| Home | Information Sharing & Analysis | Prevention & Protection | Preparedness & Response | Research | Commerce & Trade | Travel Security | Immigration |
The threat level in the airline sector is High or Orange. Read more.
Release Date: April 2, 2007
For Immediate Release
Office of the Press Secretary
Contact: 202-282-8010
Washington, D.C.
Secretary Chertoff: Well, I've got George Foresman, the Under Secretary for the National Protection and Programs Division in his first appearance in this new role, and Bob Stephan, the Assistant Secretary for Infrastructure Protection. We are here to talk about the interim final regulation for chemical security, which we are announcing today.
As you remember, last December, we released for comment a draft chemical security regulation, the general idea being we were going to have a risk-based regulatory framework for the chemical sector. Now, it's obviously very important to the economy that we have a chemical sector that is capable of functioning and being prosperous, but it's also true that we know that the aggregation or the collection of a lot of potentially dangerous chemicals in one place does create an attractive target to somebody who wants to carry out a terrorist attack.
We're not saying that there's any threat information about an imminent attack or a specific attack. We are saying that we know if we look at the history of how terrorists operate, they tend to try to leverage or exploit our own technology against us. And obviously, 9/11 was an example of that.
So for that reason, for some period of time, there's been a lot of public focus and discussion, as well as departmental focus about those areas where we have chemical industries or chemical storage facilities that house massive quantities of chemicals in proximity to high-density population centers.
We're obviously concerned that someone attacking and exploding such a facility or stealing from such a facility could pose a hazard to human life in a dense urban area, and that's something that we want to be very focused upon.
So, what we've wanted to do is to take prudent steps to reduce the vulnerabilities and limit the consequences of an attack on a chemical plant or chemical storage facility, particularly where, again, we're dealing with a potential large number of victims living in the vicinity.
We've spent a lot of time since December reviewing comments and feedback, and this is what they call, in the law, the notice and comment process. And I think what you'll see at the end of today's announcement is that we take it very seriously. Part of what we try to do is use the draft regulation as a way of spurring responses from the industry, from other government actors, from the public, as well as other elements of the private sector. We take all of it in, we analyze it, and then we use those comments to improve the quality of what we're producing, and I think that's what we've tried to do here in the regulation we are issuing today.
This regulation is going to impose for the first time, comprehensive federal security regulations for previously unregulated high-risk chemical facilities. It will go into effect in about 60 days – it's going to set national standards for chemical security, allowing us to create a risk-based, tiered structure for high-risk chemical plants, focusing, logically, on the most dangerous plants as those where the most demanding security requirements will be required by the regulation.
Now let me say, this is not the only effort we have taken with respect to chemical regulation since 9/11. We began after 9/11, first of all by working with industry, and state and local governments to actually get out into the field and conduct vulnerability and threat assessments at hundreds of chemical sites across the country. This gave us a better understanding of what the actual risks were.
We've provided significant resources to protect these sites through our Infrastructure Protection Program Grants, which include the Buffer Zone Protection Program. That basically funds local communities for taking steps that they need to put into effect in order to allow them to protect chemical plants and other high-risk facilities in their midst. And we've awarded over $187 million in Buffer Zone Protection Program Grants to enhance planning and security outside of high-risk chemical facilities and other important assets.
We also are looking not only at the plants themselves, but the way in which chemicals move from plant to plant or location to location. And that is, of course, largely something that occurs either by rail or by barge. And that's why we've regulated both the transmission of toxic inhalation chemicals by rail through TSA regulations we issued late last year, and also why the Coast Guard uses its authorities to regulate the transmission of these chemicals by barge. And, under the Maritime Transportation Security Act, those chemical plants already located in ports have been subject to a regulatory regime for some period of time by the Coast Guard.
So this is a case where this is not the first step we're taking to regulate chemical plants, but it is part of a series of steps closing the gaps and making sure that we have covered security for chemicals literally from cradle to grave – from manufacture to transportation until they reach their storage destinations.
