H.R. 2868 (111th): Continuing Chemical Facilities Antiterrorism Security Act of 2010

111th Congress, 2009–2010. Text as of Nov 06, 2009 (Passed the House (Engrossed)).

Status & Summary | PDF | Source: GPO

I

111th CONGRESS

1st Session

H. R. 2868

IN THE HOUSE OF REPRESENTATIVES

AN ACT

To amend the Homeland Security Act of 2002 to enhance security and protect against acts of terrorism against chemical facilities, to amend the Safe Drinking Water Act to enhance the security of public water systems, and to amend the Federal Water Pollution Control Act to enhance the security of wastewater treatment works, and for other purposes.

1.

Short title; table of contents

(a)

Short title

This Act may be cited as the Chemical and Water Security Act of 2009.

(b)

Table of contents

The table of contents for this Act is as follows:

Sec. 1. Short title; table of contents.

Title I—CHEMICAL FACILITY SECURITY

Sec. 101. Short title.

Sec. 102. Findings and purpose.

Sec. 103. Extension, modification, and recodification of authority of Secretary of Homeland Security to regulate security practices at chemical facilities.

Title II—DRINKING WATER SECURITY

Sec. 201. Short title.

Sec. 202. Intentional acts affecting the security of covered water systems.

Sec. 203. Study to assess the threat of contamination of drinking water distribution systems.

Title III—WASTEWATER TREATMENT WORKS SECURITY

Sec. 301. Short title.

Sec. 302. Wastewater treatment works security.

I

CHEMICAL FACILITY SECURITY

101.

Short title

This title may be cited as the Chemical Facility Anti-Terrorism Act of 2009.

102.

Findings and purpose

(a)

Findings

Congress makes the following findings:

(1)

The Nation’s chemical sector represents a target that terrorists could exploit to cause consequences, including death, injury, or serious adverse effects to human health, the environment, critical infrastructure, public health, homeland security, national security, and the national economy.

(2)

Chemical facilities that pose such potential consequences and that are vulnerable to terrorist attacks must be protected.

(3)

The Secretary of Homeland Security has statutory authority pursuant to section 550 of the Department of Homeland Security Appropriations Act, 2007 (Public Law 109–295) to regulate the security practices at chemical facilities that are at significant risk of being terrorist targets.

(4)

The Secretary of Homeland Security issued interim final regulations called the Chemical Facility Anti-Terrorism Standards, which became effective on June 8, 2007.

(b)

Purpose

The purpose of this title is to modify and make permanent the authority of the Secretary of Homeland Security to regulate security practices at chemical facilities.

103.

Extension, modification, and recodification of authority of Secretary of Homeland Security to regulate security practices at chemical facilities

(a)

In General

The Homeland Security Act of 2002 (6 U.S.C. 101 et seq.) is amended by adding at the end the following new title:

XXI

Regulation of Security Practices at Chemical Facilities

2101.

Definitions

In this title, the following definitions apply:

(1)

The term chemical facility means any facility—

(A)

at which the owner or operator of the facility possesses or plans to possess at any relevant point in time a substance of concern; or

(B)

that meets other risk-related criteria identified by the Secretary.

(2)

The term chemical facility security performance standards means risk-based standards established by the Secretary to ensure or enhance the security of a chemical facility against a chemical facility terrorist incident that are designed to address the following:

(A)

Restricting the area perimeter.

(B)

Securing site assets.

(C)

Screening and controlling access to the facility and to restricted areas within the facility by screening or inspecting individuals and vehicles as they enter, including—

(i)

measures to deter the unauthorized introduction of dangerous substances and devices that may facilitate a chemical facility terrorist incident or actions having serious negative consequences for the population surrounding the chemical facility; and

(ii)

measures implementing a regularly updated identification system that checks the identification of chemical facility personnel and other persons seeking access to the chemical facility and that discourages abuse through established disciplinary measures.

(D)

Methods to deter, detect, and delay a chemical facility terrorist incident, creating sufficient time between detection of a chemical facility terrorist incident and the point at which the chemical facility terrorist incident becomes successful, including measures to—

(i)

deter vehicles from penetrating the chemical facility perimeter, gaining unauthorized access to restricted areas, or otherwise presenting a hazard to potentially critical targets;

(ii)

deter chemical facility terrorist incidents through visible, professional, well-maintained security measures and systems, including security personnel, detection systems, barriers and barricades, and hardened or reduced value targets;

(iii)

detect chemical facility terrorist incidents at early stages through counter-surveillance, frustration of opportunity to observe potential targets, surveillance and sensing systems, and barriers and barricades; and

(iv)

delay a chemical facility terrorist incident for a sufficient period of time so as to allow appropriate response through on-site security response, barriers and barricades, hardened targets, and well-coordinated response planning.

(E)

Securing and monitoring the shipping, receipt, and storage of a substance of concern for the chemical facility.

(F)

Deterring theft or diversion of a substance of concern.

(G)

Deterring insider sabotage.

(H)

Deterring cyber sabotage, including by preventing unauthorized onsite or remote access to critical process controls, including supervisory control and data acquisition systems, distributed control systems, process control systems, industrial control systems, critical business systems, and other sensitive computerized systems.

(I)

Developing and exercising an internal emergency plan for owners, operators, and covered individuals of a covered chemical facility for responding to chemical facility terrorist incidents at the facility, including the provision of appropriate information to any local emergency planning committee, local law enforcement officials, and emergency response providers to ensure an effective, collective response to terrorist incidents.

(J)

Maintaining effective monitoring, communications, and warning systems, including—

(i)

measures designed to ensure that security systems and equipment are in good working order and inspected, tested, calibrated, and otherwise maintained;

(ii)

measures designed to regularly test security systems, note deficiencies, correct for detected deficiencies, and record results so that they are available for inspection by the Secretary; and

(iii)

measures to allow the chemical facility to promptly identify and respond to security system and equipment failures or malfunctions.

(K)

Ensuring mandatory annual security training, exercises, and drills of chemical facility personnel appropriate to their roles, responsibilities, and access to a substance of concern, including participation by local law enforcement, and local emergency response providers, and appropriate supervisory and non-supervisory facility employees and their employee representatives, if any.

(L)

Performing personnel surety for individuals with access to restricted areas or critical assets by conducting appropriate background checks and ensuring appropriate credentials for unescorted visitors and chemical facility personnel, including permanent and part-time personnel, temporary personnel, and contract personnel, including—

(i)

measures designed to verify and validate identity;

(ii)

measures designed to check criminal history;

(iii)

measures designed to verify and validate legal authorization to work; and

(iv)

measures designed to identify people with terrorist ties.

(M)

Escalating the level of protective measures for periods of elevated threat.

(N)

Specific threats, vulnerabilities, or risks identified by the Secretary for that chemical facility.

(O)

Reporting of significant security incidents to the Secretary and to appropriate local law enforcement officials.

(P)

Identifying, investigating, reporting, and maintaining records of significant security incidents and suspicious activities at or near the covered chemical facility.

(Q)

Establishing one or more officials and an organization responsible for—

(i)

security;

(ii)

compliance with the standards under this paragraph;

(iii)

serving as the point of contact for incident management purposes with Federal, State, local, and tribal agencies, law enforcement, and emergency response providers; and

(iv)

coordination with Federal, State, local, and tribal agencies, law enforcement, and emergency response providers regarding plans and security measures for the collective response to a chemical facility terrorist incident.

(R)

Maintaining appropriate records relating to the security of the facility, including a copy of the most recent security vulnerability assessment and site security plan, at the chemical facility.

(S)

Assessing and, as appropriate, utilizing methods to reduce the consequences of a terrorist attack.

(T)

Methods to recover or mitigate the release of a substance of concern in the event of a chemical facility terrorist incident.

(U)

Any additional security performance standards the Secretary may specify.

(3)

The term chemical facility terrorist incident means any act or attempted act of terrorism or terrorist activity committed at, near, or against a chemical facility, including—

(A)

the release of a substance of concern from a chemical facility;

(B)

the theft, misappropriation, or misuse of a substance of concern from a chemical facility; or

(C)

the sabotage of a chemical facility or a substance of concern at a chemical facility.

(4)

The term employee representative means the representative of the certified or recognized bargaining agent engaged in a collective bargaining relationship with a private or public owner or operator of a chemical facility.

(5)

The term covered individual means a permanent, temporary, full-time, or part-time employee of a covered chemical facility or an employee of an entity with which the covered chemical facility has entered into a contract who is performing responsibilities at the facility pursuant to the contract.

(6)

The term covered chemical facility means a chemical facility that meets the criteria of section 2102(b)(1).

(7)

The term environment means—

(A)

the navigable waters, the waters of the contiguous zone, and the ocean waters of which the natural resources are under the exclusive management authority of the United States under the Magnuson-Stevens Fishery Conservation and Management Act (16 U.S.C. 1801 et seq.); and

(B)

any other surface water, ground water, drinking water supply, land surface or subsurface strata, or ambient air within the United States or under the jurisdiction of the United States.

(8)

The term owner or operator with respect to a facility means any of the following:

(A)

The person who owns the facility.

(B)

The person who has responsibility for daily operation of the facility.

(C)

The person who leases the facility.

(9)

The term person means an individual, trust, firm, joint stock company, corporation (including a government corporation), partnership, association, State, municipality, commission, political subdivision of a State, or any interstate body and shall include each department, agency, and instrumentality of the United States.

(10)

The term release means any spilling, leaking, pumping, pouring, emitting, emptying, discharging, injecting, escaping, leaching, dumping, or disposing into the environment (including the abandonment or discarding of barrels, containers, and other closed receptacles containing any hazardous substance or pollutant or contaminant).

(11)

The term substance of concern means a chemical substance in quantity and form that is so designated by the Secretary under section 2102(a).

(12)

The term method to reduce the consequences of a terrorist attack means a measure used at a chemical facility that reduces or eliminates the potential consequences of a chemical facility terrorist incident, including—

(A)

the elimination or reduction in the amount of a substance of concern possessed or planned to be possessed by an owner or operator of a covered chemical facility through the use of alternate substances, formulations, or processes;

(B)

the modification of pressures, temperatures, or concentrations of a substance of concern; and

(C)

the reduction or elimination of onsite handling of a substance of concern through improvement of inventory control or chemical use efficiency.

(13)

The term academic laboratory means a facility or area owned by an institution of higher education (as defined under section 101 of the Higher Education Act of 1965 (20 U.S.C. 1001)) or a non-profit research institute or teaching hospital that has a formal affiliation with an institution of higher education, including photo laboratories, art studios, field laboratories, research farms, chemical stockrooms, and preparatory laboratories, where relatively small quantities of chemicals and other substances, as determined by the Secretary, are used on a non-production basis for teaching, research, or diagnostic purposes, and are stored and used in containers that are typically manipulated by one person.

2102.

Risk-based designation and ranking of chemical facilities

(a)

Substances of Concern

(1)

Designation by the secretary

The Secretary may designate any chemical substance as a substance of concern and establish the threshold quantity for each such substance of concern.

(2)

Matters for consideration

In designating a chemical substance or establishing or adjusting the threshold quantity for a chemical substance under paragraph (1), the Secretary shall consider the potential extent of death, injury, and serious adverse effects to human health, the environment, critical infrastructure, public health, homeland security, national security, and the national economy that could result from a chemical facility terrorist incident.

(b)

List of covered Chemical Facilities

(1)

Criteria for list of facilities

The Secretary shall maintain a list of covered chemical facilities that the Secretary determines are of sufficient security risk for inclusion on the list based on the following criteria:

(A)

The potential threat or likelihood that the chemical facility will be the target of a chemical facility terrorist incident.

(B)

The potential extent and likelihood of death, injury, or serious adverse effects to human health, the environment, critical infrastructure, public health, homeland security, national security, and the national economy that could result from a chemical facility terrorist incident.

(C)

The proximity of the chemical facility to large population centers.

(2)

Submission of information

The Secretary may require the submission of information with respect to the quantities of substances of concern that an owner or operator of a chemical facility possesses or plans to possess in order to determine whether to designate a chemical facility as a covered chemical facility for purposes of this title.

(c)

Assignment of Chemical Facilities to Risk-Based Tiers

(1)

Assignment

The Secretary shall assign each covered chemical facility to one of four risk-based tiers established by the Secretary, with tier one representing the highest degree of risk and tier four the lowest degree of risk.

(2)

Provision of information

The Secretary may request, and the owner or operator of a covered chemical facility shall provide, any additional information beyond any information required to be submitted under subsection (b)(2) that may be necessary for the Secretary to assign the chemical facility to the appropriate tier under paragraph (1).

(3)

Notification

Not later than 60 days after the date on which the Secretary determines that a chemical facility is a covered chemical facility or is no longer a covered chemical facility or changes the tier assignment under paragraph (1) of a covered chemical facility, the Secretary shall notify the owner or operator of that chemical facility of that determination or change together with the reason for the determination or change and, upon the request of the owner or operator of a covered chemical facility, provide to the owner or operator of the covered chemical facility the following information:

(A)

The number of individuals at risk of death, injury, or severe adverse effects to human health as a result of a worst case chemical facility terrorist incident at the covered chemical facility.

