15 May 2003 Source: http://www.access.gpo.gov/su_docs/multidb.html ----------------------------------------------------------------------- [DOCID: f:s994is.txt] 108th CONGRESS 1st Session S. 994 To protect human health and the environment from the release of hazardous substances by acts of terrorism. _______________________________________________________________________ IN THE SENATE OF THE UNITED STATES May 5, 2003 Mr. Inhofe (for himself and Mr. Miller) introduced the following bill; which was read twice and referred to the Committee on Environment and Public Works _______________________________________________________________________ A BILL To protect human health and the environment from the release of hazardous substances by acts of terrorism. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Chemical Facilities Security Act of 2003''. SEC. 2. FINDINGS. Congress finds that-- (1) industries that manufacture, distribute, and process chemicals are crucial components of the national economy and the critical infrastructure of the United States-- (A) in their own right; and (B) because those industries supply resources essential to the functioning of other critical infrastructure; (2) a terrorist attack on a facility that manufactures, processes, or uses potentially dangerous chemicals, or a theft of those chemicals from such a facility for use in a terrorist attack, could pose a serious threat to-- (A) public health, safety, and welfare; (B) critical infrastructure; and (C) national security; (3) to protect public health, safety, and welfare, critical infrastructure, and national security, every reasonable effort should be made to ensure the security of sources of potentially dangerous chemicals against acts of terrorism; and (4) while programs to protect the health and safety of workers, the public, and the environment by reducing the potential for accidental releases of potentially dangerous chemicals, including the consequences of worst-case releases of those chemicals, are in place as required by numerous Federal and State laws, the events of September 11, 2001, demonstrate the need to ensure that appropriate security measures are taken to address the threat of acts of terrorism against facilities that manufacture, use, or process potentially dangerous chemicals. SEC. 3. DEFINITIONS. In this Act: (1) Chemical source.--The term ``chemical source'' means a non-Federal stationary source (as defined in section 112(r)(2) of the Clean Air Act (42 U.S.C. 7412(r)(2))) for which-- (A) the owner or operator is required to complete a risk management plan in accordance with section 112(r)(7)(B)(ii) of the Clean Air Act (42 U.S.C. 7412(r)(7)(B)(ii)); and (B) the Secretary is required to promulgate implementing regulations under section 4(a) of this Act. (2) Department.--The term ``Department'' means the Department of Homeland Security. (3) Environment.--The term ``environment'' has the meaning given the term in section 101 of the Comprehensive Environmental Response, Compensation, and Liability Act of 1980 (42 U.S.C. 9601). (4) Owner or operator.--The term ``owner or operator'' has the meaning given the term in section 112(a) of the Clean Air Act (42 U.S.C. 7412(a)). (5) Release.--The term ``release'' has the meaning given the term in section 101 of the Comprehensive Environmental Response, Compensation, and Liability Act of 1980 (42 U.S.C. 9601). (6) Secretary.--The term ``Secretary'' means the Secretary of Homeland Security. (7) Security measure.-- (A) In general.--The term ``security measure'' means an action carried out to ensure or enhance the security of a chemical source. (B) Inclusions.--The term ``security measure'', with respect to a chemical source, includes measures such as-- (i) an employee training and background check; (ii) the limitation and prevention of access to controls of the chemical source; (iii) the protection of the perimeter of the chemical source; (iv) the installation and operation of intrusion detection sensors; (v) the implementation of measures to increase computer or computer network security; (vi) the implementation of other security- related measures to protect against or reduce the threat of-- (I) a terrorist attack on the chemical source; or (II) the theft of a substance of concern for offsite release in furtherance of an act of terrorism; and (vii) conduct of any similar security- related activity, as determined by the Secretary. (8) Substance of concern.--The term ``substance of concern'' means-- (A) a chemical substance present at a chemical source in quantities equal to or exceeding the threshold quantities for the chemical substance, as defined in or established under paragraphs (3) and (5) of section 112(r) of the Clean Air Act (42 U.S.C. 7412(r)); and (B) such other chemical substance as the Secretary may designate under section 4(g). (9) Terrorism.--The term ``terrorism'' has the meaning given the term in section 2 of the Homeland Security Act of 2002 (6 U.S.C. 101). (10) Terrorist release.--The term ``terrorist release'' means-- (A) a release from a chemical source into the environment of a substance of concern that is caused by an act of terrorism; and (B) the theft of a substance of concern by a person for off-site release in furtherance of an act of terrorism. SEC. 4. VULNERABILITY ASSESSMENTS AND SITE SECURITY PLANS. (a) Requirement.-- (1) In general.--Not later than 1 year after the date of enactment of this Act, the Secretary shall promulgate regulations that require the owner or operator of each chemical source included on the list described in subsection (f)(1)-- (A) to conduct an assessment of the vulnerability of the chemical source to a terrorist release, including identifying hazards that may result from a terrorist release; (B) to prepare and implement a site security plan that addresses the results of the vulnerability assessment; and (C) to provide to the Department, on request, copies of the vulnerability assessment and site security plan for review. (2) Deadlines.