And of course, in doing this we are building on some very substantial investments already made by the private sector. The critical thing that we needed to get this last piece into place was legislation by Congress. And Congress did enact legislation last fall as part of the appropriations process that gave us the authority to regulate the plants which we are regulating in today's measures. And therefore, I'm particularly pleased to announce that the regulations that we're going to have in place today will require facilities to meet specific standards that ensure a consistent level of security across the board.
Again, as I said in December, our approach is to work first with those facilities that present the highest risk, identify their weaknesses, and set forth some performance measures and security standards, which they will have to reach.
Now, what we do we mean by high-risk facilities? Well, we look at chemical plants and facilities and ask ourselves what kind – what is the kind and what is the quantity of chemicals that they have, because that's obviously a critical component of the threat that they pose. We look to see what the vulnerabilities are, and we look to see what the consequences would be of an explosion, for example, that dispersed a chemical cloud in a surrounding region. And that means we're particularly interested in the location that these plants are currently built in.
In fact, going beyond those specific plants we've identified, we are simultaneously releasing today a proposed list of chemicals of interest, which we're going to be seeking public comment on for the next 30 days. And what I mean by this is we are putting together a table of potentially dangerous chemicals and amounts, and telling the chemical industry that if you have housed on your facility chemicals in the quantities set forth, you are potentially in the category of plants that may fall subject to regulation. And what you need to do in that instance is to go through the process of analyzing in what we call our top-screen process – it's an online analysis tool – you've got to go through that, and you've got to see whether, in fact, you meet certain criteria. We will then review that, and we will make a determination whether you fall within one of the four higher-risk categories.
I want to emphasize that this doesn't mean that every one of the plants that houses these chemicals will be deemed to be high risk. I mean, one could be, for example, literally in the middle of the desert, and that might make it comparatively low risk.
It does mean, though, we are going to be more comprehensive than we have ever been in making sure that we have a full picture of all the chemical-based risks that are out there, and making sure we are systematically driving down the risks in the most dangerous plants.
Finally, I want to emphasize that we are talking about performance-based measures and not micro-management from Washington. In other words, we want to set down standards and requirements, but we do not want to necessarily prescribe the exact way in which a plant is going to meet those standards or achieve those performance requirements. That's because we want to unleash the ingenuity of the private sector to figure out what is the best way to skin this cat, just as long as the cat gets skinned at the end of the day.
Now, let me take you through a little bit of the nuts and bolts about how this is going to happen, and then talk about a couple of issues, which I think you'll be particularly interested in. All plants, both those that we currently have on our list to notify and those that identify themselves through the table of chemicals we're going to be issuing, are going to be required to complete an on-line security assessment through a secure DHS website.
Now again, I want to emphasize, the fact that you complete the assessment doesn't mean you're going to be regulated, but that is the kind of baseline way of measuring the universe of people we need to worry about.
Facilities that we determine need to be regulated or need to do some further work are going to be contacted by the department. And then they will have 60 days to provide information for the department's risk-assessment process. We'll evaluate those submissions to determine which facilities have a preliminary high-level security risk, and those will be covered by the regulations.
We're also going to divide high-risk facilities into four tiers, and the higher up you go in the tiering, the more – the tougher, frankly, the security measures are going to be. And that's because the highest tier plants are going to be those where the greatest risk to the public is presented.
Part of this, by the way, is the fact that the more dangerous the chemical, the higher the risk tier. And that creates, certainly, an option for a lot of plants to decide they want to use – or change their operations to use lower-risk chemicals, which would bring them down in the level of tiers, and would thereby reduce the amount of regulatory or protective activity they have to undertake.
Our initial estimate is there could be as many as 7,000 facilities that will fall in the high-risk category in one of those four tiers. And we – again, we assess that there probably would be about 300 to 400 that will fall in the top two tiers. Once we actually get the risk assessments, we'll be a little bit more refined.