(B)

Information related to the criticality of the covered chemical facility.

(C)

The proximity or interrelationship of the covered chemical facility to other critical infrastructure.

(d)

Requirement for review

The Secretary—

(1)

shall periodically review—

(A)

the designation of a chemical substance as a substance of concern and the threshold quantity for the substance under subsection (a)(1); and

(B)

the criteria under subsection (b)(1); and

(2)

may, at any time, determine whether a chemical facility is a covered chemical facility or change the tier to which such a facility is assigned under subsection (c)(1).

(e)

Provision of threat-related information

In order to effectively assess the vulnerabilities to a covered chemical facility, the Secretary shall provide to the owner, operator, or security officer of a covered chemical facility threat information regarding probable threats to the facility and methods that could be used in a chemical facility terrorist incident.

2103.

Security vulnerability assessments and site security plans

(a)

In general

(1)

Requirement

The Secretary shall—

(A)

establish standards, protocols, and procedures for security vulnerability assessments and site security plans to be required for covered chemical facilities;

(B)

require the owner or operator of each covered chemical facility to—

(i)

conduct an assessment of the vulnerability of the covered chemical facility to a range of chemical facility terrorist incidents, including an incident that results in a worst-case release of a substance of concern, and submit such assessment to the Secretary;

(ii)

prepare and implement a site security plan for that covered chemical facility that addresses the security vulnerability assessment and meets the risk-based chemical security performance standards under subsection (c) and submit such plan to the Secretary;

(iii)

include at least one supervisory and at least one non-supervisory employee of the covered chemical facility, and at least one employee representative from each bargaining agent at the covered chemical facility, if any, in developing the security vulnerability assessment and site security plan required under this section; and

(iv)

include, with the submission of a security vulnerability assessment and the site security plan of the covered chemical facility under this section, a signed statement by the owner or operator of the covered chemical facility that certifies that the submission is provided to the Secretary with knowledge of the penalty provisions under section 2107;

(C)

set deadlines, by tier, for the completion of security vulnerability assessments and site security plans;

(D)

upon request, as necessary, and to the extent that resources permit, provide technical assistance to a covered chemical facility conducting a vulnerability assessment or site security plan required under this section;

(E)

establish specific deadlines and requirements for the submission by a covered chemical facility of information describing—

(i)

any change in the use by the covered chemical facility of more than a threshold amount of any substance of concern that may affect the requirements of the chemical facility under this title; or

(ii)

any material modification to a covered chemical facility’s operations or site that may affect the security vulnerability assessment or site security plan submitted by the covered chemical facility;

(F)

require the owner or operator of a covered chemical facility to review and resubmit a security vulnerability assessment or site security plan not less frequently than once every 5 years;

(G)

not later than 180 days after the date on which the Secretary receives a security vulnerability assessment or site security plan under this title, review and approve or disapprove such assessment or plan and notify the covered chemical facility of such approval or disapproval; and

(H)

establish, as appropriate, modified or separate standards, protocols, and procedures for security vulnerability assessments and site security plans for covered chemical facilities that are also academic laboratories.

(2)

Inherently governmental function

The approval or disapproval of a security vulnerability assessment or site security plan under this section is an inherently governmental function.

(b)

Participation in preparation of security vulnerability assessments or site security plans

Any person selected by the owner or operator of a covered chemical facility or by a certified or recognized bargaining agent of a covered chemical facility to participate in the development of the security vulnerability assessment or site security plan required under this section for such covered chemical facility shall be permitted to participate if the person possesses knowledge, experience, training, or education relevant to the portion of the security vulnerability assessment or site security plan on which the person is participating.

(c)

Risk-based chemical security performance standards

The Secretary shall establish risk-based chemical security performance standards for the site security plans required to be prepared by covered chemical facilities. In establishing such standards, the Secretary shall—

(1)

require separate and, as appropriate, increasingly stringent risk-based chemical security performance standards for site security plans as the level of risk associated with the tier increases; and

(2)

permit each covered chemical facility submitting a site security plan to select a combination of security measures that satisfy the risk-based chemical security performance standards established by the Secretary under this subsection.

(d)

Co-Located Chemical Facilities

The Secretary may allow an owner or operator of a covered chemical facility that is located geographically close, as determined by the Secretary, to another covered chemical facility to develop and implement coordinated security vulnerability assessments and site security plans.

(e)

Alternate security programs satisfying requirements for security vulnerability assessment and site security plan

(1)

Acceptance of program

In response to a request by an owner or operator of a covered chemical facility, the Secretary may accept an alternate security program submitted by the owner or operator of the facility as a component of the security vulnerability assessment or site security plan required under this section, if the Secretary determines that such alternate security program, in combination with other components of the security vulnerability assessment and site security plan submitted by the owner or operator of the facility—

(A)

meets the requirements of this title and the regulations promulgated pursuant to this title;

(B)

provides an equivalent level of security to the level of security established pursuant to the regulations promulgated pursuant to this title; and

(C)

includes employee participation as required under subsection (a)(1)(B)(iii).

(2)

Secretarial review required

Nothing in this subsection shall relieve the Secretary of the obligation—

(A)

to review a security vulnerability assessment and site security plan submitted by a covered chemical facility under this section; and

(B)

to approve or disapprove each such assessment or plan on an individual basis according to the deadlines established under subsection (a).

(3)

Covered facility’s obligations unaffected

Nothing in this subsection shall relieve any covered chemical facility of the obligation and responsibility to comply with all of the requirements of this title.

(4)

Personnel surety alternate security program

In response to an application from a non-profit, personnel surety accrediting organization acting on behalf of, and with written authorization from, the owner or operator of a covered chemical facility, the Secretary may accept a personnel surety alternate security program that meets the requirements of section 2115 and provides for a background check process that is—

(A)

expedited, affordable, reliable, and accurate;

(B)

fully protective of the rights of covered individuals through procedures that are consistent with the privacy protections available under the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.); and

(C)

a single background check consistent with a risk-based tiered program.

(f)

Other Authorities

(1)

Regulation of maritime facilities

(A)

Risk-Based Tiering

Notwithstanding any other provision of law, the owner or operator of a chemical facility required to submit a facility security plan under section 70103(c) of title 46, United States Code, shall be required to submit information to the Secretary necessary to determine whether to designate such a facility as a covered chemical facility and to assign the facility to a risk-based tier under section 2102 of this title.

(B)

Additional Measures

In the case of a facility designated as a covered chemical facility under this title for which a facility security plan is required to be submitted under section 70103(c) of title 46, United States Code, the Commandant of the Coast Guard, after consultation with the Secretary, shall require the owner or operator of such facility to update the vulnerability assessments and facility security plans required under that section, if necessary, to ensure an equivalent level of security for substances of concern, including the requirements under section 2111, in the same manner as other covered chemical facilities in this title.

(C)

Personnel surety

(i)

Exception

A facility designated as a covered chemical facility under this title that has had its facility security plan approved under section 70103(c) of title 46, United States Code, shall not be required to update or amend such plan in order to meet the requirements of section 2115 of this title.

(ii)

Equivalent access

An individual described in section 2115(a)(1)(B) who has been granted access to restricted areas or critical assets by the owner or operator of a facility for which a security plan is required to be submitted under section 70103(c) of title 46, United States Code, may be considered by that owner or operator to have satisfied the requirement for passing a security background check otherwise required under section 2115 for purposes of granting the individual access to restricted areas or critical assets of a covered chemical facility that is owned or operated by the same owner or operator.

(D)

Information Sharing and Protection

Notwithstanding section 70103(d) of title 46, United States Code, the Commandant of the Coast Guard, after consultation with the Secretary, shall apply the information sharing and protection requirements in section 2110 of this title to a facility described in subparagraph (B).

(E)

Enforcement

The Secretary shall establish, by rulemaking, procedures to ensure that an owner or operator of a covered chemical facility required to update the vulnerability assessment and facility security plan for the facility under subparagraph (B) is in compliance with the requirements of this title.

(F)

Formal agreement

The Secretary shall—

(i)

require the Office of Infrastructure Protection and the Coast Guard to enter into a formal agreement detailing their respective roles and responsibilities in carrying out the requirements of this title, which shall ensure that the enforcement and compliance requirements under this title and section 70103 of title 46, United States Code, are not conflicting or duplicative; and

(ii)

designate the agency responsible for enforcing the requirements of this title with respect to covered chemical facilities for which facility security plans are required to be submitted under section 70103(c) of title 46, United States Code, consistent with the requirements of subparagraphs (B) and (D).

(2)

Coordination of storage licensing or permitting requirement

In the case of any storage required to be licensed or permitted under chapter 40 of title 18, United States Code, the Secretary shall prescribe the rules and regulations for the implementation of this section with the concurrence of the Attorney General and avoid unnecessary duplication of regulatory requirements.

(g)

Role of employees

(1)

Description of role required

Site security plans required under this section shall describe the roles or responsibilities that covered individuals are expected to perform to deter or respond to a chemical facility terrorist incident.

(2)

Annual training for employees

The owner or operator of a covered chemical facility required to submit a site security plan under this section shall annually provide each covered individual with a role or responsibility referred to in paragraph (1) at the facility with a minimum of 8 hours of training. Such training shall, as relevant to the role or responsibility of such covered individual—

(A)

include an identification and discussion of substances of concern;

(B)

include a discussion of possible consequences of a chemical facility terrorist incident;

(C)

review and exercise the covered chemical facility’s site security plan, including any requirements for differing threat levels;

(D)

include a review of information protection requirements;

(E)

include a discussion of physical and cyber security equipment, systems, and methods used to achieve chemical security performance standards;

(F)

allow training with other relevant participants, including Federal, State, local, and tribal authorities, and first responders, where appropriate;

(G)

use existing national voluntary consensus standards, chosen jointly with employee representatives, if any;

(H)

allow instruction through government training programs, chemical facilities, academic institutions, nonprofit organizations, industry and private organizations, employee organizations, and other relevant entities that provide such training;

(I)

use multiple training media and methods; and

(J)

include a discussion of appropriate emergency response procedures, including procedures to mitigate the effects of a chemical facility terrorist incident.

(3)

Equivalent training

During any year, with respect to any covered individual with roles or responsibilities under paragraph (1), an owner or operator of a covered chemical facility may satisfy any of the training requirements for such covered individual under subparagraph (A), (B), (C), (D), (E), or (J) of paragraph (2) through training that such owner or operator certifies, in a manner prescribed by the Secretary, is equivalent.

(4)

Worker training grant program

(A)

Authority

The Secretary shall establish a grant program to award grants to or enter into cooperative agreements with eligible entities to provide for the training and education of covered individuals with roles or responsibilities described in paragraph (1) and first responders and emergency response providers who would respond to a chemical facility terrorist incident.

(B)

Administration

The Secretary shall seek to enter into an agreement with the Director of the National Institute for Environmental Health Sciences, or with the head of another Federal or State agency, to make and administer grants or cooperative agreements under this paragraph.

(C)

Use of funds

The recipient of funds under this paragraph shall use such funds to provide for the training and education of covered individuals with roles or responsibilities described in paragraph (1), first responders, and emergency response providers, including—

(i)

the annual mandatory training specified in paragraph (2); and

(ii)

other appropriate training to protect nearby persons, property, critical infrastructure, or the environment from the effects of a chemical facility terrorist incident.

(D)

Eligible entities

For purposes of this paragraph, an eligible entity is a nonprofit organization with demonstrated experience in implementing and operating successful worker or first responder health and safety or security training programs.

(E)

Presumption of Congress relating to competitive procedures

(i)

Presumption

It is the presumption of Congress that grants awarded under this paragraph will be awarded using competitive procedures based on merit.

(ii)

Report to Congress

If grants are awarded under this paragraph using procedures other than competitive procedures, the Secretary shall submit to Congress a report explaining why competitive procedures were not used.

(F)

Prohibition on earmarks

None of the funds appropriated to carry out this paragraph may be used for a congressional earmark as defined in clause 9d, of Rule XXI of the rules of the House of Representatives of the 111th Congress.

(h)

State, Regional, or Local governmental entities

No covered chemical facility shall be required under State, local, or tribal law to provide a vulnerability assessment or site security plan described under this title to any State, regional, local, or tribal government entity solely by reason of the requirement under subsection (a) that the covered chemical facility submit such an assessment and plan to the Secretary.

2104.

Site inspections

(a)

Right of Entry

For purposes of carrying out this title, the Secretary shall have, at a reasonable time and on presentation of credentials, a right of entry to, on, or through any property of a covered chemical facility or any property on which any record required to be maintained under this section is located.

(b)

Inspections and Verifications

(1)

In general

The Secretary shall, at such time and place as the Secretary determines to be reasonable and appropriate, conduct chemical facility security inspections and verifications.

(2)

Requirements

To ensure and evaluate compliance with this title, including any regulations or requirements adopted by the Secretary in furtherance of the purposes of this title, in conducting an inspection or verification under paragraph (1), the Secretary shall have access to the owners, operators, employees, and employee representatives, if any, of a covered chemical facility.

