As you’re reading this article, Congress passed or didn’t pass comprehensive chemical security legislation — or Congress did or didn’t include in the appropriations bill for the Department of Homeland Security (DHS) direction for DHS to promulgate security regulations for critical chemical facilities. As we are writing this, members of Congress and others are calling for DHS and Capitol Hill to move quickly to impose at least minimum security requirements on such facilities. Nevertheless, we don’t know at this point whether federal chemical security legislation will happen in 2006.
Some states have moved ahead in advance of federal action. In 2002, Baltimore enacted a city ordinance followed by Maryland legislation in 2004 that requires chemical facilities to conduct security vulnerability assessments and implement security measures commensurate with the finding of the assessments. Also in 2004 New York enacted legislation directing the State Office of Homeland Security to first identify and then assess security at critical chemical facilities in the state. In November 2005, New Jersey’s governor signed an order mandating security standards, including consideration of inherently safer technology, for certain chemical facilities. The sidebar highlights these requirements.
Significant public risk
New Jersey Domestic Security Preparedness Task Force Order mandating security standards for TCPA/DPCC chemical facilities
Applies to 140 N.J. chemical facilities, including 43 subject to the State’s Toxic Catastrophe Prevention Act (TCPA) program.
All facilities must:
Security assessments must include a critical review of:
TCPA facilities must also analyze and report the feasibility of:
Some security pundits believe that chemical facilities in populated areas pose risks comparable to those of commercial nuclear power plants or even weapons of mass destruction. During a February 2004 hearing on security vulnerabilities at chemical plants, representatives from the Government Accountability Office testified that “experts agree that the nation’s chemical facilities may be attractive targets for terrorists intent on causing massive damage.” Even the American Chemistry Council has called on Congress to give the DHS authority to require vulnerability assessments and security plans at critical chemical facilities and to enforce those requirements.
Despite this concern, comprehensive federal chemical security legislation has been actively debated in both houses of Congress this year. The Senate Homeland Security Committee passed S. 2145, the Chemical Facility Anti-Terrorism Act, in June and placed it on the Senate legislative calendar to await floor debate. The House Homeland Security Committee passed a different Chemical Facility Anti-Terrorism Act, H.R. 5695, in August and referred it to the Energy and Commerce Committee. In the meantime, the Senate accepted a provision to the 2007 DHS appropriations bill that would direct DHS to promulgate chemical facility regulations within six months.
While Congress has considered chemical facility security legislation every session since 2002, actions have been stymied over both substantive and jurisdictional disagreements: which committees in each house have sole or shared jurisdiction for the issue, whether EPA or DHS should have the regulatory authority, whether federal law should pre-empt state and local measures, whether facilities regulated under the Marine Transportation Security Act (MTSA) should be “grandfathered” in any new regulatory program, and whether high priority chemical facilities should be required to consider “inherently safer technologies” (ISTs) as part of their security assessments.
No lack of action
Even without comprehensive chemical security legislation, Congress, DHS and the industry have taken steps to increase security at some chemical facilities. The MTSA, passed in 2002, gave the Coast Guard (now part of DHS) authority over security in the nation’s ports, including vessels, facilities within the port areas and offshore structures. The Coast Guard promulgated regulations for certain facilities — including many chemical ones — that required vulnerability assessments, security measures and security planning to be enforced by the Coast Guard.
In the absence of regulatory authority, DHS has implemented voluntary programs to identify critical chemical sector assets and provide security assessment resources and tools:
- The National Infrastructure Protection Plan (NIPP) describes a coordinated, comprehensive risk management framework to establish national homeland security priorities, goals, and requirements for infrastructure protection (per requirements of the Homeland Security Act). As the “Federal Sector-Specific Agency” responsible for chemical sector security, DHS also has written a chemical sector annex to the NIPP.
- Through the Buffer Zone Protection Program (BZPP), DHS works with local high-priority sites and the surrounding law enforcement and emergency responders to develop a plan that will extend a zone of protection out from the facility fence and into the community, to thwart terrorists through measures such as increased law enforcement presence and surveillance. In 2005, DHS announced availability of $91.3 million for state and local officials to purchase equipment to protect community assets.
- DHS has partnered with representatives of the chemical sector to develop a methodology to identify and assess critical chemical facilities based on potential for uncontrolled chemical releases, theft of materials, essentiality of specific products, or economic criticality. This methodology, known as Risk Analysis and Management for Critical Asset Protection (RAMCAP), is based on security assessments developed by the chemical and petroleum industries but enhanced to meet DHS data needs and has been completed for chemical manufacturing, refining, LNG storage, nuclear commercial power and nuclear spent-fuel storage facilities. DHS is developing RAMCAP tools for other critical infrastructure sectors for national cross-sector risk assessment and so owners/operators can estimate potential consequences and vulnerability to an attack using a consistent system of measurements.
- RAMCAP is being used as part of regional Chemical Comprehensive Reviews (CCRs) being piloted to expand the BZPP concept. The first pilot, in Detroit, took place in February, the second and third pilots are expected to be conducted in Chicago and Los Angeles before the end of the year, and three more are planned in 2007. Results of the CCRs are also used to identify regional prevention, response and mitigation needs to respond to attacks at chemical facilities or other critical infrastructure assets in the region.
The chemical industry itself has taken voluntary steps to increase security. The Responsible Care Security Code of the American Chemistry Council (ACC) obligates its members to implement a security management program for facility, value chain and cyber security. The Synthetic Organic Chemical Manufacturers Association (SOCMA) incorporated security into its Chem Stewards program, as did the National Paint and Coatings Association with Coatings Care, and the National Association of Chemical Distributors (NACD) with Responsible Distribution Process. Such programs include requirements to assess security vulnerabilities, implement enhanced security measures to address vulnerabilities, and develop security-management plans. In addition, commercial initiatives are tackling some of the areas of concern, such as better and more-transparent communication among plant systems for security and process control.