All of the high-risk facilities will have to prepare and submit vulnerability assessments and, more important, site security plans. And those are the plans we're going to evaluate for quality and for compliance with the performance standards. To manage this process, we're going to use our Chemical Security Compliance Division housed within the Office of Infrastructure and Protection, led by Bob Stephan. For fiscal year '08, we've requested $25 million to staff and support this new office.
Among the kinds of performance standards we're looking for are, standards about how long and how robustly you secure the perimeter and the critical target, how you control your access, how you deter and prevent theft of potentially dangerous chemicals, and how you prevent internal sabotage. And of course, we want to provide guidance at every step of the way to the chemical industry in terms of the various ways they might meet these objectives.
Finally, we will be using site inspections and audits to ensure that those performance-based standards that have been imposed will, in fact, be implemented.
Critical to this is partnership, partnership with the chemical industry. Where a vulnerability assessment or a site security plan does not meet our approval, the facility is going to need to revise the plan and resubmit it. But for our part, we're going to provide technical assistance to help those plants get to the place they need to be.
And the final point I want to make is accountability. Facilities that, after we give it a good college try, fail to meet our performance standards could face penalties of up to $25,000 for each day during which a violation occurs, or they could be ordered to halt operations until security is brought up to a level we feel is appropriate.
Now, I'm confident that most chemical plants will voluntarily accomplish what we need to get done in the area of security. Many of them probably already have standards that are sufficient. But the important thing is to make sure that we bring even those that are laggard into compliance with what the public has a right to expect five years after September 11th.
Let me talk about one last issue, which is, what is, in particular, different about this rule, as compared to the rule we issued in December? I think there are four differences. One is, last December, we had not published a list of chemicals. This regulation is going to be accompanied by a proposed list of chemicals, which will guarantee that we are comprehensively reaching all of the facilities that ought to be in the universe subject to this rule.
Second, we have clarified the fact that confidential chemical terrorism vulnerability information will be shared with appropriate state and local officials, including, importantly, police and first responders. This is designed to clarify a misconception that somehow we were not going to let the cops and firefighters in the vicinity know what was going on at a chemical plant. Quite the opposite. It's very important that we get local authorities very tightly bound in with our process.
Third, is that we have determined that although a lot of plants have done their own site assessments for the three highest tiers, we will require them to submit those assessments using the particular on-line assessment tool that we're going to be providing in our secure website. We recognize a lot of work has been done on assessments already. It shouldn't be particularly onerous to configure those into the assessment tool that we're providing. I liken it to what you do around tax time, which is, you collect all your financial material, but you need to get your account actually fitted into the form 1040.
But we do need to make sure that we're operating off the same sheet of music in terms of understanding what the vulnerabilities are and what the security plans are.
Finally, let me get to the issue of preemption. Perhaps more than any other element of the regulations in December, the question of federal preemption of state law occupied a great deal of public attention and some public controversy. Let me begin by saying that some states, although not many, have existing laws for regulating chemical facilities with respect to chemical security. What we are concerned about in terms of preemption are only state laws and requirements that would conflict or interfere with the federal regulations, and only those would be preempted. Currently, the department has no reason to conclude that any of the existing state laws and regulations that are out there, dealing with chemical security, are being applied in a way that would impede or interfere with the federal rule.
So as we sit here now, we're not envisioning that this is going to be a problem, preemption, with respect to any of the existing regimes of chemical security in the states.
To make this point very clear, let me read you the actual language in the regulation: "This regulation is not intended to be the equivalent of field preemption for facilities determined to be high risk. Instead, it is only meant to indicate that the regulation is not to be conflicted by, interfered with, hindered by or frustrated by state measures under long standing legal principles."
I'll make it English. In plain English, what it means is this: We are not claiming that the federal government has preempted the field of chemical security regulation, and that everybody else has to get out of the way. What we are saying is, consistent with longstanding constitutional principles applied by the courts over 200 years, state regulations of chemical security can be put into effect, so long as they do not interfere with or conflict with the federal measures. So it's a much narrower form of preemption, and it's, frankly, the customary form of preemption that is used with respect to all federal regulation.