(c)

Unannounced inspections

In addition to any inspection conducted pursuant to subsection (b), the Secretary shall require covered chemical facilities assigned to tier 1 and tier 2 under section 2102(c)(1) to undergo unannounced facility inspections. The inspections required under this subsection shall be—

(1)

conducted without prior notice to the facility;

(2)

designed to evaluate at the chemical facility undergoing inspection—

(A)

the ability of the chemical facility to prevent a chemical facility terrorist incident that the site security plan of the facility is intended to prevent;

(B)

the ability of the chemical facility to protect against security threats that are required to be addressed by the site security plan of the facility; and

(C)

any weaknesses in the site security plan of the chemical facility;

(3)

conducted so as not to affect the actual security, physical integrity, safety, or regular operations of the chemical facility or its employees while the inspection is conducted; and

(4)

conducted—

(A)

every two years in the case of a covered chemical facility assigned to tier 1; and

(B)

every four years in the case of a covered chemical facility assigned to tier 2.

(d)

Chemical facility inspectors authorized

During fiscal years 2011 and 2012, subject to the availability of appropriations for such purpose, the Secretary shall increase by not fewer than 100 the total number of chemical facility inspectors within the Department to ensure compliance with this title.

(e)

Confidential communications

The Secretary shall offer non-supervisory employees the opportunity to confidentially communicate information relevant to the employer’s compliance or non-compliance with this title, including compliance or non-compliance with any regulation or requirement adopted by the Secretary in furtherance of the purposes of this title. An employee representative of each certified or recognized bargaining agent at the covered chemical facility, if any, or, if none, a non-supervisory employee, shall be given the opportunity to accompany the Secretary during a physical inspection of such covered chemical facility for the purpose of aiding in such inspection, if representatives of the owner or operator of the covered chemical facility will also be accompanying the Secretary on such inspection.

2105.

Records

(a)

Request for records

In carrying out this title, the Secretary may require submission of, or on presentation of credentials may at reasonable times obtain access to and copy, any records, including any records maintained in electronic format, necessary for—

(1)

reviewing or analyzing a security vulnerability assessment or site security plan submitted under section 2103; or

(2)

assessing the implementation of such a site security plan.

(b)

Proper handling of records

In accessing or copying any records under subsection (a), the Secretary shall ensure that such records are handled and secured appropriately in accordance with section 2110.

2106.

Timely sharing of threat information

(a)

Responsibilities of Secretary

Upon the receipt of information concerning a threat that is relevant to a certain covered chemical facility, the Secretary shall provide such information in a timely manner, to the maximum extent practicable under applicable authority and in the interests of national security, to the owner, operator, or security officer of that covered chemical facility, to a representative of each recognized or certified bargaining agent at the facility, if any, and to relevant State, local, and tribal authorities, including the State Homeland Security Advisor, if any.

(b)

Responsibilities of owner or operator

The Secretary shall require the owner or operator of a covered chemical facility to provide to the Secretary in a timely manner, information concerning a threat about any significant security incident or threat to the covered chemical facility or any intentional or unauthorized penetration of the physical security or cyber security of the covered chemical facility whether successful or unsuccessful.

2107.

Enforcement

(a)

Review of security vulnerability assessment and site security plan

(1)

Disapproval

The Secretary shall disapprove a security vulnerability assessment or site security plan submitted under this title if the Secretary determines, in his or her discretion, that—

(A)

the security vulnerability assessment or site security plan does not comply with the standards, protocols, or procedures under section 2103(a)(1)(A); or

(B)

in the case of a site security plan—

(i)

the plan or the implementation of the plan is insufficient to address vulnerabilities identified in a security vulnerability assessment, site inspection, or unannounced inspection of the covered chemical facility; or

(ii)

the plan fails to meet all applicable chemical facility security performance standards.

(2)

Notification of disapproval

If the Secretary disapproves the security vulnerability assessment or site security plan submitted by a covered chemical facility under this title or the implementation of a site security plan by such a chemical facility, the Secretary shall provide the owner or operator of the covered chemical facility a written notification of the disapproval not later than 14 days after the date on which the Secretary disapproves such assessment or plan, that—

(A)

includes a clear explanation of deficiencies in the assessment, plan, or implementation of the plan; and

(B)

requires the owner or operator of the covered chemical facility to revise the assessment or plan to address any deficiencies and, by such date as the Secretary determines is appropriate, to submit to the Secretary the revised assessment or plan.

(b)

Remedies

(1)

Order for compliance

Whenever the Secretary determines that the owner or operator of a covered chemical facility has violated or is in violation of any requirement of this title or has failed or is failing to address any deficiencies in the assessment, plan, or implementation of the plan by such date as the Secretary determines to be appropriate, the Secretary may—

(A)

after providing notice to the owner or operator of the covered chemical facility and an opportunity, pursuant to the regulations issued under this title, for such owner or operator to seek departmental review of the Secretary’s determination, issue an order assessing an administrative penalty of not more than $25,000 for each day on which a past or current violation occurs or a failure to comply continues, requiring compliance immediately or within a specified time period, or both; or

(B)

in a civil action, obtain appropriate equitable relief, a civil penalty of not more than $25,000 for each day on which a past or current violation occurs or a failure to comply continues, or both.

(2)

Order to cease operations

Whenever the Secretary determines that the owner or operator of a covered chemical facility continues to be in noncompliance after an order for compliance is issued under paragraph (1), the Secretary may issue an order to the owner or operator to cease operations at the facility until compliance is achieved to the satisfaction of the Secretary.

(c)

Applicability of penalties

A penalty under subsection (b)(1) may be awarded for any violation of this title, including a violation of the whistleblower protections under section 2108.

2108.

Whistleblower protections

(a)

Establishment

The Secretary shall establish and provide information to the public regarding a process by which any person may submit a report to the Secretary regarding problems, deficiencies, or vulnerabilities at a covered chemical facility associated with the risk of a chemical facility terrorist incident.

(b)

Confidentiality

The Secretary shall keep confidential the identity of a person who submits a report under subsection (a), and any such report shall be treated as protected information under section 2110 to the extent that it does not consist of publicly available information.

(c)

Acknowledgment of receipt

If a report submitted under subsection (a) identifies the person submitting the report, the Secretary shall respond promptly to such person to acknowledge receipt of the report.

(d)

Steps to address problems

The Secretary shall review and consider the information provided in any report submitted under subsection (a) and shall, as necessary, take appropriate steps under this title to address any problem, deficiency, or vulnerability identified in the report.

(e)

Retaliation prohibited

(1)

Prohibition

No owner or operator of a covered chemical facility, for-profit or not-for-profit corporation, association, or any contractor, subcontractor or agent thereof, may discharge any employee or otherwise discriminate against any employee with respect to the employee’s compensation, terms, conditions, or other privileges of employment because the employee (or any person acting pursuant to a request of the employee)—

(A)

notified the Secretary, the owner or operator of a covered chemical facility, or the employee’s employer of an alleged violation of this title, including notification of such an alleged violation through communications related to carrying out the employee’s job duties;

(B)

refused to participate in any conduct that the employee reasonably believes is in noncompliance with a requirement of this title, if the employee has identified the alleged noncompliance to the employer;

(C)

testified before or otherwise provided information relevant for Congress or for any Federal or State proceeding regarding any provision (or proposed provision) of this title;

(D)

commenced, caused to be commenced, or is about to commence or cause to be commenced a proceeding under this title;

(E)

testified or is about to testify in any such proceeding; or

(F)

assisted or participated or is about to assist or participate in any manner in such a proceeding or in any other manner in such a proceeding or in any other action to carry out the purposes of this title.

(2)

Enforcement action

Any employee covered by this section who alleges discrimination by an employer in violation of paragraph (1) may bring an action governed by the rules and procedures, legal burdens of proof, and remedies applicable under subsections (d) through (h) of section 20109 of title 49, United States Code. A party may seek district court review as set forth in subsection (d)(3) of such section not later than 90 days after receiving a written final determination by the Secretary of Labor.

(3)

Prohibited personnel practices affecting the Department

(A)

In general

Notwithstanding any other provision of law, any individual holding or applying for a position within the Department shall be covered by—

(i)

paragraphs (1), (8), and (9) of section 2302(b) of title 5, United States Code;

(ii)

any provision of law implementing any of such paragraphs by providing any right or remedy available to an employee or applicant for employment in the civil service; and

(iii)

any rule or regulation prescribed under any such paragraph.

(B)

Rule of construction

Nothing in this paragraph shall be construed to affect any rights, apart from those referred to in subparagraph (A), to which an individual described in that subparagraph might otherwise be entitled to under law.

2109.

Federal preemption

This title does not preclude or deny any right of any State or political subdivision thereof to adopt or enforce any regulation, requirement, or standard of performance with respect to a covered chemical facility that is more stringent than a regulation, requirement, or standard of performance issued under this title, or otherwise impair any right or jurisdiction of any State or political subdivision thereof with respect to covered chemical facilities within that State or political subdivision thereof.

2110.

Protection of information

(a)

Prohibition of Public Disclosure of Protected Information

Protected information, as described in subsection (g)—

(1)

shall be exempt from disclosure under section 552 of title 5, United States Code; and

(2)

shall not be made available pursuant to any State, local, or tribal law requiring disclosure of information or records.

(b)

Information sharing

(1)

In general

The Secretary shall prescribe such regulations, and may issue such orders, as necessary to prohibit the unauthorized disclosure of protected information, as described in subsection (g).

(2)

Sharing of protected information

The regulations under paragraph (1) shall provide standards for and facilitate the appropriate sharing of protected information with and between Federal, State, local, and tribal authorities, emergency response providers, law enforcement officials, designated supervisory and nonsupervisory covered chemical facility personnel with security, operational, or fiduciary responsibility for the facility, and designated facility employee representatives, if any. Such standards shall include procedures for the sharing of all portions of a covered chemical facility’s vulnerability assessment and site security plan relating to the roles and responsibilities of covered individuals under section 2103(g)(1) with a representative of each certified or recognized bargaining agent representing such covered individuals, if any, or, if none, with at least one supervisory and at least one non-supervisory employee with roles or responsibilities under section 2103(g)(1).

(3)

Penalties

Protected information, as described in subsection (g), shall not be shared except in accordance with the regulations under paragraph (1). Whoever discloses protected information in knowing violation of the regulations and orders issued under paragraph (1) shall be fined under title 18, United States Code, imprisoned for not more than one year, or both, and, in the case of a Federal officeholder or employee, shall be removed from Federal office or employment.

(c)

Treatment of information in adjudicative proceedings

In any judicial or administrative proceeding, protected information described in subsection (g) shall be treated in a manner consistent with the treatment of sensitive security information under section 525 of the Department of Homeland Security Appropriations Act, 2007 (Public Law 109–295; 120 Stat. 1381).

(d)

Other obligations unaffected

Except as provided in section 2103(h), nothing in this section affects any obligation of the owner or operator of a chemical facility under any other law to submit or make available information required by such other law to facility employees, employee organizations, or a Federal, State, tribal, or local government.

(e)

Submission of information to Congress

Nothing in this title shall permit or authorize the withholding of information from Congress or any committee or subcommittee thereof.

(f)

Disclosure of Independently Furnished Information

Nothing in this title shall affect any authority or obligation of a Federal, State, local, or tribal government agency to protect or disclose any record or information that the Federal, State, local, or tribal government agency obtains from a chemical facility under any other law.

(g)

Protected Information

(1)

In general

For purposes of this title, the term protected information means any of the following:

(A)

Security vulnerability assessments and site security plans, including any assessment required under section 2111.

(B)

Portions of the following documents, records, orders, notices, or letters that the Secretary has determined by regulation would be detrimental to chemical facility security if disclosed and that are developed by the Secretary or the owner or operator of a covered chemical facility for the purposes of this title:

(i)

Documents directly related to the Secretary’s review and approval or disapproval of vulnerability assessments and site security plans under this title.

(ii)

Documents directly related to inspections and audits under this title.

(iii)

Orders, notices, or letters regarding the compliance of a covered chemical facility with the requirements of this title.

(iv)

Information, documents, or records required to be provided to or created by the Secretary under subsection (b) or (c) of section 2102.

(v)

Documents directly related to security drills and training exercises, security threats and breaches of security, and maintenance, calibration, and testing of security equipment.

(C)

Other information, documents, or records developed exclusively for the purposes of this title that the Secretary has determined by regulation would, if disclosed, be detrimental to chemical facility security.

(2)

Exclusions

Notwithstanding paragraph (1), the term ‘protected information’ does not include—

(A)

information, other than a security vulnerability assessment or site security plan, that the Secretary has determined by regulation to be—

(i)

appropriate to describe facility compliance with the requirements of this title and the Secretary’s implementation of such requirements; and

(ii)

not detrimental to chemical facility security if disclosed; or

(B)

information, whether or not also contained in a security vulnerability assessment, site security plan, or in a document, record, order, notice, or letter, or portion thereof, described in subparagraph (B) or (C) of paragraph (1), that is obtained from another source with respect to which the Secretary has not made a determination under either such subparagraph, including—

(i)

information that is required to be made publicly available under any other provision of law; and

(ii)

information that a chemical facility has lawfully disclosed other than in a submission to the Secretary pursuant to a requirement of this title.

