[Federal Register Volume 86, Number 3 (Wednesday, January 6, 2021)]
[Proposed Rules]
[Pages 495-498]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-27768]
�========================================================================
�Proposed Rules
� Federal Register
�________________________________________________________________________
�
�This section of the FEDERAL REGISTER contains notices to the public of
�the proposed issuance of rules and regulations. The purpose of these
�notices is to give interested persons an opportunity to participate in
�the rule making prior to the adoption of the final rules.
�
�========================================================================
�
��Federal Register / Vol. 86, No. 3 / Wednesday, January 6, 2021 /
Proposed Rules��
[[Page 495]]
DEPARTMENT OF HOMELAND SECURITY
6 CFR Part 27
[Docket No. CISA-2020-0014]
RIN 1670-AA03
Removal of Certain Explosive Chemicals From the Chemical Facility
Anti-Terrorism Standards
AGENCY: Cybersecurity and Infrastructure Security Agency, DHS.
ACTION: Advance Notice of Proposed Rulemaking (ANPRM).
-----------------------------------------------------------------------
SUMMARY: The Cybersecurity and Infrastructure Security Agency (CISA) is
considering removing all 49 Division 1.1 explosive chemicals of
interest from Appendix A of the Chemical Facility Anti-Terrorism
Standards (CFATS) regulations. Currently, both CISA and the Bureau of
Alcohol, Tobacco, Firearms and Explosives (ATF) regulate facilities
possessing these chemicals for security concerns. Removing these
chemicals of interest from coverage under CFATS would reduce regulatory
requirements for facilities currently covered by both CFATS and ATF's
regulatory frameworks and relieve compliance burdens for a small number
of affected facilities.
DATES: Comments on this ANPRM must be received by March 8, 2021.
ADDRESSES: You may submit comments, identified by docket number CISA-
2020-0014 through the Federal eRulemaking Portal available at http://www.regulations.gov. Follow the instructions for submitting comments.
Instructions: All comments received via https://www.regulations.gov
will be posted to the public docket at https://www.regulations.gov,
including any personal information provided.
Do not submit comments that include trade secrets, confidential
commercial or financial information, Chemical-terrorism Vulnerability
Information (CVI), Protected Critical Infrastructure Information
(PCII), or Sensitive Security Information (SSI) directly to the public
regulatory docket. Contact the individual listed in the FOR FURTHER
INFORMATION CONTACT section below with questions about comments
containing such protected information. CISA will not place comments
containing such protected information in the public docket and will
handle them in accordance with applicable safeguards and restrictions
on access. Additionally, CISA will hold them in a separate file to
which the public does not have access and place a note in the public
docket that CISA has received such protected materials from the
commenter. If CISA receives a request to examine or copy this
information, CISA will treat it as any other request under the Freedom
of Information Act (FOIA), 5 U.S.C. 552, and the Department's FOIA
regulation found in part 5 of Title 6 of the Code of Federal
Regulations (CFR).
Docket: For access to the docket and to read comments received
visit http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: Lona Saccomando, (703) 603-4868,
[email protected].
SUPPLEMENTARY INFORMATION:
I. Regulatory Information
CISA is issuing this Advance Notice of Proposed Rulemaking (ANPRM)
to solicit comments on the advisability of removing Division 1.1
explosives from Appendix A to the Chemical Facility Anti-Terrorism
Standards (CFATS) regulations located at 6 CFR part 27. As described
below, we believe that these regulations may be unnecessarily
burdensome for facilities that are already subject to security
regulations for the same chemicals by another Federal agency, ATF. We
encourage comments describing the nature of compliance operations in
cases where regulatory duplication and overlap may exist, as well as on
the costs and benefits of CFATS-specific security measures.
II. Background
CISA's CFATS program is an important part of our nation's
counterterrorism efforts. The agency works with industry stakeholders
to keep dangerous chemicals out of the hands of persons or
organizations who wish to harm the United States. Since the CFATS
program was created, the Department of Homeland Security (DHS) \1\ has
engaged with industry representatives to identify high-risk chemical
facilities to ensure security measures are in place to reduce the risks
associated with their possession of Chemicals of Interest (COI) listed
on Appendix A to the CFATS regulations. The progress made in securing
high-risk chemical facilities through the CFATS program since its
implementation has significantly enhanced the security of the nation's
chemical infrastructure.