The bottom line is, our interest is in creating national standards and mandating a consistent responsible level of security, but not in interfering with the interests of states in making sure that they are taking the steps they feel are necessary to keep their citizens safe.
I should say that we did review existing state regulations. I emphasize again, not that many states actually have regulated in this area. We actually considered those regulations in retooling our own regulation for today's release, and we're comfortable that at least as currently configured the existing state regulations will be complementary and mutually supportive of what we are doing.
Before I conclude, I want to emphasize the vital role that state and local authorities play in protecting our country. Chemical security is not a federal responsibility, it is a shared responsibility, and not just among federal, state and local governments, also with the private sector, as well. We all have to work together to implement the best possible measures to strengthen the security of our chemical facilities while not undercutting what is a very important element of our national economy.
The rule we've announced today is a culmination of a lot of back and forth, a lot of input. We have listened, and where we feel that points had merit, we've adopted those points. We now look forward to working with the industry and with state and local government to implement this rule, and to move quickly to strengthen protection of this vital part of our economy.
And now I'm happy to answer questions.
Question: New Jersey is especially concerned about some new proposals that Governor Corzine has made in chemical plant security, and they're very concerned that these will be preempted by these new regulations. Can you address that at all? And also the whole question of, well, what if states want to go beyond what already exists?
Secretary Chertoff: Well, let me say, certainly looking at the existing state regulations in New Jersey, again, without imagining every way in which they might be applied, the current regulations do not seem to be problematic from a federal standpoint. It's always hard to predict what future proposals that haven't been enacted yet are going to be, so I can't really write a blank check in that regard.
But, what I can tell you is, I don't think that the mere fact that a state takes – adds some additional strength necessarily creates a preemption issue. Now, obviously, there are different ways to do things, and I can't tell you that a state that takes measures that actually conflict with what we're doing wouldn't have a preemption problem.
I'll tell you how this is going to get resolved – it's going to get resolved the way it always is: something is going to go to court, and a judge is ultimately going to make a decision. Our role under the regulations is to be able to offer an opinion— and particularly an opinion in which we analyze the practical effect of a state regulation and indicate to the court and to the parties whether we believe that practical effect really does interfere with federal regulation. We're not trying to preempt the field or dominate the field here. We do need, however, to make sure that our regulations are not frustrated if a state chooses to take an approach that is incompatible with what we're doing.
Question: Mr. Secretary, further to the question, the folks in New Jersey are saying it freezes them halfway there; they're saying that they had asked the facilities in the state to report on what chemicals they currently have stored. New Jersey was then going to take step B, and tell them which ones had to start moving to safer alternatives – the ISTs. What they're saying is you freeze them halfway there with this reg. And a corollary, or a follow-up is, why not just leave the reg totally silent about preemption?
Secretary Chertoff: Well, first of all, the reg is never – whether the reg is silent or not, preemption is a constitutional principle. It's not something that you can regulate in or regulate out. And what a judge is going to do, if there's a challenge to a state regulation, is look at the statute and determine what the statute requires in terms of preemption. What we're going to do is we're going to talk about the practical effect of a state regulation and whether it would have the impact of interfering with or frustrating our approach.
And let me give you a hypothetical example, so I give you some sense of what I mean. We have, as part of our regulation, a requirement that if information on vulnerability is submitted, it's going to be kept confidential. It can be shared with state and local officials, but it's not going to be made public. Let's assume a state were to pass a statute that said, we believe it's better security to put all those vulnerabilities up on the Internet and let the public know about it, so the public can decide whether they want to move away from the chemical plant. Well, I think we would probably regard that as inconsistent, because we're trying to keep this confidential from potential terrorists, and the hypothetical state – and I'm sure it's only hypothetical – would be taking the position: no, no, we want to make it publicly available. And they might even argue that theirs is "tougher than ours." But I can tell you that that's not –labeling it is not going to resolve the issue.