2111.

Methods to reduce the consequences of a terrorist attack

(a)

Assessment required

(1)

Assessment

The owner or operator of a covered chemical facility shall include in the site security plan conducted pursuant to section 2103, an assessment of methods to reduce the consequences of a terrorist attack on that chemical facility, including—

(A)

a description of the methods to reduce the consequences of a terrorist attack implemented and considered for implementation by the covered chemical facility;

(B)

the degree to which each method to reduce the consequences of a terrorist attack, if already implemented, has reduced, or, if implemented, could reduce, the potential extent of death, injury, or serious adverse effects to human health resulting from a release of a substance of concern;

(C)

the technical feasibility, costs, avoided costs (including liabilities), personnel implications, savings, and applicability of implementing each method to reduce the consequences of a terrorist attack; and

(D)

any other information that the owner or operator of the covered chemical facility considered in conducting the assessment.

(2)

Feasible

For the purposes of this section, the term feasible means feasible with the use of best technology, techniques, and other means that the Secretary finds, after examination for efficacy under field conditions and not solely under laboratory conditions, are available for use at the covered chemical facility.

(b)

Implementation

(1)

Implementation

(A)

In general

The owner or operator of a covered chemical facility that is assigned to tier 1 or tier 2 because of the potential extent and likelihood of death, injury, and serious adverse effects to human health, the environment, critical infrastructure, public health, homeland security, national security, and the national economy from a release of a substance of concern at the covered chemical facility, shall implement methods to reduce the consequences of a terrorist attack on the chemical facility if the Director of the Office of Chemical Facility Security determines, in his or her discretion, using the assessment conducted pursuant to subsection (a), that the implementation of such methods at the facility—

(i)

would significantly reduce the risk of death, injury, or serious adverse effects to human health resulting from a chemical facility terrorist incident but—

(I)

would not increase the interim storage of a substance of concern outside the facility;

(II)

would not directly result in the creation of a new covered chemical facility assigned to tier 1 or tier 2 because of the potential extent and likelihood of death, injury, and serious adverse effects to human health, the environment, critical infrastructure, public health, homeland security, national security, and the national economy from a release of a substance of concern at the covered chemical facility;

(III)

would not result in the reassignment of an existing covered chemical facility from tier 3 or tier 4 to tier 1 or tier 2 because of the potential extent and likelihood of death, injury, and serious adverse effects to human health, the environment, critical infrastructure, public health, homeland security, national security, and the national economy from a release of a substance of concern at the covered chemical facility; and

(IV)

would not significantly increase the potential extent and likelihood of death, injury, and serious adverse effects to human health, the environment, critical infrastructure, public health, homeland security, national security, and the national economy from a release of a substance of concern due to a terrorist attack on the transportation infrastructure of the United States;

(ii)

can feasibly be incorporated into the operation of the covered chemical facility; and

(iii)

would not significantly and demonstrably impair the ability of the owner or operator of the covered chemical facility to continue the business of the facility at its location.

(B)

Written determination

A determination by the Director of the Office of Chemical Facility Security pursuant to subparagraph (A) shall be made in writing and include the basis and reasons for such determination, including the Director’s analysis of the covered chemical facility’s assessment of the technical feasibility, costs, avoided costs (including liabilities), personnel implications, savings, and applicability of implementing each method to reduce the consequences of a terrorist attack.

(C)

Maritime facilities

With respect to a covered chemical facility for which a security plan is required under section 70103(c) of title 46, United States Code, a written determination pursuant to subparagraph (A) shall be made only after consultation with the Captain of the Port for the area in which the covered chemical facility is located.

(2)

Review of inability to comply

(A)

In general

An owner or operator of a covered chemical facility who is unable to comply with the Director’s determination under paragraph (1) shall, within 120 days of receipt of the Director’s determination, provide to the Secretary a written explanation that includes the reasons therefor. Such written explanation shall specify whether the owner or operator’s inability to comply arises under clause (ii) or (iii) of paragraph (1)(A), or both.

(B)

Review

Not later than 120 days after receipt of an explanation submitted under subparagraph (A), the Secretary, after consulting with the owner or operator of the covered chemical facility who submitted such explanation, as well as experts in the subjects of environmental health and safety, security, chemistry, design and engineering, process controls and implementation, maintenance, production and operations, chemical process safety, and occupational health, as appropriate, shall provide to the owner or operator a written determination, in his or her discretion, of whether implementation shall be required pursuant to paragraph (1). If the Secretary determines that implementation is required, the Secretary shall issue an order that establishes the basis for such determination, including the findings of the relevant experts, the specific methods selected for implementation, and a schedule for implementation of the methods at the facility.

(c)

Agricultural Sector

(1)

Guidance for farm supplies merchant wholesalers

The Secretary shall provide guidance and, as appropriate, tools, methodologies or computer software, to assist farm supplies merchant wholesalers in complying with the requirements of this section.  The Secretary may award grants to farm supplies merchant wholesalers to assist with compliance with subsection (a), and in awarding such grants, shall give priority to farm supplies merchant wholesalers that have the greatest need for such grants.

(2)

Assessment of agricultural impacts

Not later than 6 months after the date of the enactment of this title, the Secretary shall transmit an assessment of the potential impacts of compliance with provisions of this section regarding the assessment and, as appropriate, implementation, of methods to reduce the consequences of a terrorist attack on the agricultural sector to the Committee on Energy and Commerce of the House of Representatives, the Committee on Homeland Security of the House of Representatives, the Committee on Homeland Security and Governmental Affairs of the Senate, the Committee on Agriculture of the House of Representatives, and the Committee on Agriculture, Nutrition and Forestry of the Senate.  Such assessment shall be conducted by the Secretary in consultation with other appropriate Federal agencies and shall include the following:

(A)

Data on the scope of agricultural facilities covered by this title, including the number and type of manufacturers, retailers, aerial commercial applicators and distributors of pesticide and fertilizer required to assess methods to reduce the consequences of a terrorist attack under subsection (a) and the number and type of manufacturers, retailers, aerial commercial applicators and distributors of pesticide and fertilizer assigned to tier 1 or tier 2 by the Secretary  because of the potential extent and likelihood of death, injury, and serious adverse effects to human health, the environment, critical infrastructure, public health, homeland security, national security, and the national economy from the release of a substance of concern at the facility.

(B)

A survey of known methods, processes or practices, other than elimination of or cessation of manufacture of the pesticide or fertilizer, that manufacturers, retailers, aerial commercial applicators, and distributors of pesticide and fertilizer could use to reduce the consequences of a terrorist attack, including an assessment of the costs and technical feasibility of each such method, process, or practice.

(C)

An analysis of how the assessment of methods to reduce the consequences of a terrorist attack under subsection (a) by manufacturers, retailers, aerial commercial applicators, and distributors of pesticide and fertilizer, and, as appropriate, the implementation of methods to reduce the consequences of a terrorist attack by such manufacturers, retailers, aerial commercial applicators, and distributors of pesticide and fertilizer subject to subsection (b), are likely to impact agricultural endusers.

(D)

Recommendations for how to mitigate any adverse impacts identified pursuant to subparagraph (C).

(3)

Definitions

In this subsection:

(A)

Farm supplies merchant wholesaler

The term farm supplies merchant wholesaler means a covered chemical facility that is primarily engaged in the merchant wholesale distribution of farm supplies, such as animal feeds, fertilizers, agricultural chemicals, pesticides, plant seeds, and plant bulbs.

(B)

Agricultural end-users

The term agricultural end-users means facilities such as—

(i)

farms, including crop, fruit, nut, and vegetable farms;

(ii)

ranches and rangeland;

(iii)

poultry, dairy, and equine facilities;

(iv)

turfgrass growers;

(v)

golf courses;

(vi)

nurseries;

(vii)

floricultural operations; and

(viii)

public and private parks.

(d)

Small covered chemical facilities

(1)

Guidance for small covered chemical facilities

The Secretary may provide guidance and, as appropriate, tools, methodologies, or computer software, to assist small covered chemical facilities in complying with the requirements of this section.

(2)

Assessment of Impacts on Small Covered Chemical Facilities.—Not later than 6 months after the date of the enactment of this title, the Secretary shall transmit to the Committee on Energy and Commerce of the House of Representatives, the Committee on Homeland Security of the House of Representatives, and the Committee on Homeland Security and Governmental Affairs of the Senate an assessment of the potential effects on small covered chemical facilities of compliance with provisions of this section regarding the assessment and, as appropriate, implementation, of methods to reduce the consequences of a terrorist attack. Such assessment shall include—

(A)

data on the scope of facilities covered by this title, including the number and type of small covered chemical facilities that are required to assess methods to reduce the consequences of a terrorist attack under subsection (a) and the number and type of small covered chemical facilities assigned to tier 1 or tier 2 under section 2102(c)(1) by the Secretary because of the potential extent and likelihood of death, injury, and serious adverse effects to human health, the environment, critical infrastructure, public health, homeland security, national security, and the national economy from the release of a substance of concern at the facility; and

(B)

a discussion of how the Secretary plans to apply the requirement that before requiring a small covered chemical facility that is required to implement methods to reduce the consequences of a terrorist attack under subsection (b) the Secretary shall first determine that the implementation of such methods at the small covered chemical facility not significantly and demonstrably impair the ability of the owner or operator of the covered chemical facility to continue the business of the facility at its location.

(3)

Definition

For purposes of this subsection, the term small covered chemical facility means a covered chemical facility that has fewer than 350 employees employed at the covered chemical facility, and is not a branch or subsidiary of another entity.

(e)

Provision of Information on Alternative Approaches

(1)

In General

The Secretary shall make available information on the use and availability of methods to reduce the consequences of a chemical facility terrorist incident.

(2)

Information to be included

The information under paragraph (1) may include information about—

(A)

general and specific types of such methods;

(B)

combinations of chemical sources, substances of concern, and hazardous processes or conditions for which such methods could be appropriate;

(C)

the availability of specific methods to reduce the consequences of a terrorist attack;

(D)

the costs and cost savings resulting from the use of such methods;

(E)

emerging technologies that could be transferred from research models or prototypes to practical applications;

(F)

the availability of technical assistance and best practices; and

(G)

such other matters that the Secretary determines are appropriate.

(3)

Public availability

Information made available under this subsection shall not identify any specific chemical facility, violate the protection of information provisions under section 2110, or disclose any proprietary information.

(f)

Funding for methods To reduce the consequences of a terrorist attack

The Secretary may make funds available to help defray the cost of implementing methods to reduce the consequences of a terrorist attack to covered chemical facilities that are required by the Secretary to implement such methods.

2112.

Applicability

This title shall not apply to—

(1)

any chemical facility that is owned and operated by the Secretary of Defense;

(2)

the transportation in commerce, including incidental storage, of any substance of concern regulated as a hazardous material under chapter 51 of title 49, United States Code;

(3)

all or a specified portion of any chemical facility that—

(A)

is subject to regulation by the Nuclear Regulatory Commission (hereinafter in this paragraph referred to as the Commission) or a State that has entered into an agreement with the Commission under section 274 b. of the Atomic Energy Act of 1954 (42 U.S.C. 2021 b.);

(B)

has had security controls imposed by the Commission or State, whichever has the regulatory authority, on the entire facility or the specified portion of the facility; and

(C)

has been designated by the Commission, after consultation with the State, if any, that regulates the facility, and the Secretary, as excluded from the application of this title;

(4)

any public water system subject to the Safe Drinking Water Act (42 U.S.C. 300f et seq.); or

(5)

any treatment works, as defined in section 212 of the Federal Water Pollution Control Act (33 U.S.C. 1292).

2113.

Savings clause

(a)

In general

Nothing in this title shall affect or modify in any way any obligation or liability of any person under any other Federal law, including section 112 of the Clean Air Act (42 U.S.C. 7412), the Federal Water Pollution Control Act (33 U.S.C. 1251 et seq.), the Resource Conservation and Recovery Act of 1976 (42 U.S.C. 6901 et seq.), the National Environmental Policy Act of 1969 (42 U.S.C. 4321 et seq.), the Occupational Safety and Health Act (29 U.S.C. 651 et seq.), the National Labor Relations Act (29 U.S.C. 151 et seq.), the Emergency Planning and Community Right to Know Act of 1986 (42 U.S.C. 11001 et seq.), the Safe Drinking Water Act (42 U.S.C. 300f et seq.), the Maritime Transportation Security Act of 2002 (Public Law 107–295), the Comprehensive Environmental Response, Compensation, and Liability Act of 1980 (42 U.S.C. 9601 et seq.), the Toxic Substances Control Act (15 U.S.C. 2601 et seq.), and the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.).

(b)

Other requirements

Nothing in this title shall preclude or deny the right of any State or political subdivision thereof to adopt or enforce any regulation, requirement, or standard of performance relating to environmental protection, health, or safety.

(c)

Access

Nothing in this title shall abridge or deny access to a chemical facility site to any person where required or permitted under any other law or regulation.

2114.

