On Thursday, the Senate concentrated on passing the FY2024 National Defense Authorization Act, working late to wrap up the reauthorization package before leaving town. The $886 billion legislation passed 86-11, and lawmakers subsequently left for the summer recess.
They left for the break without first taking up House legislation to reauthorize the Chemical Facility Anti-Terrorism Standards (CFATS) program managed by the Cybersecurity and Infrastructure Security Agency (CISA). It expired Thursday, with senators now gone until Sept. 5.
The National Association of Chemical Distributors has been pressing Congress to not let the program sunset. President and CEO Eric R. Byer said today that with the expiration of CFATS “our nation’s sensitive chemical facilities have the difficult challenge of navigating a wide range of national security risks — including physical, cyber, and emerging artificial intelligence risks — on their own.”
“The industry will be left to manage these threats without the invaluable insight and partnership with the U.S Department of Homeland Security,” he added. “Given the vital role of chemicals in our economy and their unique vulnerabilities, it’s imperative that we take the necessary steps to protect this critical infrastructure from a range of threats posed by the country’s adversaries.”
The House passed H.R. 4470, the Protecting and Securing Chemical Facilities from Terrorist Attacks Act, on Tuesday by a vote of 409-1. The lone dissent vote came from Rep. Thomas Massie (R-Ky.).
That bill was introduced July 6 by Rep. Laurel Lee (R-Fla.) and co-sponsored by House Homeland Security Committee Chairman Mark Green (R-Tenn.) along with Reps. David Joyce (R-Ohio) and Jerry Carl (R-Ala.).
“I applaud the House for working in a bipartisan manner to reauthorize the CFATS Program, ensuring communities across the country can remain protected from terrorist attacks,” Lee said. “Collaboration between industry leaders and the Department of Homeland Security has never been more important with cyberattacks becoming more common.”
A Senate version of CFATS reauthorization legislation, S. 2178, was introduced in the upper chamber on June 22 by Senate Homeland Security and Governmental Affairs Chairman Gary Peters (D-Mich.). Co-sponsors are Sens. Shelley Moore Capito (R-W.Va.), Tom Carper (D-Del.), and James Lankford (R-Okla.).
The Senate bill extends CFATS through Oct. 1, 2028, and the House version extends the program until July 27, 2025.
CFATS identifies and regulates high-risk facilities to ensure security measures are in place to reduce the risk that certain dangerous chemicals are weaponized by terrorists. Under the program, a chemical facility is defined as any establishment or individual possessing or planning to possess any of more than 300 chemicals of interest or above the listed screening threshold quantity and concentration.
As of May, CFATS covered about 3,200 facilities that must report their chemicals to CISA via an online survey, known as a Top-Screen. CISA uses this information to determine whether the facility is considered high-risk and must develop a security plan.
CFATS previously had been extended by Congress with bipartisan support four times.
House Homeland Security Committee Ranking Member Bennie Thompson (D-Miss.) called it “reprehensible” that the Senate left town without extending the authorization for the broadly bipartisan “one and only federal chemical security regulation.” Thompson also accused House Republicans of “moving legislation at the last possible minute” instead of acting “months ago to conduct oversight, hold hearings, and advance must-pass legislation to reauthorize CFATS operations, as Republican and Democratic majorities have done so in the past.”
“This makes America less safe, as chemical facilities won’t be required to maintain security measures for high-risk chemical plants,” Thompson said. “It also means DHS won’t be able to provide terrorist vetting services for chemical facility employees, contractors, or other individuals with access to dangerous chemicals. This is a shame and a completely unforced error.”
Byer, who said he is “incredibly disappointed” in the Senate’s failure to reauthorize CFATS in time, stressed that the lack of action is “potentially leaving our nation’s security exposed.”
“NACD will continue to work with congressional leaders to underscore the importance of this critical program and call on Congress to immediately reinstate and extend CFATS to ensure the security of the American people,” Byer said.
Brian Harrell, former Assistant Director for Infrastructure Security at CISA, which oversaw the Office of Chemical Security, told HSToday that “while CFATS is a useful program that demonstrates chemical security risk-reduction, it also needs to be updated.”
“Very few updates have materialized from its original authorization in 2007,” Harrell said. “Every time we reauthorize a ‘clean’ bill, there’s an acknowledgement that we need to modernize the standards, but then DHS never does. The CFATS cyber performance-standards are lackluster, and it still does not sufficiently take into account emerging risks like insider threat or overhead concerns from drones, despite staff stretching loose interpretations of compliance.”
“I appreciate that CFATS works with industry to mitigate security risks, but in order to justify its monumental $1B historical price tag, it needs to mature with the times,” he added. “Status quo is an eventual death sentence for security regulations where tactics and threat actors are constantly changing.”
Harrell said he believes the chemical sector “loves this regulation because the standards never mature, nearly no fines are levied, and the costs to ‘comply’ never go up.”
“The very small handful of companies to ever receive a monetary fine are small businesses, which seems a bit backwards,” he said. “I do appreciate that most chemical facilities fall outside of CFATS regulation, so the voluntary program that we conceptualized back in 2019 is a huge feather in the modern-day-cap.”
The American Chemistry Council said in a statement today that the country “lost a valuable tool in the ongoing fight against terrorism” with the expiration of CFATS — a program that “provides a strong yet flexible national approach to chemical security.”
“The Senate failed us by adjourning without acting to keep CFATS in place,” the ACC said. “The loss of CFATS creates immediate risks and problems by limiting the ability to vet personnel, increasing exposure to cyber threats, and opening the door to a patchwork of federal and state regulations. Congress must get back to work immediately to reinstate CFATS to help keep our industry and America safe.”