This is, more than anything else, a very fact-specific type of analysis. So when New Jersey decides what it wants to do, under the procedure we've established, they can present it to us. We are more than happy to express an opinion as to whether it is fundamentally inconsistent or fundamentally consistent. And then, ultimately, the courts will decide.
Yes.
Question: Two questions, one a follow-up and (inaudible). Would mandating – should a state mandate substitute chemicals, which, of course, the industries are opposed to, significantly opposed to, would you consider that something that frustrates your efforts, because it could undermine cooperation that you need with the private sector?
And the second question is, when you were talking about specifically the state and local police, there was an issue in terms of clearances, not enough clearances being out there. We know there's a problem with that (inaudible) so that, in effect, given the state of things, that information may now actually impede flow to states and locals as they need it.
Secretary Chertoff: I think the answer to the second is, because we're not classifying this information – it's going to be confidential, it's not in a classification – I think the rule is designed to allow state and local officials, including police, who have a need to know, to get that information. So I don't think clearances are going to be an issue.
As far as the first question is concerned, there's a wonderful principle observed in the courts, which I'm sure will apply here, which is you don't anticipate as yet – anticipate hypothetical scenarios in coming up with what would the law do if this were to happen. If there's a particular regulation, or a particular statute that a state passes, mandating something, this department, and ultimately a judge, is going to have to evaluate it concretely in order to make a determination about whether it frustrates the law. I think you can sit here and spin out hypotheticals until the cows come home, and I don't think that that's a useful way to analyze whether something is preempted or not. I can just tell you, based on my experience, what's going to matter a lot is the concrete specifics of what a particular regulation and statute mandate.
It may be that some kind of a mandate is deemed to be consistent; it may be another kind of mandate is deemed to be inconsistent. So the one thing I don't think you can responsibly do is write blank checks based on broad hypothetical categories.
Question: But we know where the fault lines are. One of the fault lines is disclosure, and one of the other fault lines is this alternate safer technology. You theorized about one –
Secretary Chertoff: Well, the disclosure one – I theorized about one because I felt pretty safe that that was so outlandish that I was never going to be presented with it in real life. But I think the answer is you really – I mean, this is truly an area where the devil is in the details. And I can tell you, you can take – if you look at preemption with respect to any statute in the United States code, very subtle differences in state rules and regulations are going to cause dramatically different outcomes. It really is a very, very fact-specific analysis that courts undertake. I understand it's frustrating if you're looking to boil it down for the leading newspaper article, but I frankly think anybody who tries to predict in advance, based on a broad categorization, what's going to be allowed and what's not going to be allowed is really giving an opinion that's not worth very much. I think it's going to depend an awful lot on the specifics to determine whether something is preempted or not preempted.
Question: I actually have another quick one, and that is, what are the kind of deadlines? I mean, you keep saying that they have 60 days to respond, and then you look at it, then you do the site inspection – what are we talking about? When are things going to get improved? A year from now, two?
Secretary Chertoff: No, no, no, the regulation becomes effective in 60 days. And then starting on the 60 days, our notifications go out. And then they may go out afterwards as we discover new plants, based on what we're requiring in terms of the list of chemicals. And then the plants will have 60 days to get back to us with the information. We will then analyze it, and we will first start with the top most risky companies. We're already, frankly, working with them, so my supposition is that many of them will already have satisfied what they need to do, based on the work we've done with them over the last couple of years, and that we'll continue to do with them.
So we're not going to wait for the 60 days to get the jump on this, but the requirement for the plants to get back to us, in terms of their first analysis, will come within 60 days after they get either notified by us, or otherwise become aware of their obligation.
Question: I guess I was just talking about – but for the deadline for when they actually have to have the improvements in place – what if you have a plant that's not really cooperative? I mean, when are we talking about when you might be imposing penalties?
