Start Printed Page 495
Cybersecurity and Infrastructure Security Agency, DHS.
Advance Notice of Proposed Rulemaking (ANPRM).
The Cybersecurity and Infrastructure Security Agency (CISA) is considering removing all 49 Division 1.1 explosive chemicals of interest from Appendix A of the Chemical Facility Anti-Terrorism Standards (CFATS) regulations. Currently, both CISA and the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) regulate facilities possessing these chemicals for security concerns. Removing these chemicals of interest from coverage under CFATS would reduce regulatory requirements for facilities currently covered by both CFATS and ATF's regulatory frameworks and relieve compliance burdens for a small number of affected facilities.
Comments on this ANPRM must be received by March 8, 2021.
You may submit comments, identified by docket number CISA-2020-0014 through the Federal eRulemaking Portal available at http://www.regulations.gov. Follow the instructions for submitting comments.
Instructions: All comments received via https://www.regulations.gov will be posted to the public docket at https://www.regulations.gov, including any personal information provided.
Do not submit comments that include trade secrets, confidential commercial or financial information, Chemical-terrorism Vulnerability Information (CVI), Protected Critical Infrastructure Information (PCII), or Sensitive Security Information (SSI) directly to the public regulatory docket. Contact the individual listed in the FOR FURTHER INFORMATION CONTACT section below with questions about comments containing such protected information. CISA will not place comments containing such protected information in the public docket and will handle them in accordance with applicable safeguards and restrictions on access. Additionally, CISA will hold them in a separate file to which the public does not have access and place a note in the public docket that CISA has received such protected materials from the commenter. If CISA receives a request to examine or copy this information, CISA will treat it as any other request under the Freedom of Information Act (FOIA), 5 U.S.C. 552, and the Department's FOIA regulation found in part 5 of Title 6 of the Code of Federal Regulations (CFR).
Docket: For access to the docket and to read comments received visit http://www.regulations.gov.
Start Further Info
FOR FURTHER INFORMATION CONTACT:
Lona Saccomando, (703) 603-4868, CISARulemaking@cisa.dhs.gov.
End Further Info
Start Supplemental Information
I. Regulatory Information
CISA is issuing this Advance Notice of Proposed Rulemaking (ANPRM) to solicit comments on the advisability of removing Division 1.1 explosives from Appendix A to the Chemical Facility Anti-Terrorism Standards (CFATS) regulations located at 6 CFR part 27. As described below, we believe that these regulations may be unnecessarily burdensome for facilities that are already subject to security regulations for the same chemicals by another Federal agency, ATF. We encourage comments describing the nature of compliance operations in cases where regulatory duplication and overlap may exist, as well as on the costs and benefits of CFATS-specific security measures.
CISA's CFATS program is an important part of our nation's counterterrorism efforts. The agency works with industry stakeholders to keep dangerous chemicals out of the hands of persons or organizations who wish to harm the United States. Since the CFATS program was created, the Department of Homeland Security (DHS) 
has engaged with industry representatives to identify high-risk chemical facilities to ensure security measures are in place to reduce the risks associated with their possession of Chemicals of Interest (COI) listed on Appendix A to the CFATS regulations. The progress made in securing high-risk chemical facilities through the CFATS program since its implementation has significantly enhanced the security of the nation's chemical infrastructure.
The CFATS program identifies chemical facilities of interest and regulates the security of high-risk chemical facilities through risk-based performance standards.
The COI are listed in Appendix A to the CFATS regulations. If chemical facilities of interest possess the COI in the amounts and concentrations listed in Appendix A, chemical facilities of interest must complete and submit a Top-Screen survey to CISA.
CISA evaluates the information submitted in a Top-Screen and performs a risk assessment. Based upon this risk assessment, CISA determines which chemical facilities of interest qualify as high risk and are subject to full coverage under CFATS. Each of these covered chemical facilities is assigned a tier that ranges from Tier 1 (the highest risk of the high-risk covered chemical facilities) to Tier 4 (the lowest risk of the high-risk covered chemical facilities).
A facility that is determined to present a high-risk is required to develop and submit a Site Security Plan (SSP) addressing 18 risk-based performance standards containing physical security, cybersecurity, and various other security-focused measures and procedures.
On November 20, 2007, DHS published a list of COI in Appendix A to 6 CFR part 27.
The final version of Start Printed Page 496Appendix A included 49 chemicals that the Department of Transportation (DOT) lists as Class 1, Division 1.1 explosives at 49 CFR 172.101, with two broad exceptions.
Appendix A classifies all Division 1.1 explosives as posing both Release-Explosive and Theft/diversion-Explosives/Improvised Explosive Device Precursor (Theft/diversion-EXP/IEDP) security issues.
DHS included Division 1.1 explosives in Appendix A notwithstanding the Department of Justice's ATF regulation of the purchase, possession, storage, and transportation of the same types of explosives.
In an ANPRM that preceded the promulgation of the CFATS regulations and Appendix A, DHS noted that the authorizing statute 
for CFATS excluded many types of facilities that were already the subject of existing federal security regulations.