-- (A) In general.--The Secretary shall specify in regulations promulgated under paragraph (1) specific deadlines for the completion and certification of vulnerability assessments and site security plans under subsection (b). (B) Alternative deadlines.--The Secretary may establish deadlines other than deadlines described in subparagraph (A) for different categories of chemical sources based on the regulatory criteria specified in subsection (e). (3) Contents of site security plan.--A site security plan required under the regulations promulgated under paragraph (1)-- (A)(i) shall include security measures to reduce the vulnerability of the chemical source covered by the plan to a terrorist release; and (ii) may include other actions and procedures appropriate to reduce the vulnerability of the chemical source to a terrorist release; and (B) shall describe, at a minimum, particular equipment, plans, and procedures that could be implemented or used by or at the chemical source in the event of a terrorist release. (4) Threat information.--To the maximum extent practicable under applicable authority and in the interests of national security, the Secretary shall provide to an owner or operator of a chemical source required to prepare a vulnerability assessment and site security plan threat information that is relevant to the chemical source. (b) Certification and Submission.-- (1) In general.--Each owner or operator of a chemical source shall certify in writing to the Secretary that the owner or operator has completed a vulnerability assessment, and has developed and implemented or is implementing a site security plan, in accordance with this Act, including-- (A) regulations promulgated under subsection (a)(1); and (B) any applicable procedures, protocols, or standards endorsed or recognized by the Secretary under subsection (c)(2). (2) Copies.--An owner or operator of a chemical source shall provide to the Secretary, upon request, copies of the vulnerability assessment and site security plan of the chemical source for review. (3) Oversight.--The Secretary shall, at such times and places as the Secretary determines to be appropriate, conduct or require the conduct of vulnerability assessments and other activities (including third-party audits) to ensure and evaluate compliance with-- (A) this Act (including regulations promulgated under subsection (a)(1)); and (B) other applicable procedures, protocols, or standards endorsed or recognized by the Secretary under subsection (c)(2). (c) Specified Standards.-- (1) In general.--The Secretary may-- (A) promulgate regulations establishing procedures, protocols, and standards for vulnerability assessments and site security plans; and (B) establish provisions identifying security measures that, if implemented, would establish the sufficiency of a vulnerability assessment or site security plan. (2) Existing procedures, protocols, and standards.--Upon petition by any person of the Secretary, and after receipt by that person of a written response from the Secretary, any procedures, protocols, and standards established by the Secretary under regulations promulgated under paragraph (1)(A) may-- (A) endorse or recognize procedures, protocols, and standards-- (i) that are established by-- (I) industry; (II) Federal, State, or local authorities; or (III) other applicable law; and (ii) the requirements of which the Secretary determines to be-- (I) substantially equivalent to the requirements under subsection (a); and (II) in effect on or after the date of enactment of this Act; and (B) require that a vulnerability assessment and site security plan address a particular threat or type of threat. (3) No action by secretary.--If the Secretary does not endorse or recognize existing procedures, protocols, and standards described in paragraph (2)(A), the Secretary shall provide to each person that submitted a petition under paragraph (2) a written notification that includes a clear explanation of the reasons why the endorsement or recognition was not made. (d) Preparation of Assessments and Plans.--As of the date of endorsement or recognition by the Secretary of a particular procedure, protocol, or standard under subsection (c)(1)(A), any vulnerability assessment or site security plan that is prepared by a chemical source before, on, or after the date of endorsement or recognition of, and in accordance with, that procedure, protocol, or standard, shall be exempt from subsection (c) and paragraphs (1) and (3) of subsection (a) (including such a vulnerability assessment or site security plan prepared before, on, or after the date of enactment of this Act). (e) Regulatory Criteria.--In exercising the authority under subsections (a) and (c) with respect to a chemical source, the Secretary shall consider-- (1) the likelihood that a chemical source will be the target of terrorism; (2) the nature and quantity of the substances of concern present at a chemical source; (3) the potential extent of death, injury, or serious adverse effects to human health or the environment that would result from a terrorist release; (4) the potential harm to critical infrastructure and national security from a terrorist release; (5) cost and technical feasibility; (6) scale of operations; and (7) such other security-related factors as the Secretary determines to be appropriate and necessary to protect the public health and welfare, critical infrastructure, and national security. (f) List of Chemical Sources.-- (1) In general.--Not later than 180 days after the date of enactment of this Act, the Secretary develop a list of chemical sources in existence as of that date. (2) Considerations.--In developing the list under paragraph (1), the Secretary shall consider the criteria specified in subsection (e). (3) Future determinations.