---------------------------------------------------------------------------
\1\ We note that CISA was created in 2018, and that the CFATS
program was previously run by an element of the Department of
Homeland Security with a different name. In this document, we refer
to CISA when describing present-day actions, and DHS when referring
to actions that took place prior to 2018.
---------------------------------------------------------------------------
The CFATS program identifies chemical facilities of interest and
regulates the security of high-risk chemical facilities through risk-
based performance standards.\2\ The COI are listed in Appendix A to the
CFATS regulations. If chemical facilities of interest possess the COI
in the amounts and concentrations listed in Appendix A, chemical
facilities of interest must complete and submit a Top-Screen survey to
CISA.\3\ CISA evaluates the information submitted in a Top-Screen and
performs a risk assessment. Based upon this risk assessment, CISA
determines which chemical facilities of interest qualify as high risk
and are subject to full coverage under CFATS. Each of these covered
chemical facilities is assigned a tier that ranges from Tier 1 (the
highest risk of the high-risk covered chemical facilities) to Tier 4
(the lowest risk of the high-risk covered chemical facilities).\4\ A
facility that is determined to present a high-risk is required to
develop and submit a Site Security Plan (SSP) addressing 18 risk-based
performance standards containing physical security, cybersecurity, and
various other security-focused measures and procedures.
---------------------------------------------------------------------------
\2\ The Protecting and Securing Chemical Facilities from
Terrorist Attacks Act of 2014 (also known as the CFATS Act of 2014,
Public Law 113-254) codified the CFATS program into the Homeland
Security Act of 2002. See 6 U.S.C. 621 et seq., as amended by Public
Law 116-136, Sec. 16007 (2020).
\3\ See 6 CFR 27.200(b)(2).
\4\ See 6 CFR 27.220.
---------------------------------------------------------------------------
On November 20, 2007, DHS published a list of COI in Appendix A to
6 CFR part 27.\5\ The final version of
[[Page 496]]
Appendix A included 49 chemicals that the Department of Transportation
(DOT) lists as Class 1, Division 1.1 explosives at 49 CFR 172.101, with
two broad exceptions.\6\ Appendix A classifies all Division 1.1
explosives as posing both Release-Explosive and Theft/diversion-
Explosives/Improvised Explosive Device Precursor (Theft/diversion-EXP/
IEDP) security issues.
---------------------------------------------------------------------------
\5\ Appendix A to the CFATS Final Rule, 72 FR 65396, 65420-65434
(Nov. 20, 2007).
\6\ These exceptions include explosives which DOT uses a generic
shipping name with the suffix ``N.O.S.'' or ``not otherwise
specified'', and articles or devices listed on DOT's Hazardous
Materials Table at 49 CFR 172.101. See 75 FR at 65402-03.
---------------------------------------------------------------------------
DHS included Division 1.1 explosives in Appendix A notwithstanding
the Department of Justice's ATF regulation of the purchase, possession,
storage, and transportation of the same types of explosives.\7\ In an
ANPRM that preceded the promulgation of the CFATS regulations and
Appendix A, DHS noted that the authorizing statute \8\ for CFATS
excluded many types of facilities that were already the subject of
existing federal security regulations.\9\ This suggested a possibility
of regulatory overlap between CFATS and ATF regulatory programs. DHS
stated that ``where there is concurrent jurisdiction [between DHS and
ATF or another Federal agency], the Department will work closely with
other Federal agencies [(e.g., ATF)] to ensure that regulated
facilities can comply with applicable regulations while minimizing any
duplication.'' \10\
---------------------------------------------------------------------------
\7\ See 27 CFR part 555, subpart C.
\8\ See Public Law 109-295, sec. 550 (Oct. 4, 2006) (codified as
amended at 6 U.S.C. 621(3)(B) and (4)).
\9\ See Chemical Facility Anti-Terrorism Standards; Advance
Notice of Rulemaking, 71 FR 78276, 78290 (Dec. 28, 2006).
\10\ See Chemical Facility Anti-Terrorism Standards; Interim
Final Rule, 72 FR 17688, 17718-19 (Apr. 9, 2007).
