This PDF is the current document as it appeared on Public Inspection on 08/15/2014 at 08:45 am.
National Protection and Programs Directorate, DHS.
Advance notice of proposed rulemaking.
Section 550 of the Department of Homeland Security Appropriations Act of 2007 provides the Department of Homeland Security (DHS or Department) with the authority to regulate the security of high risk chemical facilities. To implement this authority, DHS issued the Chemical Facility Anti-Terrorism Standards (CFATS) regulation in 2007. DHS is initiating this rulemaking process as a step towards maturing the CFATS program and to identify ways to make the program more effective in achieving its regulatory objectives. This Advance Notice of Proposed Rulemaking (ANPRM) provides an opportunity for the Department to hear and consider, during the development of an updated CFATS regulation, the views of regulated industry and other interested members of the public on their recommendations for program modifications.
Written comments must be submitted on or before October 17, 2014.
You may submit comments, identified by docket number DHS-2014-0016, by one of the following methods:
- Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
- Mail: U.S. Department of Homeland Security, National Protection and Programs Directorate, Office of Infrastructure Protection, Infrastructure Security Compliance Division, 245 Murray Lane, Mail Stop 0610, Arlington, VA 20528-0610.
FOR FURTHER INFORMATION CONTACT:
Jon MacLaren, Rulemaking Section Chief, Office of Infrastructure Protection, Infrastructure Security Compliance Division, 245 Murray Lane SW., Mail Stop 0610, Washington, DC 20528; telephone 703-235-5263.End Further Info End Preamble Start Supplemental Information
Abbreviations and Terms Used in This Document
ANPRM—Advance Notice of Proposed Rulemaking
ASP—Alternative Security Program
CFATS—Chemical Facility Anti-Terrorism Standards
CFR—Code of Federal Regulations
COI—Chemicals of Interest
CSAT—Chemical Security Assessment Tool
CVI—Chemical-terrorism Vulnerability Information
DHS or Department—Department of Homeland Security
Pub. L.—Public Law
RBPS—Risk Based Performance Standards
SSP—Site Security Plan
STQ—Screening Threshold Quantity
SVA—Security Vulnerability Assessment
Section 550 of the Department of Homeland Security Appropriations Act of 2007  (Pub. L. 109-295) authorized the Department to regulate the security of chemical facilities that, in the discretion of the Secretary, present high levels of security risk. Under the Section 550 authority, on April 9, 2007, DHS issued the CFATS interim final rule, codified at 6 CFR part 27. See 72 FR 17688. Additionally, in November 2007, the Department adopted as Appendix A to CFATS a final list of over 300 Chemicals of Interest (COI) that pose significant risks to human life or health if released, stolen or diverted, or sabotaged. DHS also adopted some additional provisions that clarify how Appendix A is to be applied under CFATS. See 72 FR 65396. Publication of the Appendix A regulations brought the CFATS interim final rule into full effect.
Under CFATS, any chemical facility (other than certain facilities expressly exempted by Section 550)  that possesses any COI at or above the applicable Screening Threshold Quantity (STQ) specified in Appendix A for that COI must complete and submit to DHS through the Chemical Security Assessment Tool (CSAT)  certain consequence-based information (the “Top-Screen”). Any facility initially determined to be high-risk after DHS's review of the facility's Top-Screen and/or other relevant information that comes to the Department's attention, is assigned a preliminary risk-based tier (Tiers 1-4)  and must then submit to DHS a Security Vulnerability Assessment (SVA) per section 27.215 (Tier 4 facilities may submit an Alternate Security Program (ASP) in lieu of an SVA). DHS evaluates the SVA and other relevant information to make a final determination as to whether the facility is high-risk and, if so, which tier it should be assigned to. Any facility that is finally determined to be high-risk must submit, obtain DHS approval of, and then implement a Site Security Plan (SSP), or ASP in lieu of an SSP, that describes the security measures the facility utilizes to meet the appropriate Start Printed Page 48694level of performance under 18 applicable Risk Based Performance Standards (RBPS).