Secretary Chertoff: Again, it's hard to speculate. We're going to have to judge – if someone sends in a plan that is unsatisfactory, we're going to go back to them and say, it's unsatisfactory; here's what you have to be able to achieve. I don't know that I can tell you that you get a year to accomplish that. I don't think that's right. I think we will work with them, but if the risk is so great and the cooperation is so little that it requires more coercive action, we will take more coercive action. But I don't think there's a strict deadline that you get X number of days to satisfy us or we drop the hammer.
Question: Could you just go over that – 60 days before the regs go out –
Secretary Chertoff: The regs go out today. They become effective in 60 days.
Question: Right. And then that online form, how long do they have –
Secretary Chertoff: From the time of notification, you have 60 days to complete your assessment and get it in to us.
Question: And then you'll get back to them in…
Secretary Chertoff: We're going to triage them; we're going to look at the most significant ones first. We basically know which those are, but we'll make sure we haven't missed anything. And then we'll begin engaging with them right away, as we, in fact, have been doing up until now.
Question: Mr. Secretary, as you know there's congressional language in the supplemental spending bill that would – some would require IST, and some would allow state laws to go forward. Do you think that the change that you've made with the draft accomplishes the same goal? And do you expect that language to be taken out?
Secretary Chertoff: Well, I'm not going to predict what Congress is going to do. I'm going to say this: I think the language we've put in is responsible; it allows states to regulate to protect their citizens. It does not require them to necessarily subordinate their security concerns to the federal system. It just requires that they not be inconsistent with the federal system.
We're using an approach which has a big virtue; it's time-tested as an approach that the courts know how to work with and where we have a whole body of law that tells us how to move forward.
Some of the proposals I see in Congress, which talked about – you have to go to the more stringent, I'm going to tell you right now, it's going to cause more problems than it corrects, because you're going to get arguments about, well, is it more stringent or less stringent. And you're going to introduce all kinds of terms into the judicial process and the legal process which are not well known and well understood. And you know who is going to win? Lawyers. It will be a bonanza for the lawyers, because with lawyers will run rings around everybody, trying to figure out what survives and what doesn't survive. And I will bet you, at the end of the day, less real security gets done, and more legal fees get generated.
With that approach then, with our approach, which I think takes – builds upon a very well-accepted foundation of preemption law that has been around for a couple hundred years.
Question: You mentioned 300 or 400 high-risk – top tier, and then 7,000 total in funding for '08. How many regulators does Homeland Security expect to have in place this year, and how many does that translate to proposal for next year?
Secretary Chertoff: Bob, do you want to talk about –
Assistant Secretary Stephan: We'll have about 30 or so that belong to the Office of Infrastructure Protection, and then about 40 people that we're detailing in that will work for me from other parts of the department that have regulatory background, security/law enforcement expertise, and have the credentials that we believe will better serve them in terms of their work on site, and to spur the coordination and cooperation with the state and local law enforcement entities.
So that's roughly about 77 to 80 people, and then we will move beyond that, based upon – this is an evolving plan, in terms of personnel and resources required – based upon the information that we get back, the total universe of eventual regulated facilities. But we feel that about 77 to 80 in terms of the body count for the first year will push this program down the road for us.
Question: That will be in effect this summer –
Assistant Secretary Stephan: Correct.
Secretary Chertoff: And let me emphasize again, we're going to start with – the top tier ones are the ones we're most concerned about and the ones that we most want to be intensively involved with from the outset.
Question: Real quick, what percentage do you expect to audit, and what percentage do you expect to take the reports on face value?
Assistant Secretary Stephan: Well, actually, no reports will be taken on face value. We're going to have a system in place that's going to carefully look at every bit of the plans that comes in and every bit of the vulnerability assessments. There will be a scheme that varies according to tier, but tier one and tier two will, of course, undergo a more in-depth, more comprehensive and less frequent – I'm sorry – more frequent auditing compliance and inspection piece than the tier threes and the tier fours.
###
This page was last reviewed/modified on April 2, 2007.