Chemical Facility Anti-Terrorism Standards (CFATS) Update

environment

Background

In November 2007, the Department of Homeland Security (DHS) developed the Chemical Facility Anti-Terrorism Standards (CFATS). The CFATS program focuses on preventing chemicals of interest from being stolen, diverted, sabotaged, or deliberately released by terrorists or other bad actors. Under CFATS, chemical facilities possessing more than a threshold amount of specific explosive, toxic, or other “chemical of interest” are required to complete a “top-screen” that notifies DHS that they have these chemicals on-site.

Once a facility submits its top-screen, DHS can direct the facility to submit a Security Vulnerability Assessment (SVA). The SVA provides the basis for DHS to assign the facility to one of four tiers: Tiers 1 and 2 being the highest risk, and Tiers 3 and 4 being the lowest. Tier assignment triggers a requirement to submit a Site Security Plan (SSP) or an Alternative Security Plan (ASP) to DHS for authorization and approval. As of July 2023, CFATS covered approximately 3,200 chemical facilities that were assessed to present a risk of terrorist attack or exploitation.

DHS also implements the CFATS program under a variety of short-term authorizations by Congress. Authorization of the CFATS program lapsed on July 27, 2023, after Congress allowed its statutory authorization to expire.

 

ACA Action

 

Many of ACA’s member facilities are subject to the CFATS requirements, with a clear majority being classified as Tier 4 (lowest risk) and a few classified as Tier 3. ACA and its members strongly support the safe handling and use of chemicals. As such, ACA has long expressed that it is imperative that the CFATS program continues to be reauthorized to ensure the safety and security of chemical facilities.

In July 2023, before the program lapsed, ACA sent letters of support to Congressional leadership for the House Committee on Homeland Security and the Senate Committee on Homeland Security and Governmental Affairs, urging immediate passage of legislation to reauthorize the CFATS program. In its letter, ACA stressed:

“CFATS provides a uniform, national program for regulating chemical security. Continuity of this framework provides the certainty required for the considerable planning and investment decisions that are needed to protect both our facilities and the surrounding communities. Allowing CFATS to expire would open the door for agencies with no anti-terrorism expertise to fill the void, or a patchwork of state and local regulations that may vary widely in scope and effectiveness. This could result in inconsistent anti-terrorism standards across the country and could undermine national security.”

Before the CFATS program expired, the U.S. House of Representatives passed a bill (H.R. 4470) on a 409-1 vote to extend the authorization for two years. A companion Senate bill (S. 2499) did not advance past introduction, and a motion to consider the House-passed bill was blocked in the Senate on July 26, 2023, shortly before the Senate adjourned for fall recess.

After the program expired, the Cybersecurity and Infrastructure Security Agency (CISA), the DHS agency that administered CFATS, issued a statement that it had suspended all program activities related to enforcement and compliance assistance. Additionally, requirements for facilities to maintain existing site security plans/programs and to report possession of certain “chemicals of interest” were suspended. CISA encouraged previously covered chemical facilities to maintain existing security measures and noted the availability of its resources for adoption of voluntary best practices under the ChemLock initiative, which provides a toolkit of on-site assessments and assistance, exercise packages, on-demand training, and online informational guidance. CISA also circulated other guidance documents, resources, and information for industry after the chemical security program expired.

Absent congressional action to reauthorize CFATS, continuing DHS infrastructure security and resilience activities in the chemical sector would rely mainly on voluntary public-private partnerships (as is the case in most other critical infrastructure sectors). Entities formerly covered by CFATS regulations may choose to engage in critical infrastructure security and resilience partnerships, while also maintaining or improving certain security practices and risk mitigation investments. However, they are no longer required to do so.

The safe handling and use of chemicals is a priority of ACA and industry, and it is crucial that the CFATS program is reauthorized to help protect and secure our facilities from terrorism. ACA is currently working with Congress, DHS, and other trade associations to ensure that the CFATS program is swiftly reinstated. ACA will continue to advocate for reauthorization and will report on any legislative developments.

ACA Staff

Rhett Cash
Counsel, Government Affairs

Heidi K. McAuliffe
Vice President, Government Affairs