This suggested a possibility of regulatory overlap between CFATS and ATF regulatory programs. DHS stated that “where there is concurrent jurisdiction [between DHS and ATF or another Federal agency], the Department will work closely with other Federal agencies [(e.g., ATF)] to ensure that regulated facilities can comply with applicable regulations while minimizing any duplication.” 
Division 1.1 explosives included in Appendix A are “explosive materials” as defined in 18 U.S.C. 841(c) and are subject to ATF regulation. ATF regulations require persons storing any explosives to follow certain safety and theft-prevention precautions, including specific requirements governing the secure storage of explosives and inspection of magazines.
While ATF regulations and CFATS regulations are both geared towards preventing the theft and release of explosive materials, the two agencies do not regulate facilities in a similar manner, which can potentially lead to additional security efforts and regulatory compliance burdens for Division 1.1 explosives. The business premises of an explosives licensee or permittee is subject to entry by ATF for the specific purpose of inspective or examining records and documents required to be kept by a licensee or permitee pursuant to 18 U.S.C. chapter 40 and its implementing regulations, as well as any explosive materials kept or stored at the premises.
While magazines in which explosive materials are stored must meet standards of public safety and security against theft as provided in 27 CFR part 555, subpart K, ATF may not require additional measures—such as those described above in the CFATS regulations—to address security risks or vulnerability to terrorist attack or incident of a business premises when issuing a new or renewal license or permit.
CFATS and ATF regulations differ substantially, and the interaction between them can be complex. In many instances, compliance with the measures required to comply with ATF regulations and industry best practices result in some facilities not tiering as high-risk under CFATS. Therefore, this small portion of facilities has no additional regulatory obligations under CFATS after submission of a Top-Screen. For example, all explosives must be stored in compliance with ATF standoff-distance 
and similar requirements, which mitigate the consequences of an explosion at the facility. The consequences from an explosion is a factor that CISA uses to determine whether a facility is high-risk. Because facilities that possess threshold quantities of release-explosive COI are required to comply with ATF standoff/storage regulations, CISA has never designated a facility as high risk on the basis that the facility contains COI classified as a “release-explosives” threat.
While the above is an example of a way in which CFATS and ATF regulations dovetail effectively, sometimes the regulations do not correspond so cleanly. For example, a small number of facilities, despite adhering to ATF regulations regarding the secure storage of explosive materials,
have been: (1) Considered high-risk under CFATS as a result of possession of explosives under the “theft/diversion” security issue, and (2) required to implement additional security measures to satisfy CFATS requirements, such as implementing cybersecurity and detection mechanisms.
The partial regulatory overlap has led to frustration among some stakeholders in the explosives community and has led CISA to conduct a comprehensive review of the respective programs' regulatory requirements. As a result, CISA is considering modifications to Appendix A to remove Division 1.1 explosive chemicals from the COI listed in Appendix A.
It is the policy of the executive branch to prudently manage the costs associated with governmental imposition of private expenditures required to comply with Federal regulations.
Agencies have long been charged to “avoid regulations that are inconsistent, incompatible, or duplicative with [their] other regulations or those of other Federal agencies.” 
Given these and other polices, and given the partial overlap between DHS and ATF regulations on Division 1.1 explosives, as well as the relatively small number of facilities subject to this overlap, CISA is reconsidering whether to regulate facilities that possess explosives subject to ATF regulations is “prudent and financially responsible in the expenditure of funds, from both public and private sources.”
At this time, CISA is considering whether the elimination of the burden of dual regulation of Division 1.1 explosive chemicals between CISA and ATF programs could be warranted. To this end, CISA is soliciting comments on amending Appendix A to remove all Division 1.1 explosives from the list of COI listed in Appendix A. If Appendix A is so amended, facility operators would no longer be required to count Division 1.1 explosives when determining whether their facilities are subject to the Top-Screen requirements pursuant to 6 CFR 27.200.
At the time of the promulgation of CFATS, DHS believed that the increased security value of having high-risk facilities that possessed Division 1.1 explosives regulated under CFATS was worth the increased cost. In 2007, DHS distinguished its approach from the deference that the Environmental Protection Agency (EPA) had shown ATF regulations by noting that “EPA's decisions were based on safety and the prevention of an accidental release [and that] DHS is concerned with an Start Printed Page 497
intentional attack on an explosives facility.” 
For these reasons, CFATS listed Division 1.1 explosives as presenting both Release-Explosive 
and Theft/diversion-EXP/IEDP 
However, since implementation of the CFATS program, CISA has found that, for many facilities, possession of Division 1.1 explosives at the quantity triggering reporting for the Release-Explosive security issue under CFATS (i.e., 5,000 pounds or more) would not result in the risk of a large number of fatalities if attacked. Thus, CISA does not currently regulate any facilities for possession of Division 1.1 explosives for the Release-Explosive security concern. This is because facilities that possess Division 1.1 explosives are required to comply with ATF's table of distances for storage of explosive materials (i.e. standoff distances) at 27 CFR 555.218-224. The enhanced CFATS risk-tiering methodology implemented beginning in October 2016 accounts for the increased security resulting from ATF's table-of-distance regulations, which protects against offsite impacts of an explosive release, whether accidental or intentional.