---------------------------------------------------------------------------
Division 1.1 explosives included in Appendix A are ``explosive
materials'' as defined in 18 U.S.C. 841(c) and are subject to ATF
regulation. ATF regulations require persons storing any explosives to
follow certain safety and theft-prevention precautions, including
specific requirements governing the secure storage of explosives and
inspection of magazines.\11\ While ATF regulations and CFATS
regulations are both geared towards preventing the theft and release of
explosive materials, the two agencies do not regulate facilities in a
similar manner, which can potentially lead to additional security
efforts and regulatory compliance burdens for Division 1.1 explosives.
The business premises of an explosives licensee or permittee is subject
to entry by ATF for the specific purpose of inspective or examining
records and documents required to be kept by a licensee or permitee
pursuant to 18 U.S.C. chapter 40 and its implementing regulations, as
well as any explosive materials kept or stored at the premises.\12\
While magazines in which explosive materials are stored must meet
standards of public safety and security against theft as provided in 27
CFR part 555, subpart K, ATF may not require additional measures--such
as those described above in the CFATS regulations--to address security
risks or vulnerability to terrorist attack or incident of a business
premises when issuing a new or renewal license or permit.\13\
---------------------------------------------------------------------------
\11\ See 27 CFR part 555, subpart K.
\12\ See 18 U.S.C. 843(f) and 27 CFR 555.24.
\13\ See 18 U.S.C. 843 and 27 CFR part 555, subparts D and E.
---------------------------------------------------------------------------
CFATS and ATF regulations differ substantially, and the interaction
between them can be complex. In many instances, compliance with the
measures required to comply with ATF regulations and industry best
practices result in some facilities not tiering as high-risk under
CFATS. Therefore, this small portion of facilities has no additional
regulatory obligations under CFATS after submission of a Top-Screen.
For example, all explosives must be stored in compliance with ATF
standoff-distance \14\ and similar requirements, which mitigate the
consequences of an explosion at the facility. The consequences from an
explosion is a factor that CISA uses to determine whether a facility is
high-risk. Because facilities that possess threshold quantities of
release-explosive COI are required to comply with ATF standoff/storage
regulations, CISA has never designated a facility as high risk on the
basis that the facility contains COI classified as a ``release-
explosives'' threat.
---------------------------------------------------------------------------
\14\ ``Standoff distance'' refers to the requirement that
explosive materials be stored a prescribed distance away from
inhabited buildings, public highways, other magazines, and other
infrastructure. See 27 CFR 555.218-224.
---------------------------------------------------------------------------
While the above is an example of a way in which CFATS and ATF
regulations dovetail effectively, sometimes the regulations do not
correspond so cleanly. For example, a small number of facilities,
despite adhering to ATF regulations regarding the secure storage of
explosive materials,\15\ have been: (1) Considered high-risk under
CFATS as a result of possession of explosives under the ``theft/
diversion'' security issue, and (2) required to implement additional
security measures to satisfy CFATS requirements, such as implementing
cybersecurity and detection mechanisms.
---------------------------------------------------------------------------
\15\ See 27 CFR part 555, subpart K.
---------------------------------------------------------------------------
The partial regulatory overlap has led to frustration among some
stakeholders in the explosives community and has led CISA to conduct a
comprehensive review of the respective programs' regulatory
requirements. As a result, CISA is considering modifications to
Appendix A to remove Division 1.1 explosive chemicals from the COI
listed in Appendix A.
III. Discussion
It is the policy of the executive branch to prudently manage the
costs associated with governmental imposition of private expenditures
required to comply with Federal regulations.\16\ Agencies have long
been charged to ``avoid regulations that are inconsistent,
incompatible, or duplicative with [their] other regulations or those of
other Federal agencies.'' \17\ Given these and other polices, and given
the partial overlap between DHS and ATF regulations on Division 1.1
explosives, as well as the relatively small number of facilities
subject to this overlap, CISA is reconsidering whether to regulate
facilities that possess explosives subject to ATF regulations is
``prudent and financially responsible in the expenditure of funds, from
both public and private sources.''
---------------------------------------------------------------------------
\16\ Exec. Order No. 13,771, Sec. 1., 82 FR 9339 at 9339 (Feb.
3, 2017).
\17\ Exec. Order No. 12,866, Sec. 1(b)(10), 58 FR 51735 (Oct. 4,
1993).
