The government is worried about the safety of chemical facilities across the country after its power to keep dangerous substances out of the hands of extremists lapsed a month ago.
The Department of Homeland Security has long had the ability to inspect facilities where chemicals are used or stored to make sure their security systems are in place. And the facilities themselves have been required to vet prospective employees for any terrorism links.
But the program, called the Chemical Facility Anti-Terrorism Standards, expired July 28 after Congress failed to renew it. Homeland Security officials say this left gaping holes in the country’s national security, and they are calling on Congress to act quickly when it returns this week.
“The risk that terrorists could access and weaponize the dangerous chemicals produced in these facilities increases by the day,” Homeland Security Secretary Alejandro Mayorkas told attendees at the Chemical Security Summit held in northern Virginia last week.
The program requires any facility that has a certain quantity of any of a long list of “chemicals of interest” to report the information to the Department of Homeland Security. The Cybersecurity & Infrastructure Security Agency, which falls under DHS, then determines whether the facility is considered high risk and therefore must develop a security plan. The agency assesses the plan to make sure it addresses things like physical security as well as cybersecurity, and then it does inspections to make sure companies are in compliance.
There are more than 300 chemicals on the list, including substances like chlorine and sodium nitrate. There are about 3,200 high-risk facilities across the country, according to agency data.
The regulations apply not just to chemical manufacturing or distribution companies but to any facility that uses the chemicals in certain quantities, such as those related to agriculture, plastics or pharmaceuticals, to name a few.
Facilities also send the names of prospective employees to Homeland Security so they can be checked for links to extremist groups. CISA official Kelly Murray said at the conference that before the program expired, about 300 names per day were being run through databases. That has stopped.
Congress gave the department the authority to begin the chemical security program in 2006, and it went into effect the following year. But Congress also has to renew the authority every few years. So far it has. This summer, the House overwhelmingly voted to reauthorize it. But then the Senate failed to do so after Sen. Rand Paul raised objections.
Paul, a Kentucky Republican, said in a July 26 Congressional speech that such regulations favor big businesses because they create a barrier to new companies coming into the market and that even if these regulations didn’t exist, companies would still keep security measures in place out of self-interest.
“My guess is if the program didn’t exist, they would still all have fences and barbed wire and protections against terrorism because they want to protect their investment,” Paul said.
He said the legislation was being rushed though the Senate without enough consideration, such as whether it was duplicating other government programs. He said despite his reservations he’d vote to approve it if the Senate also approved his plan to implement a scoring system by which any proposed government program would be assessed to see whether it duplicates programs already in existence. With the Senate in recess all of August and only set to return Tuesday, there’s been no movement on reauthorizing the rule.
A notice on CISA’s website warns that the program has lapsed. As a result, the agency says, facilities are no longer required to report chemicals of interest and the agency cannot perform inspections or require facilities to implement a site security plan.
Homeland Security officials say the program’s lapse has left them without a vital security tool. The agency does about 160 inspections a month of chemical facilities, Jen Easterly, who heads the Cybersecurity & Infrastructure Security Agency, told attendees at last week’s conference.
Murray said in the meantime the department is diverting staff to a program called ChemLock, which helps companies that use or handle potentially dangerous chemicals keep them secure. But that program is entirely voluntary, so there’s nothing the department can do if companies don’t comply. And Murray said she’s worried about retaining staff if the program is not reauthorized soon.
Many in the industry say they’re also worried at the program’s lapse.
“I think it’s a shame, to be blunt. It’s a program that has proven to be successful,” said Matt Fridley, senior director for security and safety at Brenntag, an international chemical distribution company with 17,500 employees across 72 countries. He said the program is focused on helping companies figure out what’s wrong and remedying it, as opposed to just fining them. “They’re into the find it and fix it,” he said.
He said a company the size of Brenntag can and will continue with security plans already in place, but he said there’s always a concern that companies facing competing financial pressures might not.
Scott Jensen, a spokesman for the American Chemistry Council, which represents more than 190 companies, said another big concern for companies is the loss of vetting of prospective employees through DHS’ terrorist databases.