--Not later than 3 years after the date of promulgation of regulations under subsections (a)(1) and (c), and every 3 years thereafter, the Secretary shall, after considering the criteria described in subsection (e)-- (A) determine whether facilities not included in the most recent list under paragraph (1) (including, as of the date of the determination, facilities that are operational and facilities that will become operational in the future) shall be considered to be a chemical source under this Act; (B) determine whether any chemical source identified on the most recent list under paragraph (1) no longer presents a risk sufficient to justify retention of classification as a chemical source under this Act; and (C) update the list as appropriate. (4) Regulations.--The Secretary may make a determination under this subsection in regulations promulgated under subsection (a)(1). (g) Designation, Exemption, and Adjustment of Threshold Quantities of Substances of Concern.-- (1) In general.--The Secretary may, by regulation-- (A) designate certain chemical substances in particular threshold quantities as substances of concerns under this Act; (B) exempt certain chemical substances from designation as substances of concern under this Act; and (C) adjust the threshold quantity of a chemical substance. (2) Considerations.--In designating or exempting a chemical substance or adjusting the threshold quantity of a chemical substance under paragraph (1), the Secretary shall consider the potential extent of death, injury, or serious adverse effects to human health or the environment that would result from a terrorist release of the chemical substance. (3) Regulations.--The Secretary may make a designation, exemption, or adjustment under this paragraph (1) in regulations promulgated under subsection (a)(1). (h) 5-Year Review.--Not later than 5 years after the date of certification of a vulnerability assessment and a site security plan under subsection (b)(1), and not less often than every 5 years thereafter (or on such a schedule as the Secretary may establish by regulation), the owner or operator of the chemical source covered by the vulnerability assessment or site security plan shall-- (1) review the adequacy of the vulnerability assessment and site security plan; and (2)(A) certify to the Secretary that the chemical source has completed the review and implemented any modifications to the site security plan; and (B) upon request by the Secretary, submit to the Secretary a description of any changes to the vulnerability assessment or site security plan. (i) Protection of Information.-- (1) Disclosure exemption.--Except with respect to certifications specified in subsections (b)(1)(A) and (h)(2)(A), all information obtained in accordance with this Act, and all information derived from that information (including information shared with Federal, State, and local governmental entities under paragraphs (2) and (3)), shall be exempt from disclosure under-- (A) section 552 of title 5, United States Code; or (B) any State or local law providing for public access to information. (2) Development of Protocols.-- (A) In general.--The Secretary, in consultation with the Director of the Office of Management and Budget and appropriate Federal law enforcement and intelligence officials, and in a manner consistent with existing protections for sensitive or classified information, shall, by regulation, establish confidentiality protocols for maintenance and use of information that is obtained from owners or operators of chemical sources and provided to the Secretary under this Act. (B) Requirements for protocols.--A protocol established under subparagraph (A) shall ensure that-- (i) each copy of a vulnerability assessment or site security plan submitted to the Secretary, all information contained in or derived from that assessment or plan, and other information obtained under section 7, is maintained in a secure location; and (ii) except as provided in paragraph (3)(B), or as necessary for judicial enforcement, access to the copies of the vulnerability assessments and site security plans submitted to the Secretary, and other information obtained under section 7, shall be limited to persons designated by the Secretary. (3) Penalties for unauthorized disclosure.-- (A) In general.--Except as provided in subparagraph (B), any individual referred to in paragraph (2)(B)(ii) who acquires any information described in paragraph (2)(A) (including any reproduction of that information or any information derived from that information), and who knowingly or recklessly discloses the information, shall-- (i) be imprisoned not more than 1 year, fined in accordance with chapter 227 of title 18, United States Code (applicable to class A misdemeanors), or both; and (ii) be removed from Federal office or employment. (B) Exceptions.-- (i) In general.--Subparagraph (A) shall not apply to a person described in that subparagraph that discloses information described in paragraph (2)(A)-- (I) to an individual designated by the Secretary under paragraph (2)(B)(ii); (II) for the purpose of section 7; or (III) for use in any administrative or judicial proceeding to impose a penalty for failure to comply with a requirement of this Act. (ii) Law enforcement officials and first responders.--Notwithstanding subparagraph (A), an individual referred to in paragraph (2)(B)(ii) who is an officer or employee of the United States may share with a State or local law enforcement or other official (including a first responder) the contents of a vulnerability assessment or site security plan, or other information described in that paragraph, to the extent disclosure is necessary to carry out this Act. SEC. 5. ENFORCEMENT. (a) Action by Secretary.-- (1) In general.