During the review process, DHS compares specific security measures reported in the SSP against the RBPS to determine whether the SSP adequately addresses the applicable RBPS in a manner commensurate with the facility's risk-based tier and other circumstances as outlined in section 27.230. Once DHS has determined that the SSP appears to be adequate, DHS will authorize the SSP or ASP, and notify the facility as such via a Letter of Authorization. DHS Chemical Inspectors must then conduct an on-site authorization inspection in accordance with sections 27.245(a)(ii) and 27.250. The results of the authorization inspection help to inform DHS's decision on whether the SSP or ASP should be approved. Upon approval, the Department issues the facility a Letter of Approval, after which the facility is subject to compliance inspections to verify that the facility is carrying out its approved SSP or ASP. See 6 CFR 27.245(a)(iii). The regulations also establish procedures for DHS to notify a facility that the SSP or ASP is deficient, require consultations between DHS and the facility to try to resolve specific deficiencies, and authorize DHS to issue a Letter of Disapproval if the deficiencies are not addressed by the facility in a timely manner. See 6 CFR 27.245(b).
Since the publication of the CFATS interim final rule, the Department has met several significant milestones. As of June 17, 2014, DHS has received more than 48,500 Top-Screens submitted by chemical facilities. As of June 17, 2014, DHS has notified more than 8,895 facilities that it has initially designated them as high-risk and thus, they are required to submit SVAs. DHS has completed its review of approximately 8,830 submitted SVAs. As of June 17, 2014, CFATS covers 4,019 high-risk facilities nationwide; of these 4,019 facilities, 3,261 are currently subject to final high-risk determinations and submission of an SSP or ASP; and 758 are currently pending a final tier. As of June 17, 2014, the Department has authorized SSPs/ASPs for 1,648 facilities, conducted authorization inspections at 1,204 facilities, and approved SSPs/ASPs for 859 facilities.
The CFATS program is an important part of our Nation's counterterrorism efforts. DHS works with our industry stakeholders to keep dangerous chemicals out of the hands of those who wish to do us harm. Since the CFATS program was created, DHS has engaged with industry to identify high-risk chemical facilities to ensure they have security measures in place to reduce the risks associated with the possession of chemicals of interest. The progress made in the CFATS program over the last several years has significantly enhanced the security of the Nation's chemical infrastructure; however, to more fully mature the program, DHS is initiating this rulemaking process to help it identify how to make the CFATS program more effective in achieving its regulatory objectives. In particular, DHS is interested in comments on the topics described in Part IV of the ANPRM to include the general regulatory approach, treatment of non-traditional chemical facilities, clarification of terminology, Risk Based Performance Standards, Appendix A, considerations for small businesses, and alignment with other regulatory programs.
Further, on August 1, 2013, the President issued Executive Order (E.O.) 13650—Improving Chemical Facility Safety and Security, to enhance the safety and security of chemical facilities and reduce the risks associated with hazardous chemicals to owners, operators, workers, and communities. The E.O. directs the Federal Government to: improve operational coordination with State, local, and tribal partners; enhance Federal agency coordination and information; modernize policies, regulations, and standards; and work with stakeholders to identify best practices. As detailed in the May 2014 E.O. Final Report, DHS is taking a number actions to build a stronger CFATS program, one of which is the issuance of this ANPRM as an initial step in seeking input on improving the CFATS regulations themselves.
II. Written Comments
A. In General
This ANPRM will provide an opportunity for the Department to hear and consider the views of regulated industry and other interested members of the public on their recommendations for CFATS program modifications and improvements.
DHS invites interested persons to submit written comments, data, or views on how the current CFATS regulations, 6 CFR part 27, might be improved. Comments that would be most helpful to DHS include the questions and issues identified in Part IV of this document. Please explain the reason for any comments with available data, and include other information or authority that supports such comments. The Department encourages interested parties to provide specific data that documents the potential costs of modifying the existing regulatory requirements pursuant to the commenter's suggestions; the potential quantifiable benefits including security and societal benefits of modifying the existing regulatory requirements; and the potential impacts on small businesses of modifying the existing regulatory requirements.
DHS requests that commenters discuss potential economic impacts, whenever possible, in terms of quantitative benefits (e.g., reductions in injuries, fatalities, and property damage), costs (e.g., compliance costs or decreases in production), and offsets to costs (e.g., less need for maintenance and repairs) when providing feedback on this ANPRM. DHS also requests that commenters provide data and information on economic effects that suggestions may have on market conditions or services (e.g., market structure and concentration), and in particular, any special circumstances related to small entities, such as potential market-structure disruptions or uniquely high costs that small entities may bear.