Office of Chemical Facility Security

(a)

In general

There is established in the Department an Office of Chemical Facility Security, headed by a Director, who shall be a member of the Senior Executive Service in accordance with subchapter VI of chapter 53 of title 5, United States Code, under section 5382 of that title, and who shall be responsible for carrying out the responsibilities of the Secretary under this title.

(b)

Professional qualifications

The individual selected by the Secretary as the Director of the Office of Chemical Facility Security shall have professional qualifications and experience necessary for effectively directing the Office of Chemical Facility Security and carrying out the requirements of this title, including a demonstrated knowledge of physical infrastructure protection, cybersecurity, chemical facility security, hazard analysis, chemical process engineering, chemical process safety reviews, or other such qualifications that the Secretary determines to be necessary.

(c)

Selection process

The Secretary shall make a reasonable effort to select an individual to serve as the Director from among a group of candidates that is diverse with respect to race, ethnicity, age, gender, and disability characteristics and submit to the Committee on Homeland Security and the Committee on Energy and Commerce of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate information on the selection process, including details on efforts to assure diversity among the candidates considered for this position.

(d)

Outreach support

(1)

Point of contact

The Secretary shall designate a point of contact for the Administrator of the Environmental Protection Agency, and the head of any other agency designated by the Secretary, with respect to the requirements of this title.

(2)

Outreach

The Secretary shall, as appropriate, and in accordance with this title, inform State emergency response commissions appointed pursuant to section 301(a) of the Emergency Planning and Community Right-To-Know Act of 1986 (42 U.S.C. 11001) and local emergency planning committees appointed pursuant to section 301(c) of such Act, and any other entity designated by the Secretary, of the findings of the Office of Chemical Facility Security so that such commissions and committees may update emergency planning and training procedures.

2115.

Security background checks of covered individuals at certain chemical facilities

(a)

Regulations issued by the Secretary

(1)

In general

(A)

Requirement

The Secretary shall issue regulations to require covered chemical facilities to establish personnel surety for individuals described in subparagraph (B) by conducting appropriate security background checks and ensuring appropriate credentials for unescorted visitors and chemical facility personnel, including permanent and part-time personnel, temporary personnel, and contract personnel, including—

(i)

measures designed to verify and validate identity;

(ii)

measures designed to check criminal history;

(iii)

measures designed to verify and validate legal authorization to work; and

(iv)

measures designed to identify people with terrorist ties.

(B)

Individuals described

For purposes of subparagraph (A), an individual described in this subparagraph is—

(i)

a covered individual who has unescorted access to restricted areas or critical assets or who is provided with a copy of a security vulnerability assessment or site security plan;

(ii)

a person associated with a covered chemical facility, including any designated employee representative, who is provided with a copy of a security vulnerability assessment or site security plan; or

(iii)

a person who is determined by the Secretary to require a security background check based on chemical facility security performance standards.

(2)

Regulations

The regulations required by paragraph (1) shall set forth—

(A)

the scope of the security background checks, including the types of disqualifying offenses and the time period covered for each person subject to a security background check under paragraph (1);

(B)

the processes to conduct the security background checks;

(C)

the necessary biographical information and other data required in order to conduct the security background checks;

(D)

a redress process for an adversely-affected person consistent with subsections (b) and (c); and

(E)

a prohibition on an owner or operator of a covered chemical facility misrepresenting to an employee or other relevant person, including an arbiter involved in a labor arbitration, the scope, application, or meaning of any rules, regulations, directives, or guidance issued by the Secretary related to security background check requirements for covered individuals when conducting a security background check.

(b)

Misrepresentation of adverse employment decisions

The regulations required by subsection (a)(1) shall set forth that it shall be a misrepresentation under subsection (a)(2)(E) to attribute an adverse employment decision, including removal or suspension of the employee, to such regulations unless the owner or operator finds, after opportunity for appropriate redress under the processes provided under subsection (c)(1) and (c)(2), that the person subject to such adverse employment decision—

(1)

has been convicted of, has been found not guilty of by reason of insanity, or is under want, warrant, or indictment for, a permanent disqualifying criminal offense listed in part 1572 of title 49, Code of Federal Regulations;

(2)

was convicted of, or found not guilty of by reason of insanity, an interim disqualifying criminal offense listed in part 1572 of title 49, Code of Federal Regulations, within 7 years of the date on which the covered chemical facility performs the security background check;

(3)

was incarcerated for an interim disqualifying criminal offense listed in part 1572 of title 49, Code of Federal Regulations, and released from incarceration within 5 years of the date that the chemical facility performs the security background check;

(4)

is determined by the Secretary to be on the consolidated terrorist watchlist; or

(5)

is determined, as a result of the security background check, not to be legally authorized to work in the United States.

(c)

Redress Processes

Upon the issuance of regulations under subsection (a), the Secretary shall—

(1)

require the owner or operator to provide an adequate and prompt redress process for a person subject to a security background check under subsection (a)(1) who is subjected to an adverse employment decision, including removal or suspension of the employee, due to such regulations that is consistent with the appeals process established for employees subject to consumer reports under the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), as in force on the date of the enactment of this title;

(2)

provide an adequate and prompt redress process for a person subject to a security background check under subsection (a)(1) who is subjected to an adverse employment decision, including removal or suspension of the employee, due to a determination by the Secretary under subsection (b)(4), that is consistent with the appeals process established under section 70105(c) of title 46, United States Code, including all rights to hearings before an administrative law judge, scope of review, and a review of an unclassified summary of classified evidence equivalent to the summary provided in part 1515 of title 49, Code of Federal Regulations;

(3)

provide an adequate and prompt redress process for a person subject to a security background check under subsection (a)(1) who is subjected to an adverse employment decision, including removal or suspension of the employee, due to a violation of subsection (a)(2)(E), which shall not preclude the exercise of any other rights available under collective bargaining agreements or applicable laws;

(4)

establish a reconsideration process described in subsection (d) for a person subject to an adverse employment decision that was attributed by an owner or operator to the regulations required by subsection (a)(1);

(5)

have the authority to order an appropriate remedy, including reinstatement of the person subject to a security background check under subsection (a)(1), if the Secretary determines that the adverse employment decision was made in violation of the regulations required under subsection (a)(1) or as a result of an erroneous determination by the Secretary under subsection (b)(4);

(6)

ensure that the redress processes required under paragraphs (1), (2), or (3) afford to the person a full disclosure of any public-record event covered by subsection (b) that provides the basis for an adverse employment decision; and

(7)

ensure that the person subject to a security background check under subsection (a)(1) receives the person’s full wages and benefits until all redress processes under this subsection are exhausted.

(d)

Reconsideration process

(1)

In general

The reconsideration process required under subsection (c)(4) shall—

(A)

require the Secretary to determine, within 30 days after receiving a petition submitted by a person subject to an adverse employment decision that was attributed by an owner or operator to the regulations required by subsection (a)(1), whether such person poses a security risk to the covered chemical facility; and

(B)

include procedures consistent with section 70105(c) of title 46, United States Code, including all rights to hearings before an administrative law judge, scope of review, and a review of an unclassified summary of classified evidence equivalent to the summary provided in part 1515 of title 49, Code of Federal Regulations.

(2)

Determination by the Secretary

In making a determination described under paragraph (1)(A), the Secretary shall—

(A)

give consideration to the circumstance of any disqualifying act or offense, restitution made by the person, Federal and State mitigation remedies, and other factors from which it may be concluded that the person does not pose a security risk to the covered chemical facility; and

(B)

provide his or her determination as to whether such person poses a security risk to the covered chemical facility to the petitioner and to the owner or operator of the covered chemical facility.

(3)

Owner or operator reconsideration

If the Secretary determines pursuant to paragraph (1)(A) that the person does not pose a security risk to the covered chemical facility, it shall thereafter constitute a prohibited misrepresentation for the owner or operator of the covered chemical facility to continue to attribute the adverse employment decision to the regulations under subsection (a)(1).

(e)

Restrictions on use and maintenance of information

Information obtained under this section by the Secretary or the owner or operator of a covered chemical facility shall be handled as follows:

(1)

Such information may not be made available to the public.

(2)

Such information may not be accessed by employees of the facility except for such employees who are directly involved with collecting the information or conducting or evaluating security background checks.

(3)

Such information shall be maintained confidentially by the facility and the Secretary and may be used only for making determinations under this section.

(4)

The Secretary may share such information with other Federal, State, local, and tribal law enforcement agencies.

(f)

Savings clause

(1)

Rights and responsibilities

Nothing in this section shall be construed to abridge any right or responsibility of a person subject to a security background check under subsection (a)(1) or an owner or operator of a covered chemical facility under any other Federal, State, local, or tribal law or collective bargaining agreement.

(2)

Existing rights

Nothing in this section shall be construed as creating any new right or modifying any existing right of an individual to appeal a determination by the Secretary as a result of a check against a terrorist watch list.

(g)

Preemption

Nothing in this section shall be construed to preempt, alter, or affect a Federal, State, local, or tribal law that requires criminal history background checks, checks on the authorization of an individual to work in the United States, or other background checks of persons subject to security background checks under subsection (a)(1).

(h)

Definition of security background check

The term security background check means a review at no cost to any person subject to a security background check under subsection (a)(1) of the following for the purpose of identifying individuals who may pose a threat to chemical facility security, to national security, or of terrorism:

(1)

Relevant databases to verify and validate identity.

(2)

Relevant criminal history databases.

(3)

In the case of an alien (as defined in section 101 of the Immigration and Nationality Act (8 U.S.C. 1101(a)(3))), the relevant databases to determine the status of the alien under the immigration laws of the United States.

(4)

The consolidated terrorist watchlist.

(5)

Other relevant information or databases, as determined by the Secretary.

(i)

Department-Conducted Security Background Check

The regulations under subsection (a)(1) shall set forth a process by which the Secretary, on an ongoing basis, shall determine whether alternate security background checks conducted by the Secretary are sufficient to meet the requirements of this section such that no additional security background check under this section is required for an individual for whom such a qualifying alternate security background check was conducted. The Secretary may require the owner or operator of a covered chemical facility to which the individual will have unescorted access to sensitive or restricted areas to submit identifying information about the individual and the alternate security background check conducted for that individual to the Secretary in order to enable the Secretary to verify the validity of the alternate security background check. Such regulations shall provide that no security background check under this section is required for an individual holding a transportation security card issued under section 70105 of title 46, United States Code.

(j)

Termination of employment

If, as the result of a security background check, an owner or operator of a covered chemical facility finds that a covered individual is not legally authorized to work in the United States, the owner or operator shall cease to employ the covered individual, subject to the appropriate redress processes available to such individual under this section.

2116.

Citizen enforcement

(a)

In general

Except as provided in subsection (c), any person may commence a civil action on such person’s own behalf—

(1)

against any governmental entity (including the United States and any other governmental instrumentality or agency, to the extent permitted by the eleventh amendment to the Constitution, and any federally owned-contractor operated facility) alleged to be in violation of any order that has become effective pursuant to this title; or

(2)

against the Secretary, for an alleged failure to perform any act or duty under this title that is not discretionary for the Secretary.

(b)

Court of jurisdiction

(1)

In general

Any action under subsection (a)(1) shall be brought in the district court for the district in which the alleged violation occurred. Any action brought under subsection (a)(2) may be brought in the district court for the district in which the alleged violation occurred or in the United States District Court for the District of Columbia.

(2)

Relief

The district court shall have jurisdiction, without regard to the amount in controversy or the citizenship of the parties to enforce the order referred to in subsection (a)(1), to order such governmental entity to take such action as may be necessary, or both, or, in an action commenced under subsection (a)(2), to order the Secretary to perform the non-discretionary act or duty, and to order any civil penalties, as appropriate, under section 2107.

(c)

Actions prohibited

No action may be commenced under subsection (a) prior to 60 days after the date on which the person commencing the action has given notice of the alleged violation to—

(1)

the Secretary; and

(2)

in the case of an action under subsection (a)(1), any governmental entity alleged to be in violation of an order.

(d)

Notice

Notice under this section shall be given in such manner as the Secretary shall prescribe by regulation.

(e)

Intervention

In any action under this section, the Secretary, if not a party, may intervene as a matter of right.

(f)

Costs; bond

The court, in issuing any final order in any action brought pursuant to this section, may award costs of litigation (including reasonable attorney and expert witness fees) to the prevailing or substantially prevailing party, whenever the court determines such an award is appropriate. The court may, if a temporary restraining order or preliminary injunction is sought, require the filing of a bond or equivalent security in accordance with the Federal Rules of Civil Procedure.

(g)

Other rights preserved

Nothing in this section shall restrict any right which any person (or class of persons) may have under any statute or common law.

2117.

Citizen petitions

(a)

Regulations

The Secretary shall issue regulations to establish a citizen petition process for petitions described in subsection (b). Such regulations shall include—

(1)

the format for such petitions;

(2)

the procedure for investigation of petitions;

(3)

the procedure for response to such petitions, including timelines;

(4)

the procedure for referral to and review by the Office of the Inspector General of the Department without deference to the Secretary’s determination with respect to the petition; and

(5)

the procedure for rejection or acceptance by the Secretary of the recommendation of the Office of the Inspector General.