We note that while ATF's and CISA's regulations differ substantially, other agencies have deferred to ATF's explosives expertise when considering regulation of explosives facilities. In 1998, while developing the Risk Management Plan regulations, the EPA issued a final rule removing Division 1.1 explosives from its list of regulated substances for accidental release prevention.
In removing Division 1.1 explosives from regulation, the EPA concluded that the “. . . current [ATF and other] regulations and current and contemplated industry practices promote safety and accident prevention in storage, handling, transportation, and use of explosives,” making them adequate for EPA's purposes.
While the ATF regulates explosives materials and the CFATS regulates the chemical facilities possessing explosive materials, CISA notes that ATF's current regulations address a number of the same safety and security precautions as the CFATS regulations for Division 1.1 explosives.
Other facilities that possess Division 1.1 explosives are considered high-risk under CFATS under the Theft/diversion-EXP/IEDP security issue, in part because of the concerns presented by the prospect of physical or cyber-focused security breaches. CISA currently regulates 85 facilities that possess Division 1.1 explosive COI under the Theft/diversion-EXP/IEDP security issue. Many of these facilities possess other COI regulated by CFATS that are not Division 1.1 explosives. If Division 1.1 explosives were removed from Appendix A, CISA estimates that 24 facilities would no longer be regulated as high-risk under CFATS.
Though CFATS includes cybersecurity and some other requirements such as security plans, security equipment, training, or recording/reporting of threats that are not accounted for in ATF's framework, ATF regulations include some important theft-prevention and inventory-tracking standards 
and adherence with ATF requirements is verified through periodic regulatory inspections of ATF's construction and locking requirements for magazines as well as reporting of theft/loss.
For these reasons, it may be appropriate to rely solely on ATF's standards to address the threat that Division 1.1 explosives could be diverted. Further supporting this argument is the fact that ATF's secure-storage and related requirements appear to have successfully driven down the number of thefts of commercial explosives nationwide—with only three such thefts having been reported during the 2019 calendar year.
However, there has been a slight increase in the number of reported losses.
ATF's standards are applied across the explosives industry, covering thousands of entities that manufacture, distribute, receive, ship, and/or import explosives, while DHS' standards are applied only to a small number of the highest-risk facilities (85 chemical facilities). Given the wide application of ATF regulations across the explosives industry and their success in limiting thefts of commercial explosives, we believe there may be value in uniform application of security measures for these materials.
IV. Request for Comments
Prior to implementing the enhanced tiering methodology in October of 2016, DHS published a CFATS ANPRM on August 18, 2014, to seek public comment on ways in which the CFATS regulation and program might be improved.
The ANPRM solicited public comments on any and all aspects of 6 CFR part 27, including Appendix A. The Department also conducted seven listening sessions for the ANPRM. In addition, the Department published a notice on October 16, 2015 in the Federal Register soliciting additional public comments through November 30, 2015 about Appendix A to the CFATS regulation and conducted a roundtable discussion and public listening session on October 27, 2015.
In response to the 2014 CFATS ANPRM, the Department received several detailed comments relevant to the coverage of Division 1.1 explosives under CFATS generally encouraging the Department to remove Division 1.1 explosives for both release-explosive and theft/diversion-EXP/IEDP security issues.
Commenters also generally suggested that ATF's regulations governing commerce in explosives located at 27 CFR part 555 are sufficient and that the security obligations imposed by CFATS under 6 CFR part 27 are unnecessary. CISA also published a retrospective economic analysis of the CFATS program and received one responsive comment about facilities that are regulated by CFATS and the ATF.
In light of the time that has passed since 2015, and the changes to the tiering methodology made since then, CISA is soliciting comments from stakeholders on the current coverage of release-explosive and theft/diversion-EXP/IEDP COI under CFATS and on the proposed elimination of these COI from Appendix A. Specifically:
(1) Should CISA remove Division 1.1 explosives for consideration as a release-explosive security concern? Why or why not?
(2) Should CISA remove Division 1.1 explosives for consideration as a theft/diversion-EXP/IEDP security concern? Why or why not?Start Printed Page 498
(3) How would the removal of Division 1.1 explosives impact the security posture of chemical facilities?
(4) Would the removal of Division 1.1 explosives impact the regulatory burden of CFATS on chemical facilities? If so, in what ways and to what extent?
The Acting Secretary of Homeland Security, Chad F. Wolf, having reviewed and approved this document, has delegated the authority to electronically sign this document to Chad R. Mizelle, who is the Senior Official Performing the Duties of the General Counsel for DHS, for purposes of publication in the Federal Register.
End Supplemental Information
Chad R. Mizelle,
Senior Official Performing the Duties of the General Counsel Department of Homeland Security.
[FR Doc. 2020-27768 Filed 1-5-21; 8:45 am]
BILLING CODE 4410-10-P