership of 
CIPST Ranking Member Clarke and the other Subcommittee 
Democrats, the Subcommittee-approved version codified CFATS 
authority in the Homeland Security Act, authorized 
appropriations for the program, and no longer required the 
authority to sunset. The one remaining weakness that 
necessitated further action by the Full Committee was the 
statutory exemptions barring the regulation of water, 
wastewater, and other critical infrastructure chemical 
facilities without consideration of the associated homeland 
security risks.

                               EXEMPTIONS

    Every Secretary of Homeland Security since Secretary 
Michael Chertoff has expressed an interest in removing the 
exemptions from CFATS regulation on water facilities, 
wastewater facilities, and other possible terrorist targets. 
The exemptions were hastily agreed to in 2006 to overcome 
jurisdictional roadblocks to DHS receiving the statutory 
authority to establish a chemical security program. Democratic 
efforts to remove these exemptions were bolstered when at the 
April 30, 2014 Full Committee markup, Chairman Michael McCaul 
and the Majority accepted an amendment offered by Ranking 
Member Bennie G. Thompson to direct the Department to 
commission a third-party study to assess the vulnerabilities to 
acts of terrorism associated with the limited authority granted 
to the CFATS program, under its original authorization. We were 
pleased that, during the discussion of the amendment, Chairman 
McCaul agreed that the terrorism vulnerabilities at water 
facilities should be specifically addressed in the study and 
that the study will be important to inform the Congress, as it 
considers what to do to secure water facilities in the future.

                           OUTLINER CHALLENGE

    According to the bill's authors, H.R. 4007 was developed in 
response to the tragic events in West, Texas, in April of 2013, 
when an agricultural fertilizer distribution facility caught 
fire and exploded, destroying many homes and businesses, 
killing 15 first responders, and injuring over 200 in the 
town.\1\ We are pleased that the bill gives the Department new 
authority to compel certain actions by facilities that DHS has 
``a reasonable basis to believe'' holds regulated substances in 
threshold quantities. We believe that this new authority will 
allow DHS to proactively engage outlier facilities and bring 
them into compliance.
---------------------------------------------------------------------------
    \1\On April 22nd, the Chemical Safety Board issued its Preliminary 
Report on the West incident concluded that ``(the fire and explosion) 
resulted from the failure of a company to take the necessary steps to 
avert a preventable fire and explosion and from the inability of 
federal, state and local regulatory agencies to identify a serious 
hazard and correct it.'' (Lax Oversight Cited as Factor in Deadly Blast 
at Texas Plant,'' Manny Fernandez, New York Times, (April 22, 2014).
---------------------------------------------------------------------------
    Since consideration of this legislation by the Full 
Committee on April 30, 2014, the interagency working group 
convened by the President (pursuant to Chemical Security 
Executive Order 13650) to respond to the West, Texas incident, 
issued long-awaited recommendations that warrant consideration 
in the days and months to come. To the extent that the 
recommendations call for regulatory and legislative action to 
ensure that the CFATS program is effective, we would hope that, 
as H.R. 4007 moves through the legislative process, the 
recommendations would receive due consideration. Regardless of 
the Working Group's recommendations, changes are anticipated 
for the CFATS program insofar as the Department is expected to 
publish an Advanced Notice of Proposed Rulemaking in August to 
commence the process of updating the CFATS regulations, which 
have not changed since they were issued in 2007.
    We would also note that shortly after the Full Committee 
took action on H.R. 4007, a report was published by a broad-
based coalition led by the Environmental Justice and Health 
Alliance for Chemical Policy Reform that brings into sharp 
focus the vulnerability zones for chemical disasters and the 
populations that would be impacted. Entitled, ``Who's In 
Danger?,'' the report lays out important information about the 
demographic characteristics of populations within the 
``vulnerability zones'' of entire industry sectors that 
manufacture chemicals, treat water or wastewater, produce 
bleach, generate electric power, refine petroleum, produce pulp 
and paper, or otherwise have large numbers of people living in 
the path of a potential worst-case chemical release. The report 
also includes first-person accounts of the challenges faced by 
citizens in the vulnerability zones. As H.R. 4007 moves to the 
House Floor, we would urge Members to review this report, as it 
presents diverse voices on a shared area of concern.

             WORKER PARTICIPATION AND WHISTLEBLOWER RIGHTS

    During consideration of H.R. 4007, Democratic Members 
offered a number of amendments to strengthen the voices of 
chemical workers under this program. At the Subcommittee 
markup, the Majority rejected an amendment to ensure that 
workers who often have the best picture of a facility's 
vulnerabilities are brought into the vulnerability assessment 
and site security plan process. At the April 3, 2014 markup, 
another amendment to guarantee that when a worker comes forward 
to report vulnerabilities or CFATS compliance issues, they are 
shielded against retaliation or any harm by their employer was 
also rejected. At the time, the amendment seeking to grant 
whistleblower protection failed even though it was clear that 
some of the Members were unsure as to what protections, if any 
exist, for individuals that submit reports to the CFATS tip-
line.
    Subsequent to the Subcommittee markup, the Committee 
followed up with the Department and learned that there were no 
baseline protections that attach in all cases. In response, at 
the Full Committee markup, an amendment offered by CIPST 
Ranking Member Clarke to require DHS to publish on the Internet 
and in other materials made available to the public the 
whistleblower protections that attach for an individual that 
reports a vulnerability or other violation to DHS under the 
CFATS program was approved. Though acceptance of this amendment 
represents a step forward, we strongly believe that the 
provision of whistleblower rights under this program is 
essential to its success. DHS has finite audit and inspection 
resources, it is essential that an environment be fostered 
where a vigilant individual can come forward without 
jeopardizing their job.