(b)

Petitions

The regulations issued pursuant to subsection (a) shall allow any person to file a petition with the Secretary—

(1)

identifying any person (including the United States and any other governmental instrumentality or agency, to the extent permitted by the eleventh amendment to the Constitution) alleged to be in violation of any standard, regulation, condition, requirement, prohibition, plan, or order that has become effective under this title; and

(2)

describing the alleged violation of any standard, regulation, condition, requirement, prohibition, plan, or order that has become effective under this title by that person.

(c)

Requirements

Upon issuance of regulations under subsection (a), the Secretary shall—

(1)

accept all petitions described under subsection (b) that meet the requirements of the regulations promulgated under subsection (a);

(2)

investigate all allegations contained in accepted petitions;

(3)

determine whether enforcement action will be taken concerning the alleged violation or violations;

(4)

respond to all accepted petitions promptly and in writing;

(5)

include in all responses to petitions a brief and concise statement, to the extent permitted under section 2110, of the allegations, the steps taken to investigate, the determination made, and the reasons for such determination;

(6)

maintain an internal record including all protected information related to the determination;

(7)

with respect to any petition for which the Secretary has not made a timely response or the Secretary’s response is unsatisfactory to the petitioner, provide the petitioner with the opportunity to request—

(A)

a review of the full record by the Inspector General of the Department, including a review of protected information; and

(B)

the formulation of recommendations by the Inspector General and submittal of such recommendations to the Secretary and, to the extent permitted under section 2110, to the petitioner; and

(8)

respond to a recommendation submitted by the Inspector General under paragraph (7) by adopting or rejecting the recommendation.

2118.

Notification system to address public concerns

(a)

Establishment

The Secretary shall establish a notification system, which shall provide any individual the ability to report a suspected security deficiency or suspected non-compliance with this title. Such notification system shall provide for the ability to report the suspected security deficiency or non-compliance via telephonic and Internet-based means.

(b)

Acknowledgment

When the Secretary receives a report through the notification system established under subsection (a), the Secretary shall respond to such report in a timely manner, but in no case shall the Secretary respond to such a report later than 30 days after receipt of the report.

(c)

Steps to address problems

The Secretary shall review each report received through the notification system established under subsection (a) and shall, as necessary, take appropriate enforcement action under section 2107.

(d)

Feedback required

Upon request, the Secretary shall provide the individual who reported the suspected security deficiency or non-compliance through the notification system established under subsection (a) a written response that includes the Secretary’s findings with respect to the report submitted by the individual and what, if any, compliance action was taken in response to such report.

(e)

Inspector General report required

The Inspector General of the Department shall submit to the Committee on Homeland Security and the Committee on Energy and Commerce of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate an annual report on the reports received under the notification system established under subsection (a) and the Secretary’s disposition of such reports.

2119.

Annual report to Congress

(a)

Annual Report

Not later than one year after the date of the enactment of this title, annually thereafter for the next four years, and biennially thereafter, the Secretary shall submit to the Committee on Homeland Security and the Committee on Energy and Commerce of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a report on progress in achieving compliance with this title. Each such report shall include the following:

(1)

A qualitative discussion of how covered chemical facilities, differentiated by tier, have reduced the risks of chemical facility terrorist incidents at such facilities, including—

(A)

a generalized summary of measures implemented by covered chemical facilities in order to meet each risk-based chemical facility performance standard established by this title, and those that the facilities already had in place—

(i)

in the case of the first report under this section, before the issuance of the final rule implementing the regulations known as the Chemical Facility Anti-Terrorism Standards, issued on April 9, 2007; and

(ii)

in the case of each subsequent report, since the submittal of the most recent report submitted under this section; and

(B)

any other generalized summary the Secretary deems appropriate to describe the measures covered chemical facilities are implementing to comply with the requirements of this title.

(2)

A quantitative summary of how the covered chemical facilities, differentiated by tier, are complying with the requirements of this title during the period covered by the report and how the Secretary is implementing and enforcing such requirements during such period, including—

(A)

the number of chemical facilities that provided the Secretary with information about possessing substances of concern, as described in section 2102(b)(2);

(B)

the number of covered chemical facilities assigned to each tier;

(C)

the number of security vulnerability assessments and site security plans submitted by covered chemical facilities;

(D)

the number of security vulnerability assessments and site security plans approved and disapproved by the Secretary;

(E)

the number of covered chemical facilities without approved security vulnerability assessments or site security plans;

(F)

the number of chemical facilities that have been assigned to a different tier or are no longer regulated by the Secretary due to implementation of a method to reduce the consequences of a terrorist attack and a description of such implemented methods;

(G)

the number of orders for compliance issued by the Secretary;

(H)

the administrative penalties assessed by the Secretary for non-compliance with the requirements of this title;

(I)

the civil penalties assessed by the court for non-compliance with the requirements of this title;

(J)

the number of terrorist watchlist checks conducted by the Secretary in order to comply with the requirements of this title, the number of appeals conducted by the Secretary pursuant to the processes described under paragraphs (2), (3) and (4) of section 2115(c), aggregate information regarding the time taken for such appeals, aggregate information regarding the manner in which such appeals were resolved, and, based on information provided to the Secretary annually by each owner or operator of a covered chemical facility, the number of persons subjected to adverse employment decisions that were attributed by the owner or operator to the regulations required by section 2115; and

(K)

any other regulatory data the Secretary deems appropriate to describe facility compliance with the requirements of this title and the Secretary’s implementation of such requirements.

(b)

Public availability

A report submitted under this section shall be made publicly available.

2120.

Authorization of appropriations

There is authorized to be appropriated to the Secretary of Homeland Security to carry out this title—

(1)

$325,000,000 for fiscal year 2011, of which $100,000,000 shall be made available to provide funding for methods to reduce the consequences of a terrorist attack, of which up to $3,000,000 shall be made available for grants authorized under section 2111(c)(1);

(2)

$300,000,000 for fiscal year 2012, of which $75,000,000 shall be made available to provide funding for methods to reduce the consequences of a terrorist attack, of which up to $3,000,000 shall be made available for grants authorized under section 2111(c)(1); and

(3)

$275,000,000 for fiscal year 2013, of which $50,000,000 shall be made available to provide funding for methods to reduce the consequences of a terrorist attack, of which up to $3,000,000 shall be made available for grants authorized under section 2111(c)(1).

.

(b)

Clerical Amendment

The table of contents in section 1(b) of such Act is amended by adding at the end the following:

Title XXI—Regulation of Security Practices at Chemical Facilities

Sec. 2101. Definitions.

Sec. 2102. Risk-based designation and ranking of chemical facilities.

Sec. 2103. Security vulnerability assessments and site security plans.

Sec. 2104. Site inspections.

Sec. 2105. Records.

Sec. 2106. Timely sharing of threat information.

Sec. 2107. Enforcement.

Sec. 2108. Whistleblower protections.

Sec. 2109. Federal preemption.

Sec. 2110. Protection of information.

Sec. 2111. Methods to reduce the consequences of a terrorist attack.

Sec. 2112. Applicability.

Sec. 2113. Savings clause.

Sec. 2114. Office of Chemical Facility Security.

Sec. 2115. Security background checks of covered individuals at certain chemical facilities.

Sec. 2116. Citizen enforcement.

Sec. 2117. Citizen petitions.

Sec. 2118. Notification system to address public concerns.

Sec. 2119. Annual report to Congress.

Sec. 2120. Authorization of appropriations.

.

(c)

Conforming repeal

(1)

Repeal

The Department of Homeland Security Appropriations Act, 2007 (Public Law 109–295) is amended by striking section 550.

(2)

Effective date

The amendment made by paragraph (1) shall take effect on the date of the enactment of this title.

(d)

Regulations

(1)

Deadline

The Secretary shall issue proposed rules to carry out title XXI of the Homeland Security Act of 2002, as added by subsection (a), by not later than 6 months after the date of the enactment of this Act, and shall issue final rules to carry out such title by not later than 18 months after the date of the enactment of this Act.

(2)

Consultation

In developing and implementing the rules required under paragraph (1), the Secretary shall consult with the Administrator of the Environmental Protection Agency, and other persons, as appropriate, regarding—

(A)

the designation of substances of concern;

(B)

methods to reduce the consequences of a terrorist attack;

(C)

security at drinking water facilities and wastewater treatment works;

(D)

the treatment of protected information; and

(E)

such other matters as the Secretary determines necessary.

(3)

Sense of Congress regarding CFATS

It is the sense of Congress that the Secretary of Homeland Security was granted statutory authority under section 550 of the Department of Homeland Security Appropriations Act (Public Law 109–295) to regulate security practices at chemical facilities until October 1, 2009. Pursuant to that section the Secretary prescribed regulations known as the Chemical Facility Anti-Terrorism Standards, or CFATS (referred to in this section as CFATS regulations).

(4)

Interim use and amendment of CFATS

Until the final rules prescribed pursuant to paragraph (1) take effect, in carrying out title XXI of the Homeland Security Act of 2002, as added by subsection (a), the Secretary may, to the extent the Secretary determines appropriate—

(A)

continue to carry out the CFATS regulations, as in effect immediately before the date of the enactment of this title;

(B)

amend any of such regulations as may be necessary to ensure that such regulations are consistent with the requirements of this title and the amendments made by this title; and

(C)

continue using any tools developed for purposes of such regulations, including the list of substances of concern, usually referred to as Appendix A, and the chemical security assessment tool (which includes facility registration, a top-screen questionnaire, a security vulnerability assessment tool, a site security plan template, and a chemical vulnerability information repository).

(5)

Update of facility plans assessments and plans prepared under CFATS

The owner or operator of a covered chemical facility, who, before the effective date of the final regulations issued under title XXI of the Homeland Security Act of 2002, as added by subsection (a), submits a security vulnerability assessment or site security plan under the CFATS regulations, shall be required to update or amend the facility’s security vulnerability assessment and site security plan to reflect any additional requirements of this title or the amendments made by this title, according to a timeline established by the Secretary.

(e)

Review of designation of sodium fluoroacetate as a substance of concern

The Secretary of Homeland Security shall review the designation of sodium fluoroacetate as a substance of concern pursuant to subsection (d) of section 2102 of the Homeland Security Act of 2002, as added by subsection (a), by the earlier of the following dates:

(1)

The date of the first periodic review conducted pursuant to such subsection after the date of the enactment of this title.

(2)

The date that is one year after the date of the enactment of this title.

II

DRINKING WATER SECURITY

201.

Short title

This title may be cited as the Drinking Water System Security Act of 2009.

202.

Intentional acts affecting the security of covered water systems

(a)

Amendment of Safe Drinking Water Act

Section 1433 of the Safe Drinking Water Act (42 U.S.C. 300i–2) is amended to read as follows:

1433.

Intentional acts

(a)

Risk-based performance standards; vulnerability assessments; site security plans; emergency response plans

(1)

In general

The Administrator shall issue regulations—

(A)

establishing risk-based performance standards for the security of covered water systems; and

(B)

establishing requirements and deadlines for each covered water system—

(i)

to conduct a vulnerability assessment or, if the system already has a vulnerability assessment, to revise the assessment to be in accordance with this section, and submit such assessment to the Administrator;

(ii)

to update and resubmit the vulnerability assessment not less than every 5 years and promptly after any change at the system that could cause the reassignment of the system to a different risk-based tier under subsection (d);

(iii)

to develop, implement, and, as appropriate, revise a site security plan not less than every 5 years and promptly after a revision to the vulnerability assessment and submit such plan to the Administrator;

(iv)

to develop an emergency response plan or, if the system has already developed an emergency response plan, to revise the plan to be in accordance with this section, and revise the plan not less than every 5 years thereafter; and

(v)

to provide annual training to employees and contractor employees of covered water systems on implementing site security plans and emergency response plans.

(2)

Covered water systems

For purposes of this section, the term covered water system means a public water system that—

(A)

is a community water system serving a population greater than 3,300; or

(B)

in the discretion of the Administrator, presents a security risk making regulation under this section appropriate.

(3)

Consultation with State authorities

In developing and carrying out the regulations under paragraph (1), the Administrator shall consult with States exercising primary enforcement responsibility for public water systems.

(4)

Consultation with other persons

In developing and carrying out the regulations under paragraph (1), the Administrator shall consult with the Secretary of Homeland Security, and, as appropriate, other persons regarding—

(A)

provision of threat-related and other baseline information to covered water systems;

(B)

designation of substances of concern;

(C)

development of risk-based performance standards;

(D)

establishment of risk-based tiers and process for the assignment of covered water systems to risk-based tiers;

(E)

process for the development and evaluation of vulnerability assessments, site security plans, and emergency response plans;

(F)

treatment of protected information; and

(G)

such other matters as the Administrator determines necessary.

(5)

Substances of concern

For purposes of this section, the Administrator, in consultation with the Secretary of Homeland Security—

(A)

may designate any chemical substance as a substance of concern;

(B)

at the time any substance is designated pursuant to subparagraph (A), shall establish by rule a threshold quantity for the release or theft of the substance, taking into account the toxicity, reactivity, volatility, dispersability, combustibility, and flammability of the substance and the amount of the substance that, as a result of a release, is known to cause or may be reasonably anticipated to cause death, injury, or serious adverse effects to human health or the environment; and

(C)

in making such a designation, shall take into account appendix A to part 27 of title 6, Code of Federal Regulations (or any successor regulations).