DHS requests that commenters discuss economic impacts in as specific terms as possible. For example, if a regulatory or policy change would necessitate additional employee training, then helpful information would include the following: The training courses necessary; the types of employees or contractors who would receive the training; topics covered; any retraining necessary; and the training costs if conducted by a third-party vendor or in-house trainer. The Department invites comment on the time and level of expertise required to implement commenter suggestions, Start Printed Page 48695even if dollar-cost estimates are not available.
Feedback that simply states a stakeholder feels strongly that DHS should modify CFATS, without including actionable data, including how the proposed change would impact the costs and benefits of CFATS, is much less useful to DHS. To help DHS organize and review all comments, please identify the relevant provision of 6 CFR part 27 that relates to the specific comment provided (e.g., 6 CFR 27.100). If the commenter's suggestion is on a topic that is not covered by the current regulation, please note that in the submission.
Written comments may be submitted electronically or by mail, as explained previously in the ADDRESSES section of this ANPRM. To avoid duplication, please use only one of these methods to submit written comments.
Except as provided below, all comments received, as well as pertinent background documents, will be posted without change to http://www.regulations.gov, including any personal information provided.
B. Handling of Proprietary, Sensitive and Chemical-Terrorism Vulnerability Information
Interested parties are encouraged to submit comments in a manner that does not include any discussion of trade secrets, proprietary commercial or financial information, Chemical-terrorism Vulnerability Information (CVI), or any other category of sensitive information  that should not be disclosed to the general public. If it is not possible to avoid such discussion, however, please specifically identify any proprietary or sensitive information contained in the comments with appropriate warning language (e.g., any CVI must be marked and handled in accordance with the requirements of 6 CFR 27.400(f)), and submit them by mail to the individual listed in the FOR FURTHER INFORMATION CONTACT section.
DHS will not place any proprietary or sensitive comments in the public docket; rather, DHS will handle them in accordance with applicable safeguards and restrictions on access. See e.g., 6 CFR 27.400. See also the DHS CVI Procedural Manual, “Safeguarding Information Designated as CVI,” September 2008, located on the DHS Web site at: www.dhs.gov/critical-infrastructure-chemical-security. DHS will hold any such comments in a separate file to which the public does not have access, and place a note in the public docket that DHS has received such materials from the commenter. DHS will provide appropriate access to such comments upon request to individuals who meet the applicable legal requirements for access to such information.
III. Listening Sessions
The Department plans to hold multiple public listening sessions to solicit the public's views on the ANPRM and how the current CFATS regulation might be improved. DHS plans to announce dates, times and locations of these public listening sessions on the Department's Chemical Security Web site at www.dhs.gov/critical-infrastructure-chemical-security.
B. Procedures and Participation for the Listening Sessions
Each meeting will be open to the public. DHS will use sign-in sheets to voluntarily collect contact information from the attending public and to properly log oral comments received during the sessions. Providing contact information will be voluntary, and members of the public may also make oral comments without providing their names. Seating may be limited, but session organizers will make every effort to accommodate all participants. A listening session may adjourn early if all commenters present have had the opportunity to speak prior to the scheduled conclusion of the session. For information on facilities or services for individuals with disabilities or to request special assistance at the public listening sessions, contact Mr. Jon MacLaren at the telephone number or email address indicated under the FOR FURTHER INFORMATION CONTACT section of this ANPRM.
For members of the public who cannot attend a scheduled listening session, a copy of any presentation provided by the Department at the sessions will be made available via the Department's Chemical Security Web site at www.dhs.gov/critical-infrastructure-chemical-security. In addition, DHS will place a transcript of each of these public listening sessions in the docket for this rulemaking.