                         THE USE OF CONTRACTORS

    We were troubled that H.R. 4007, as introduced, created the 
impression that DHS would not undertake the audits and 
inspections of chemical facilities with approved site security 
plans. It directed the Department to ``arrange for the audit 
and inspection'' of covered chemical facilities to determine 
regulatory compliance and explicitly allowed the Department to 
contract with private firms to carry out this important 
compliance responsibility. In 2007, during comment on the CFATS 
interim final rule, several stakeholders expressed concerns at 
the prospect of the Department using of third-party 
inspectors.\2\ As of October 23, 2012, the CFATS program had 
just over 100 Chemical Security Inspectors located in 10 
regional areas across the United States\3\ and have been 
represented by the American Federation of Government Employees 
union since March 2011. During the Subcommittee markup, Ranking 
Member Clarke attempted to scale back this provision and 
underscore that audits and inspections were inherently 
governmental functions. This effort was rebuffed by the 
Subcommittee Republicans.
---------------------------------------------------------------------------
    \2\As described by DHS, these concerns included potential conflicts 
of interest among third-party inspectors and members of the regulated 
community, maintenance of confidentiality of facility business and 
security information, potential variation in training and inspection 
standards between federal and third-party inspectors, and DHS 
establishment of qualifications, certification, and indemnification of 
third-party inspectors. Other stakeholders identified that DHS use of 
third-party inspectors might increase the rate at which MIS approved 
site security planning and implementation at regulated facilities.
    \3\The DHS had an additional 13 regional and district commanders to 
oversee the Chemical Security Inspectors. Office of Inspector General, 
Department of Homeland Security, Effectiveness of the Infrastructure 
Security Compliance Division's Management Practices to Implement the 
Chemical Facility Anti-Terrorism Standards Program, 01G-13-55, March 
2013.
---------------------------------------------------------------------------
    We are pleased that at Full Committee, Ranking Member 
Clarke's efforts at setting expectations and requirements for 
contractors, should DHS decide to use them, were successful. 
Clarke amendments were accepted to: (1) clarify that audits and 
inspections are the Department of Homeland Security's 
responsibility, though agreements with other governmental and 
qualified non-governmental entities can be entered into to 
carry out this responsibility; (2) require the activities of 
any non-governmental auditor or inspector to be overseen by the 
person in charge of CFATS audits and inspections for that 
region; (3) require any non-government auditor or inspector to 
report any issue of noncompliance with the program's rules to 
the Department within 24 hours; and (4) require the Department 
to set standards for training contract auditors and inspectors.

                            PERSONNEL SURETY

    We are pleased that the bill addresses concerns we have 
repeatedly expressed about the Department's approach to one of 
the risk-based performance based standards (RBPS) in the 
program--personnel surety.\4\ Members of Congress on both sides 
of the aisle have roundly criticized the Department's proposed 
Personnel Surety Program (PSP) as being too prescriptive and 
expansive. In an effort to provide flexibility to the regulated 
community, as is available with respect to the seventeen other 
performance standards under this program, the bill states that 
a covered chemical facility may use ``any federal terrorist 
screening program that periodically vets individuals against 
the terrorist screening database'' to satisfy the requirements 
of a personnel surety performance standard. We were pleased 
that the Majority saw fit to include language offered by CIPST 
Ranking Member Clarke in the version of the bill considered at 
Full Committee to clarifying the scope of the Department's 
personnel surety program Specifically, it set baseline 
requirements for the program to allow participating facilities 
to send information once, get feedback, and ensure that redress 
is made available to impacted individuals. Interestingly, this 
language was voted down on a recorded vote in Subcommittee.
---------------------------------------------------------------------------
    \4\The DHS has issued an information collection request proposing a 
personnel surety program, 78 Federal Register 17680-17701 (March 
22,2013).
---------------------------------------------------------------------------
    There are a number of other provisions authored by 
Democratic Members of the Committee that enhanced the bill in 
significant ways and reflect the cooperative, bipartisan nature 
of Committee consideration. We look forward to working with the 
Majority to authorize this vital infrastructure protection 
program and ensure it has the resources necessary to be 
effective.
            Sincerely,
                                   Bennie G. Thompson,
                                           Ranking Member.
                                   Yvette D. Clarke,
                                           Cybersecurity, 
                                               Infrastructure 
                                               Protection, and Security 
                                               Technologies.