(6)

Baseline information

The Administrator, after consultation with appropriate departments and agencies of the Federal Government and with State, local, and tribal governments, shall, for purposes of facilitating compliance with the requirements of this section, promptly after the effective date of the regulations under subsection (a)(1) and as appropriate thereafter, provide baseline information to covered water systems regarding which kinds of intentional acts are the probable threats to—

(A)

substantially disrupt the ability of the system to provide a safe and reliable supply of drinking water;

(B)

cause the release of a substance of concern at the covered water system; or

(C)

cause the theft, misuse, or misappropriation of a substance of concern.

(b)

Risk-Based performance standards

The regulations under subsection (a)(1) shall set forth risk-based performance standards for site security plans required by this section. The standards shall be separate and, as appropriate, increasingly stringent based on the level of risk associated with the covered water system’s risk-based tier assignment under subsection (d). In developing such standards, the Administrator shall take into account section 27.230 of title 6, Code of Federal Regulations (or any successor regulations).

(c)

Vulnerability assessment

The regulations under subsection (a)(1) shall require each covered water system to assess the system’s vulnerability to a range of intentional acts, including an intentional act that results in a release of a substance of concern that is known to cause or may be reasonably anticipated to cause death, injury, or serious adverse effects to human health or the environment. At a minimum, the vulnerability assessment shall include a review of—

(1)

pipes and constructed conveyances;

(2)

physical barriers;

(3)

water collection, pretreatment, treatment, storage, and distribution facilities, including fire hydrants;

(4)

electronic, computer, and other automated systems that are used by the covered water system;

(5)

the use, storage, or handling of various chemicals, including substances of concern;

(6)

the operation and maintenance of the covered water system; and

(7)

the covered water system’s resiliency and ability to ensure continuity of operations in the event of a disruption caused by an intentional act.

(d)

Risk-Based tiers

The regulations under subsection (a)(1) shall provide for 4 risk-based tiers applicable to covered water systems, with tier one representing the highest degree of security risk.

(1)

Assignment of risk-based tiers

(A)

Submission of information

The Administrator may require a covered water system to submit information in order to determine the appropriate risk-based tier for the covered water system.

(B)

Factors to consider

The Administrator shall assign (and reassign when appropriate) each covered water system to one of the risk-based tiers established pursuant to this subsection. In assigning a covered water system to a risk-based tier, the Administrator shall consider the potential consequences (such as death, injury, or serious adverse effects to human health, the environment, critical infrastructure, national security, and the national economy) from—

(i)

an intentional act to cause a release, including a worst-case release, of a substance of concern at the covered water system;

(ii)

an intentional act to introduce a contaminant into the drinking water supply or disrupt the safe and reliable supply of drinking water; and

(iii)

an intentional act to steal, misappropriate, or misuse substances of concern.

(2)

Explanation for risk-based tier assignment

The Administrator shall provide each covered water system assigned to a risk-based tier with the reasons for the tier assignment and whether such system is required to submit an assessment under subsection (g)(2).

(e)

Development and implementation of site security plans

The regulations under subsection (a)(1) shall permit each covered water system, in developing and implementing its site security plan required by this section, to select layered security and preparedness measures that, in combination, appropriately—

(1)

address the security risks identified in its vulnerability assessment; and

(2)

comply with the applicable risk-based performance standards required under this section.

(f)

Role of employees

(1)

Description of role

Site security plans and emergency response plans required under this section shall describe the appropriate roles or responsibilities that employees and contractor employees are expected to perform to deter or respond to the intentional acts described in subsection (d)(1)(B).

(2)

Training for employees

Each covered water system shall annually provide employees and contractor employees with roles or responsibilities described in paragraph (1) with a minimum of 8 hours of training on carrying out those roles or responsibilities.

(3)

Employee participation

In developing, revising, or updating a vulnerability assessment, site security plan, and emergency response plan required under this section, a covered water system shall include—

(A)

at least one supervisory and at least one non-supervisory employee of the covered water system; and

(B)

at least one representative of each certified or recognized bargaining agent representing facility employees or contractor employees with roles or responsibilities described in paragraph (1), if any, in a collective bargaining relationship with the private or public owner or operator of the system or with a contractor to that system. 

(g)

Methods To reduce the consequences of a chemical release from an intentional act

(1)

Definition

In this section, the term method to reduce the consequences of a chemical release from an intentional act means a measure at a covered water system that reduces or eliminates the potential consequences of a release of a substance of concern from an intentional act such as—

(A)

the elimination or reduction in the amount of a substance of concern possessed or planned to be possessed by a covered water system through the use of alternate substances, formulations, or processes;

(B)

the modification of pressures, temperatures, or concentrations of a substance of concern; and

(C)

the reduction or elimination of onsite handling of a substance of concern through improvement of inventory control or chemical use efficiency.

(2)

Assessment

For each covered water system that possesses or plans to possess a substance of concern in excess of the release threshold quantity set by the Administrator under subsection (a)(5), the regulations under subsection (a)(1) shall require the covered water system to include in its site security plan an assessment of methods to reduce the consequences of a chemical release from an intentional act at the covered water system. The covered water system shall provide such assessment to the Administrator and the State exercising primary enforcement responsibility for the covered water system, if any. The regulations under subsection (a)(1) shall require the system, in preparing the assessment, to consider factors appropriate to the system’s security, public health, or environmental mission, and include—

(A)

a description of the methods to reduce the consequences of a chemical release from an intentional act;

(B)

how each described method to reduce the consequences of a chemical release from an intentional act could, if applied, reduce the potential extent of death, injury, or serious adverse effects to human health resulting from a chemical release;

(C)

how each described method to reduce the consequences of a chemical release from an intentional act could, if applied, affect the presence of contaminants in treated water, human health, or the environment;

(D)

whether each described method to reduce the consequences of a chemical release from an intentional act at the covered water system is feasible, as defined in section 1412(b)(4)(D), but not including cost calculations under subparagraph (E);

(E)

the costs (including capital and operational costs) and avoided costs (including savings and liabilities) associated with applying each described method to reduce the consequences of a chemical release from an intentional act at the covered water system;

(F)

any other relevant information that the covered water system relied on in conducting the assessment; and

(G)

a statement of whether the covered water system has implemented or plans to implement one or more methods to reduce the consequences of a chemical release from an intentional act, a description of any such methods, and, in the case of a covered water system described in paragraph (3)(A), an explanation of the reasons for any decision not to implement any such methods.

(3)

Required methods

(A)

Application

This paragraph applies to a covered water system—

(i)

that is assigned to one of the two highest risk-based tiers under subsection (d); and

(ii)

that possesses or plans to possess a substance of concern in excess of the release threshold quantity set by the Administrator under subsection (a)(5).

(B)

Highest-risk systems

If, on the basis of its assessment under paragraph (2), a covered water system described in subparagraph (A) decides not to implement methods to reduce the consequences of a chemical release from an intentional act, the State exercising primary enforcement responsibility for the covered water system, if the system is located in such a State, or the Administrator, if the covered water system is not located in such a State, shall, in accordance with a timeline set by the Administrator—

(i)

determine whether to require the covered water system to implement the methods; and

(ii)

for States exercising primary enforcement responsibility, report such determination to the Administrator.

(C)

State or Administrator’s considerations

Before requiring, pursuant to subparagraph (B), the implementation of a method to reduce the consequences of a chemical release from an intentional act, the State exercising primary enforcement responsibility for the covered water system, if the system is located in such a State, or the Administrator, if the covered water system is not located in such a State, shall consider factors appropriate to the security, public health, and environmental missions of covered water systems, including an examination of whether the method—

(i)

would significantly reduce the risk of death, injury, or serious adverse effects to human health resulting directly from a chemical release from an intentional act at the covered water system;

(ii)

would not increase the interim storage of a substance of concern by the covered water system;

(iii)

would not render the covered water system unable to comply with other requirements of this Act or drinking water standards established by the State or political subdivision in which the system is located; and

(iv)

is feasible, as defined in section 1412(b)(4)(D), to be incorporated into the operation of the covered water system.

(D)

Appeal

Before requiring, pursuant to subparagraph (B), the implementation of a method to reduce the consequences of a chemical release from an intentional act, the State exercising primary enforcement responsibility for the covered water system, if the system is located in such a State, or the Administrator, if the covered water system is not located in such a State, shall provide such covered water system an opportunity to appeal the determination to require such implementation made pursuant to subparagraph (B) by such State or the Administrator.

(4)

Incomplete or late assessments

(A)

Incomplete assessments

If the Administrator finds that the covered water system, in conducting its assessment under paragraph (2), did not meet the requirements of paragraph (2) and the applicable regulations, the Administrator shall, after notifying the covered water system and the State exercising primary enforcement responsibility for that system, if any, require the covered water system to submit a revised assessment not later than 60 days after the Administrator notifies such system. The Administrator may require such additional revisions as are necessary to ensure that the system meets the requirements of paragraph (2) and the applicable regulations.

(B)

Late assessments

If the Administrator finds that a covered water system, in conducting its assessment pursuant to paragraph (2), did not complete such assessment in accordance with the deadline set by the Administrator, the Administrator may, after notifying the covered water system and the State exercising primary enforcement responsibility for that system, if any, take appropriate enforcement action under subsection (o).

(C)

Review

The State exercising primary enforcement responsibility for the covered water system, if the system is located in such a State, or the Administrator, if the system is not located in such a State, shall review a revised assessment that meets the requirements of paragraph (2) and applicable regulations to determine whether the covered water system will be required to implement methods to reduce the consequences of an intentional act pursuant to paragraph (3).

(5)

Enforcement

(A)

Failure by State to make determination

Whenever the Administrator finds that a State exercising primary enforcement responsibility for a covered water system has failed to determine whether to require the covered water system to implement methods to reduce the consequences of a chemical release from an intentional act, as required by paragraph (3)(B), the Administrator shall so notify the State and covered water system. If, beyond the thirtieth day after the Administrator’s notification under the preceding sentence, the State has failed to make the determination described in such sentence, the Administrator shall so notify the State and covered water system and shall determine whether to require the covered water system to implement methods to reduce the consequences of a chemical release from an intentional act based on the factors described in paragraph (3)(C).

(B)

Failure by State to bring enforcement action

If the Administrator finds, with respect to a period in which a State has primary enforcement responsibility for a covered water system, that the system has failed to implement methods to reduce the consequences of a chemical release from an intentional act (as required by the State or the Administrator under paragraph (3)(B) or the Administrator under subparagraph (A)), the Administrator shall so notify the State and the covered water system. If, beyond the thirtieth day after the Administrator's notification under the preceding sentence, the State has not commenced appropriate enforcement action, the Administrator shall so notify the State and may take appropriate enforcement action under subsection (o), to require implementation of such methods.

(C)

Consideration of continued primary enforcement responsibility

For a State with primary enforcement responsibility for a covered water system, the Administrator may consider the failure of such State to make a determination as described under subparagraph (A) or to bring enforcement action as described under subparagraph (B) when determining whether a State may retain primary enforcement responsibility under this Act.

(6)

Guidance for covered water systems assigned to tier 3 and tier 4

For covered water systems required to conduct an assessment under paragraph (2) and assigned by the Administrator to tier 3 or tier 4 under subsection (d), the Administrator shall issue guidance and, as appropriate, provide or recommend tools, methodologies, or computer software, to assist such covered water systems in complying with the requirements of this section.

(h)

Review by Administrator

(1)

In general

The regulations under subsection (a)(1) shall require each covered water system to submit its vulnerability assessment and site security plan to the Administrator for review according to deadlines set by the Administrator. The Administrator shall review each vulnerability assessment and site security plan submitted under this section and—

(A)

if the assessment or plan has any significant deficiency described in paragraph (2), require the covered water system to correct the deficiency; or

(B)

approve such assessment or plan.

(2)

Significant deficiencies

A vulnerability assessment or site security plan of a covered water system has a significant deficiency under this subsection if the Administrator, in consultation, as appropriate, with the State exercising primary enforcement responsibility for such system, if any, determines that—

(A)

such assessment does not comply with the regulations established under section (a)(1); or

(B)

such plan—

(i)

fails to address vulnerabilities identified in a vulnerability assessment; or

(ii)

fails to meet applicable risk-based performance standards.   

(3)

State, regional, or local governmental entities

No covered water system shall be required under State, local, or tribal law to provide a vulnerability assessment or site security plan described in this section to any State, regional, local, or tribal governmental entity solely by reason of the requirement set forth in paragraph (1) that the system submit such an assessment and plan to the Administrator.

(i)

Emergency response plan

(1)

In general

Each covered water system shall prepare or revise, as appropriate, an emergency response plan that incorporates the results of the system’s most current vulnerability assessment and site security plan.

(2)

Certification

Each covered water system shall certify to the Administrator that the system has completed an emergency response plan. The system shall submit such certification to the Administrator not later than 6 months after the system’s first completion or revision of a vulnerability assessment under this section and shall submit an additional certification following any update of the emergency response plan.