IV. Questions for Commenters
To help DHS identify ways, if any, to improve the manner in which it administers CFATS, DHS seeks public comments on any and all aspects of 6 CFR part 27, including both the CFATS Interim Final Rule and Appendix A. Areas that DHS is most interested in receiving comments on include, but are not limited to, the following:
a. General Regulatory Approach—Comments on how the Department could continue to improve its current approach toward identifying CFATS covered facilities and ensuring their compliance with CFATS requirements, such as:
(1) the information submission processes (i.e., the Top-Screen, SVA, and SSP submissions) and associated schedules; 
(2) the means and methods by which facilities claim a statutorily exempt status and whether or not commenters think that deletions, additions or modification to the list of exempt facilities should be considered;
(3) the use of ASPs in lieu of SVAs and, in particular, the current limitation on the use of ASPs in lieu of SVAs to Tier 4 facilities;
(4) the, scope, tier applicability and processes for submitting and reviewing SSPs and ASPs;
(5) the processes for submitting and evaluating requests for redetermination by chemical facilities previously determined by DHS to be high-risk; and
(6) the issuance of orders and the regulatory enforcement process.
DHS also requests that the commenter provide, in as much detail as possible, an explanation why the regulatory approach should be modified, streamlined, expanded, or removed, as well as specific suggestions of the ways DHS can better achieve its regulatory objectives.
b. Treatment of Non-Traditional Chemical Facilities—DHS recognizes that a one-size-fits-all approach may not be optimal for such a diverse regulated community, and requests comments regarding the applicability of existing CFATS requirements and processes (e.g., Top-Screen/SVA/SSP formats and submission schedules; risk-based performance standards; holding times for COI) to non-traditional chemical facilities covered under CFATS. DHS also is particularly interested in comments on maintaining, lifting, or partially lifting the indefinite extension from the Top-Screen submission Start Printed Page 48696deadline for agricultural production facilities issued in December 2007.
c. Clarification of Terminology—Comments regarding the utility, clarity and accuracy of definitions currently found in 6 CFR 27.105, such as, but not limited to, the definitions of “A Commercial Grade” and “A Placarded Amount.” DHS also seeks comments on the utility of including definitions, and what those definitions should be, for the terms “material modifications,” “critical asset,” and “site asset;” and “inspection.” DHS invites comments on recommendations for additional terms used in the current CFATS regulations that may warrant further clarification.
d. Risk Based Performance Standards  —Comments on whether and how DHS should clarify or modify the 18 RBPS in 6 CFR 27.230, whether DHS should combine and/or eliminate any of the existing RBPS, and whether DHS should adopt any additional RBPS.
e. Appendix A—Comments on all aspects of CFATS Appendix A, including:
(1) Comments on the possible addition of chemicals to, and/or the deletion or modification of certain COI currently listed in Appendix A;
(2) any term utilized in 6 CFR 27.203, and the applicability and/or modification of STQs as the bases for listing COI (e.g., by security issue(s)); and
(3) the concentration and mixtures rules associated with Appendix A, which are described in 6 CFR 27.204.
f. Small Business Considerations—Comments regarding considerations specific to small businesses.
g. Alignment with Other Regulatory Programs—Comments regarding how the Department may be able to better align CFATS and other existing chemical facility regulations, including comments on any duplication or overlap that may exist between CFATS and another regulatory program. When providing comments on this topic, DHS encourages commenters to provide the specific citations to the regulatory regimes that may duplicate or overlap with the requirements under CFATS as well as a specific description of the duplicative or overlapping requirements.