---------------------------------------------------------------------------
At this time, CISA is considering whether the elimination of the
burden of dual regulation of Division 1.1 explosive chemicals between
CISA and ATF programs could be warranted. To this end, CISA is
soliciting comments on amending Appendix A to remove all Division 1.1
explosives from the list of COI listed in Appendix A. If Appendix A is
so amended, facility operators would no longer be required to count
Division 1.1 explosives when determining whether their facilities are
subject to the Top-Screen requirements pursuant to 6 CFR 27.200.
At the time of the promulgation of CFATS, DHS believed that the
increased security value of having high-risk facilities that possessed
Division 1.1 explosives regulated under CFATS was worth the increased
cost. In 2007, DHS distinguished its approach from the deference that
the Environmental Protection Agency (EPA) had shown ATF regulations by
noting that ``EPA's decisions were based on safety and the prevention
of an accidental release [and that] DHS is concerned with an
[[Page 497]]
intentional attack on an explosives facility.'' \18\ For these reasons,
CFATS listed Division 1.1 explosives as presenting both Release-
Explosive \19\ and Theft/diversion-EXP/IEDP \20\ security issues.
---------------------------------------------------------------------------
\18\ 72 FR 65396, 65403 (emphasis added).
\19\ Release-Explosive chemicals have potential to affect
populations within and beyond the facility if intentionally
denotated. 72 FR 65396, 65397 (Nov. 20, 2007).
\20\ Theft/Diversion-Explosives EXP/IEDP chemicals could be
stolen or diverted and used in explosives or IEDs. Id. at 65397.
---------------------------------------------------------------------------
However, since implementation of the CFATS program, CISA has found
that, for many facilities, possession of Division 1.1 explosives at the
quantity triggering reporting for the Release-Explosive security issue
under CFATS (i.e., 5,000 pounds or more) would not result in the risk
of a large number of fatalities if attacked. Thus, CISA does not
currently regulate any facilities for possession of Division 1.1
explosives for the Release-Explosive security concern. This is because
facilities that possess Division 1.1 explosives are required to comply
with ATF's table of distances for storage of explosive materials (i.e.
standoff distances) at 27 CFR 555.218-224. The enhanced CFATS risk-
tiering methodology implemented beginning in October 2016 accounts for
the increased security resulting from ATF's table-of-distance
regulations, which protects against offsite impacts of an explosive
release, whether accidental or intentional.
We note that while ATF's and CISA's regulations differ
substantially, other agencies have deferred to ATF's explosives
expertise when considering regulation of explosives facilities. In
1998, while developing the Risk Management Plan regulations, the EPA
issued a final rule removing Division 1.1 explosives from its list of
regulated substances for accidental release prevention.\21\ In removing
Division 1.1 explosives from regulation, the EPA concluded that the ``.
. . current [ATF and other] regulations and current and contemplated
industry practices promote safety and accident prevention in storage,
handling, transportation, and use of explosives,'' making them adequate
for EPA's purposes.\22\ While the ATF regulates explosives materials
and the CFATS regulates the chemical facilities possessing explosive
materials, CISA notes that ATF's current regulations address a number
of the same safety and security precautions as the CFATS regulations
for Division 1.1 explosives.
---------------------------------------------------------------------------
\21\ List of Regulated Substances and Thresholds for Accidental
Release Prevention; Amendments, 63 FR 640, 641 (Jan. 6, 1998)
(announcing effective date of final rule amending 40 CFR part 68).
\22\ Id.
---------------------------------------------------------------------------
Other facilities that possess Division 1.1 explosives are
considered high-risk under CFATS under the Theft/diversion-EXP/IEDP
security issue, in part because of the concerns presented by the
prospect of physical or cyber-focused security breaches. CISA currently
regulates 85 facilities that possess Division 1.1 explosive COI under
the Theft/diversion-EXP/IEDP security issue. Many of these facilities
possess other COI regulated by CFATS that are not Division 1.1
explosives. If Division 1.1 explosives were removed from Appendix A,
CISA estimates that 24 facilities would no longer be regulated as high-
risk under CFATS.