--The Secretary, in accordance with subsection (b), may-- (A) disapprove a vulnerability assessment or site security plan submitted under this Act; and (B) order the owner or operator of the chemical source that submitted the vulnerability assessment or site security plan to revise, recertify, and submit the assessment or plan to correct deficiencies specified in the order. (2) Failure to comply.--If an owner or operator of a chemical source fails to certify or submit a vulnerability assessment or site security plan in accordance with this Act, the Secretary may issue an order requiring the certification and submission of a vulnerability assessment or site security plan in accordance with section 4(b). (b) Disapproval.--The Secretary may disapprove under subsection (a) a vulnerability assessment or site security plan submitted under section 4(b) if the Secretary determines that-- (1) the vulnerability assessment or site security plan does not comply with regulations promulgated under subsections (a)(1) and (c) of section 4; or (2) the site security plan, or the implementation of the site security plan, is insufficient to address-- (A) the results of a vulnerability assessment of a chemical source; or (B) a threat of a terrorist release. (c) Compliance.--If the Secretary disapproves a vulnerability assessment or site security plan of a chemical source under subsection (b), the Secretary shall-- (1) provide the owner or operator of the chemical source a written notification of the determination that includes a clear explanation of deficiencies in the vulnerability assessment, site security plan, or implementation of the assessment or plan; (2) consult with the owner or operator of the chemical source to identify appropriate steps to achieve compliance; and (3) if, following that consultation, the owner or operator of the chemical source does not achieve compliance in accordance by such date as the Secretary determines to be appropriate under the circumstances, issue an order requiring the owner or operator to correct specified deficiencies. (d) Protection of Information.--Any determination of disapproval or order made or issued under this section shall be exempt from disclosure under-- (1) section 552 of title 5, United States Code; and (2) any State or local law providing for public access to information. SEC. 6. INTERAGENCY TECHNICAL SUPPORT AND COOPERATION. The Secretary-- (1) may request other Federal agencies to provide technical and analytical support (other than field work) in implementing this Act; and (2) may provide reimbursement for such technical and analytical support received as the Secretary determines to be appropriate. SEC. 7. RECORDKEEPING; SITE INSPECTIONS; PRODUCTION OF INFORMATION. (a) Recordkeeping.--The owner or operator of a chemical source that is required to prepare a vulnerability assessment or site security plan under section 4(a) shall maintain a current copy of those documents. (b) Right of Entry.--In carrying out this Act, the Secretary (or a designee), on presentation of credentials, shall have a right of entry to, on, or through-- (1) any premises of an owner or operator of a chemical source described in subsection (a); and (2) any premises on which any record required to be maintained under subsection (a) is located. (c) Requests for Records.--In carrying out this Act, the Secretary (or a designee) may require the submission of, or, on presentation of credentials, may at reasonable times seek access to and copy-- (1) any records, reports, or other information described in subsection (a); and (2) any other documentation necessary for-- (A) review or analysis of a vulnerability assessment or site security plan; or (B) implementation of a site security plan. (d) Compliance.--If the Secretary determines that an owner or operator of a chemical source is not maintaining, producing, or permitting access to records as required by this section, the Secretary may issue an order requiring compliance with the relevant provisions of this section. SEC. 8. PENALTIES. (a) Judicial Relief.--Any owner or operator of a chemical source that violates or fails to comply with any order issued by the Secretary under this Act or a site security plan submitted to the Secretary under this Act (or, in the case of an exemption described in section 4(d), a procedure, protocol, or standard endorsed or recognized by the Secretary under section 4(c)) may, in a civil action brought in United States district court, be subject, for each day on which the violation occurs or the failure to comply continues, to-- (1) an order for injunctive relief; or (2) a civil penalty of not more than $50,000. (b) Administrative Penalties.-- (1) Penalty orders.--The Secretary may issue an administrative penalty of not more than $250,000 for failure to comply with an order issued by the Secretary under this Act. (2) Notice and hearing.--Before issuing an order described in paragraph (1), the Secretary shall provide to the person against which the penalty is to be assessed-- (A) written notice of the proposed order; and (B) the opportunity to request, not later than 30 days after the date on which the person receives the notice, a hearing on the proposed order. (3) Procedures.--The Secretary may promulgate regulations outlining the procedures for administrative hearings and appropriate review, including necessary deadlines. (c) Treatment of Information in Judicial Proceedings.--Information submitted or obtained by the Secretary, information derived from that information, and information submitted by the Secretary under this Act shall be treated in any judicial or administrative action as if the information were classified material. SEC. 9. PROVISION OF TRAINING. The Secretary may provide training to State and local officials and owners and operators in furtherance of the purposes of this Act. SEC. 10. NO EFFECT ON REQUIREMENTS UNDER OTHER LAW. Except as provided in section 4(i), nothing in this Act affects any duty or other requirement imposed under any other Federal or State law.