In addressing these topics, DHS encourages interested parties to provide specific data that documents the potential costs of modifying the existing regulatory requirements pursuant to the commenter's suggestions; the potential quantifiable benefits including security and societal benefits of modifying the existing regulatory requirements; and the potential impacts on small businesses of modifying the existing regulatory requirements. Commenters might also address how DHS can best obtain and consider accurate, objective information and data about the costs, burdens, and benefits of the CFATS Interim Final Rule and Appendix A, and whether there are lower cost alternatives that would allow the Department to continue to achieve its security goals consistent with the law.Start Signature
Jeh Charles Johnson,
1. The CFATS authorizing statue can be found online at: http://www.dhs.gov/xlibrary/assets/chemsec_cfats_lawsregsec_authorizing_statute.pdf.Back to Citation
2. The CFATS interim final rule can be found online at: http://www.gpo.gov/fdsys/pkg/FR-2007-04-09/pdf/E7-6363.pdf.Back to Citation
3. Appendix A can be found online at: http://www.gpo.gov/fdsys/pkg/FR-2007-11-20/pdf/07-5585.pdf.Back to Citation
4. Exempted facilities include facilities regulated pursuant to the Maritime Transportation Security Act of 2002, Public Law 107-295, as amended; public water systems, as defined by Section 1401 of the Safe Drinking Water Act, Public Law 93-523, as amended; treatment works, as defined in Section 212 of the Federal Water Pollution Control Act, Public Law 92-500, as amended; any facility owned or operated by the Department of Defense or the Department of Energy, or any facility subject to regulation by the Nuclear Regulatory Commission.Back to Citation
5. The CSAT is an information technology system primarily designed to collect facility information through specific applications for submitting Top-Screens, SVAs, SSPs, and ASPs. See 6 CFR 27.105.Back to Citation
6. CFATS places covered, high-risk chemical facilities into one of four tiers, with Tier 1 facilities being the highest risk and Tier 4 facilities being the least high-risk. Facilities that do not present a high-risk do not receive a Tier level and are not subject to additional CFATS requirements. When determining if a facility is high-risk, the Department is primarily focused on the potential consequences associated with a successful terrorist attack on the facility (including the use of stolen or diverted materials in a separate attack offsite). A threat factor also is incorporated into the risk assessment for facilities with release hazards.Back to Citation
7. Under 6 CFR 27.245(a)(2), DHS “may disapprove a Site Security Plan that fails to satisfy the risk-based performance standards established in 27.230.” If DHS were to disapprove an SSP or ASP, DHS would also simultaneously issue, pursuant to 6 CFR 27.300(a), an Order directing the facility to re-submit its SSP/ASP to include security measures that satisfy applicable RBPS. If the facility fails to do so, DHS could then assess civil penalties and/or direct the facility to cease some or all operations, pursuant to 6 CFR 27.300(b). Under 6 CFR 27.310, however, the facility has the option of contesting any disapproval/order through an administrative adjudication. To date, DHS has not disapproved any SSPs/ASPs.Back to Citation
8. The E.O. established a Chemical Facility Safety and Security Working Group to oversee the effort, which is tri-chaired by the Department of Labor, the Department of Homeland Security, and the Environmental Protection Agency, and includes leadership and subject matter experts from the Department of Justice, the Department of Agriculture, and the Department of Transportation.Back to Citation
9. For more information on E.O. 13650 and the May 2014 Final Report, visit: https://www.osha.gov/chemicalexecutiveorder/index.html.Back to Citation
10. For example, information covered under Sensitive Security Information (SSI).Back to Citation
12. The expansive and dynamic nature of the community that uses potentially hazardous chemicals and that have facilities that are covered by CFATS include, but are not limited to many types of facilities that are not traditionally considered “chemical facilities,” such as agricultural product manufacturers; microchip manufacturers; paint and coatings manufacturers; mines; hospitals; racecar tracks; and colleges and universities. With the exception of agricultural production facilities, the CFATS processes and requirements are the same for all covered facilities.Back to Citation
13. In December 2007, DHS exercised its discretion under the CFATS regulation by granting an indefinite extension from the Top-Screen submission deadline for agricultural production facilities that use chemicals of interest (COI) and COI-containing products for agricultural production purposes (see 73 FR 1640). Examples of agricultural production facilities include: farms, ranches and range land, livestock facilities, turf grass growers, golf courses, nurseries and floricultural operations, and public and private parks.Back to Citation
14. CFATS establishes eighteen Risk-Based Performance Standards (RBPSs) that identify the areas for which a facility's security posture will be examined, such as perimeter security, access control, personnel surety, and cyber security. To meet the RBPSs, covered facilities are free to choose whatever security programs or processes they deem appropriate, so long as they achieve the requisite level of performance in each applicable area. The programs and processes that a high-risk facility ultimately chooses to implement to meet these standards must be described in the Site Security Plan (SSP) that every high-risk chemical facility must develop pursuant to the regulations. The RBPS guidance document is available online at: http://www.dhs.gov/xlibrary/assets/chemsec_cfats_riskbased_performance_standards.pdf.Back to Citation
[FR Doc. 2014-19356 Filed 8-15-14; 8:45 am]
BILLING CODE 9110-9P-P