Though CFATS includes cybersecurity and some other requirements
such as security plans, security equipment, training, or recording/
reporting of threats that are not accounted for in ATF's framework, ATF
regulations include some important theft-prevention and inventory-
tracking standards \23\ and adherence with ATF requirements is verified
through periodic regulatory inspections of ATF's construction and
locking requirements for magazines as well as reporting of theft/
loss.\24\ For these reasons, it may be appropriate to rely solely on
ATF's standards to address the threat that Division 1.1 explosives
could be diverted. Further supporting this argument is the fact that
ATF's secure-storage and related requirements appear to have
successfully driven down the number of thefts of commercial explosives
nationwide--with only three such thefts having been reported during the
2019 calendar year.\25\ However, there has been a slight increase in
the number of reported losses.\26\ ATF's standards are applied across
the explosives industry, covering thousands of entities that
manufacture, distribute, receive, ship, and/or import explosives, while
DHS' standards are applied only to a small number of the highest-risk
facilities (85 chemical facilities). Given the wide application of ATF
regulations across the explosives industry and their success in
limiting thefts of commercial explosives, we believe there may be value
in uniform application of security measures for these materials.
---------------------------------------------------------------------------
\23\ See 27 CFR part 555.
\24\ See 27 CFR 555.207-211 and 555.30.
\25\ United States Bomb Data Center, 2019 Explosives Incident
Report, 15 (2019), https://www.atf.gov/file/143481/download.
\26\ Id. at 16. The number of reported losses at commercial
facilities nationwide has increased somewhat in the past five years,
from 95 in 2015 to 113 in 2019.
---------------------------------------------------------------------------
IV. Request for Comments
Prior to implementing the enhanced tiering methodology in October
of 2016, DHS published a CFATS ANPRM on August 18, 2014, to seek public
comment on ways in which the CFATS regulation and program might be
improved.\27\ The ANPRM solicited public comments on any and all
aspects of 6 CFR part 27, including Appendix A. The Department also
conducted seven listening sessions for the ANPRM. In addition, the
Department published a notice on October 16, 2015 in the Federal
Register soliciting additional public comments through November 30,
2015 about Appendix A to the CFATS regulation and conducted a
roundtable discussion and public listening session on October 27,
2015.\28\
---------------------------------------------------------------------------
\27\ CFATS Advance Notice of Proposed Rulemaking, 79 FR 48693
(Aug. 18, 2014).
\28\ CFATS Appendix A, Notice of Public Meeting, 80 FR 62504
(Oct. 16, 2015).
---------------------------------------------------------------------------
In response to the 2014 CFATS ANPRM, the Department received
several detailed comments relevant to the coverage of Division 1.1
explosives under CFATS generally encouraging the Department to remove
Division 1.1 explosives for both release-explosive and theft/diversion-
EXP/IEDP security issues.\29\ Commenters also generally suggested that
ATF's regulations governing commerce in explosives located at 27 CFR
part 555 are sufficient and that the security obligations imposed by
CFATS under 6 CFR part 27 are unnecessary. CISA also published a
retrospective economic analysis of the CFATS program and received one
responsive comment about facilities that are regulated by CFATS and the
ATF.\30\
---------------------------------------------------------------------------
\29\ The public comments provided in response to the August 2014
ANPRM are posted on www.regulations.gov under docket number DHS-
2014-0016.
\30\ Retrospective Analysis of the Chemical Facility Anti-
Terrorism Standards, 85 FR 37393 (Jun. 22, 2020).
---------------------------------------------------------------------------
In light of the time that has passed since 2015, and the changes to
the tiering methodology made since then, CISA is soliciting comments
from stakeholders on the current coverage of release-explosive and
theft/diversion-EXP/IEDP COI under CFATS and on the proposed
elimination of these COI from Appendix A. Specifically:
(1) Should CISA remove Division 1.1 explosives for consideration as
a release-explosive security concern? Why or why not?
(2) Should CISA remove Division 1.1 explosives for consideration as
a theft/diversion-EXP/IEDP security concern? Why or why not?
[[Page 498]]
(3) How would the removal of Division 1.1 explosives impact the
security posture of chemical facilities?
(4) Would the removal of Division 1.1 explosives impact the
regulatory burden of CFATS on chemical facilities? If so, in what ways
and to what extent?
V. Signature
The Acting Secretary of Homeland Security, Chad F. Wolf, having
reviewed and approved this document, has delegated the authority to
electronically sign this document to Chad R. Mizelle, who is the Senior
Official Performing the Duties of the General Counsel for DHS, for
purposes of publication in the Federal Register.
Chad R. Mizelle,
Senior Official Performing the Duties of the General Counsel Department
of Homeland Security.
[FR Doc. 2020-27768 Filed 1-5-21; 8:45 am]
BILLING CODE 4410-10-P