(3)

Contents

A covered water system’s emergency response plan shall include—

(A)

plans, procedures, and identification of equipment that can be implemented or used in the event of an intentional act at the covered water system; and

(B)

actions, procedures, and identification of equipment that can obviate or significantly lessen the impact of intentional acts on public health and the safety and supply of drinking water provided to communities and individuals.

(4)

Coordination

As part of its emergency response plan, each covered water system shall provide appropriate information to any local emergency planning committee, local law enforcement officials, and local emergency response providers to ensure an effective, collective response.

(j)

Maintenance of records

Each covered water system shall maintain an updated copy of its vulnerability assessment, site security plan, and emergency response plan.

(k)

Audit; inspection

(1)

In general

Notwithstanding section 1445(b)(2), the Administrator, or duly designated representatives of the Administrator, shall audit and inspect covered water systems, as necessary, for purposes of determining compliance with this section.

(2)

Access

In conducting an audit or inspection of a covered water system, the Administrator or duly designated representatives of the Administrator, as appropriate, shall have access to the owners, operators, employees and contractor employees, and employee representatives, if any, of such covered water system.

(3)

Confidential communication of information; aiding inspections

The Administrator, or a duly designated representative of the Administrator, shall offer non-supervisory employees of a covered water system the opportunity confidentially to communicate information relevant to the employer’s compliance or noncompliance with this section, including compliance or noncompliance with any regulation or requirement adopted by the Administrator in furtherance of the purposes of this section. A representative of each certified or recognized bargaining agent described in subsection (f)(3)(B), if any, or, if none, a non-supervisory employee, shall be given an opportunity to accompany the Administrator, or the duly designated representative of the Administrator, during the physical inspection of any covered water system for the purpose of aiding such inspection, if representatives of the covered water system will also be accompanying the Administrator or the duly designated representative of the Administrator on such inspection.

(l)

Protection of information

(1)

Prohibition of public disclosure of protected information

Protected information shall—

(A)

be exempt from disclosure under section 552 of title 5, United States Code; and

(B)

not be made available pursuant to any State, local, or tribal law requiring disclosure of information or records.

(2)

Information sharing

(A)

In general

The Administrator shall prescribe such regulations, and may issue such orders, as necessary to prohibit the unauthorized disclosure of protected information.

(B)

Sharing of protected information

The regulations under subparagraph (A) shall provide standards for and facilitate the appropriate sharing of protected information with and between Federal, State, local, and tribal authorities, first responders, law enforcement officials, designated supervisory and non-supervisory covered water system personnel with security, operational, or fiduciary responsibility for the system, and designated facility employee representatives, if any. Such standards shall include procedures for the sharing of all portions of a covered water system's vulnerability assessment and site security plan relating to the roles and responsibilities of system employees or contractor employees under subsection (f)(1) with a representative of each certified or recognized bargaining agent representing such employees, if any, or, if none, with at least one supervisory and at least one non-supervisory employee with roles and responsibilities under subsection (f)(1).

(C)

Penalties

Protected information shall not be shared except in accordance with the standards provided by the regulations under subparagraph (A). Whoever discloses protected information in knowing violation of the regulations and orders issued under subparagraph (A) shall be fined under title 18, United States Code, imprisoned for not more than one year, or both, and, in the case of a Federal officeholder or employee, shall be removed from Federal office or employment.

(3)

Treatment of information in adjudicative proceedings

In any judicial or administrative proceeding, protected information shall be treated in a manner consistent with the treatment of Sensitive Security Information under section 525 of the Department of Homeland Security Appropriations Act, 2007 (Public Law 109–295; 120 Stat. 1381).

(4)

Other obligations unaffected

Except as provided in subsection (h)(3), nothing in this section amends or affects an obligation of a covered water system—

(A)

to submit or make available information to system employees, employee organizations, or a Federal, State, tribal, or local government agency under any other provision of law; or

(B)

to comply with any other provision of law.

(5)

Congressional oversight

Nothing in this section permits or authorizes the withholding of information from Congress or any committee or subcommittee thereof.

(6)

Disclosure of independently furnished information

Nothing in this section amends or affects any authority or obligation of a Federal, State, local, or tribal agency to protect or disclose any record or information that the Federal, State, local, or tribal agency obtains from a covered water system or the Administrator under any other provision of law.

(7)

Protected information

(A)

In general

For purposes of this section, the term protected information means any of the following:

(i)

Vulnerability assessments and site security plans under this section, including any assessment developed pursuant to subsection (g)(2).

(ii)

Documents directly related to the Administrator’s review of assessments and plans described in clause (i) and, as applicable, the State’s review of an assessment prepared under subsection (g)(2).

(iii)

Documents directly related to inspections and audits under this section.

(iv)

Orders, notices, or letters regarding the compliance of a covered water system with the requirements of this section.

(v)

Information, documents, or records required to be provided to or created by, the Administrator under subsection (d).

(vi)

Documents directly related to security drills and training exercises, security threats and breaches of security, and maintenance, calibration, and testing of security equipment.

(vii)

Other information, documents, and records developed exclusively for the purposes of this section that the Administrator has determined by regulation would be detrimental to the security of one or more covered water systems if disclosed.

(B)

Detriment requirement

For purposes of clauses (ii), (iii), (iv), (v), and (vi) of subparagraph (A), the only portions of documents, records, orders, notices, and letters that shall be considered protected information are those portions that—

(i)

the Secretary has determined by regulation would be detrimental to the security of one or more covered water systems if disclosed; and

(ii)

are developed by the Administrator, the State, or the covered water system for the purposes of this section.

(C)

Exclusions

Notwithstanding subparagraphs (A) and (B), the term ‘protected information’ does not include—

(i)

information, other than a security vulnerability assessment or site security plan, that the Administrator has determined by regulation to be—

(I)

appropriate to describe system compliance with the requirements of this title and the Administrator’s implementation of such requirements; and

(II)

not detrimental to the security of one or more covered water systems if disclosed; or

(ii)

information, whether or not also contained in a security vulnerability assessment, site security plan, or in a document, record, order, notice, or letter, or portion thereof, described in any of clauses (ii) through (vii) of subparagraph (A) that is obtained from another source with respect to which the Administrator has not made a determination under either subparagraph (A)(vii) or (B), including—

(I)

information that is required to be made publicly available under any other provision of law; and

(II)

information that a covered water system has lawfully disclosed other than in a submission to the Administrator pursuant to a requirement of this title.

(m)

Relation to chemical facility security requirements

Title XXI of the Homeland Security Act of 2002 and title I of the Chemical and Water Security Act of 2009 shall not apply to any public water system subject to this Act.

(n)

Preemption

This section does not preclude or deny the right of any State or political subdivision thereof to adopt or enforce any regulation, requirement, or standard of performance with respect to a covered water system that is more stringent than a regulation, requirement, or standard of performance under this section.

(o)

Violations

(1)

In general

A covered water system that violates any requirement of this section, including by not implementing all or part of its site security plan by such date as the Administrator requires, shall be liable for a civil penalty of not more than $25,000 for each day on which the violation occurs.

(2)

Procedure

When the Administrator determines that a covered water system is subject to a civil penalty under paragraph (1), the Administrator, after consultation with the State, for covered water systems located in a State exercising primary responsibility for the covered water system, and, after considering the severity of the violation or deficiency and the record of the covered water system in carrying out the requirements of this section, may—

(A)

after notice and an opportunity for the covered water system to be heard, issue an order assessing a penalty under such paragraph for any past or current violation, requiring compliance immediately or within a specified time period; or

(B)

commence a civil action in the United States district court in the district in which the violation occurred for appropriate relief, including temporary or permanent injunction.

(3)

Methods to reduce the consequences of a chemical release from an intentional act

Except as provided in subsections (g)(4) and (g)(5), if a covered water system is located in a State exercising primary enforcement responsibility for the system, the Administrator may not issue an order or commence a civil action under this section for any deficiency in the content or implementation of the portion of the system’s site security plan relating to methods to reduce the consequences of a chemical release from an intentional act (as defined in subsection (g)(1)).

(p)

Report to Congress

(1)

Periodic report

Not later than 3 years after the effective date of the regulations under subsection (a)(1), and every 3 years thereafter, the Administrator shall transmit to the Committee on Energy and Commerce of the House of Representatives and the Committee on Environment and Public Works of the Senate a report on progress in achieving compliance with this section. Each such report shall include, at a minimum, the following:

(A)

A generalized summary of measures implemented by covered water systems in order to meet each risk-based performance standard established by this section.

(B)

A summary of how the covered water systems, differentiated by risk-based tier assignment, are complying with the requirements of this section during the period covered by the report and how the Administrator is implementing and enforcing such requirements during such period including—

(i)

the number of public water systems that provided the Administrator with information pursuant to subsection (d)(1);

(ii)

the number of covered water systems assigned to each risk-based tier;

(iii)

the number of vulnerability assessments and site security plans submitted by covered water systems;

(iv)

the number of vulnerability assessments and site security plans approved and disapproved by the Administrator;

(v)

the number of covered water systems without approved vulnerability assessments or site security plans;

(vi)

the number of covered water systems that have been assigned to a different risk-based tier due to implementation of a method to reduce the consequences of a chemical release from an intentional act and a description of the types of such implemented methods;

(vii)

the number of audits and inspections conducted by the Administrator or duly designated representatives of the Administrator;

(viii)

the number of orders for compliance issued by the Administrator;

(ix)

the administrative penalties assessed by the Administrator for non-compliance with the requirements of this section;

(x)

the civil penalties assessed by courts for non-compliance with the requirements of this section; and

(xi)

any other regulatory data the Administrator determines appropriate to describe covered water system compliance with the requirements of this section and the Administrator’s implementation of such requirements.

(2)

Public availability

A report submitted under this section shall be made publicly available.

(q)

Grant programs

(1)

Implementation grants to States

The Administrator may award grants to, or enter into cooperative agreements with, States, based on an allocation formula established by the Administrator, to assist the States in implementing this section.

(2)

Research, training, and technical assistance grants

The Administrator may award grants to, or enter into cooperative agreements with, non-profit organizations to provide research, training, and technical assistance to covered water systems to assist them in carrying out their responsibilities under this section.

(3)

Preparation grants

(A)

Grants

The Administrator may award grants to, or enter into cooperative agreements with, covered water systems to assist such systems in—

(i)

preparing and updating vulnerability assessments, site security plans, and emergency response plans;

(ii)

assessing and implementing methods to reduce the consequences of a release of a substance of concern from an intentional act; and

(iii)

implementing any other security reviews and enhancements necessary to comply with this section.

(B)

Priority

(i)

Need

The Administrator, in awarding grants or entering into cooperative agreements for purposes described in subparagraph (A)(i), shall give priority to covered water systems that have the greatest need.

(ii)

Security risk

The Administrator, in awarding grants or entering into cooperative agreements for purposes described in subparagraph (A)(ii), shall give priority to covered water systems that pose the greatest security risk.

(4)

Worker Training Grants Program Authority

(A)

In general

The Administrator shall establish a grant program to award grants to eligible entities to provide for training and education of employees and contractor employees with roles or responsibilities described in subsection (f)(1) and first responders and emergency response providers who would respond to an intentional act at a covered water system.

(B)

Administration

The Administrator shall enter into an agreement with the National Institute of Environmental Health Sciences to make and administer grants under this paragraph.

(C)

Use of funds

The recipient of a grant under this paragraph shall use the grant to provide for—

(i)

training and education of employees and contractor employees with roles or responsibilities described in subsection (f)(1), including the annual mandatory training specified in subsection (f)(2) or training for first responders in protecting nearby persons, property, or the environment from the effects of a release of a substance of concern at the covered water system, with priority given to covered water systems assigned to tier one or tier two under subsection (d); and

(ii)

appropriate training for first responders and emergency response providers who would respond to an intentional act at a covered water system.

(D)

Eligible entities

For purposes of this paragraph, an eligible entity is a nonprofit organization with demonstrated experience in implementing and operating successful worker or first responder health and safety or security training programs.

(r)

Authorization of appropriations

(1)

In general

To carry out this section, there are authorized to be appropriated—

(A)

$315,000,000 for fiscal year 2011, of which up to—

(i)

$30,000,000 may be used for administrative costs incurred by the Administrator or the States, as appropriate; and

(ii)

$125,000,000 may be used to implement methods to reduce the consequences of a chemical release from an intentional act at covered water systems with priority given to covered water systems assigned to tier one or tier two under subsection (d); and

(B)

such sums as may be necessary for fiscal years 2012 through 2015.

(2)

Security enhancements

Funding under this subsection for basic security enhancements shall not include expenditures for personnel costs or monitoring, operation, or maintenance of facilities, equipment, or systems.

.

(b)

Regulations; transition

(1)

Regulations

Not later than 2 years after the date of the enactment of this title, the Administrator of the Environmental Protection Agency shall promulgate final regulations to carry out section 1433 of the Safe Drinking Water Act, as amended by subsection (a).

(2)

Effective date

Until the effective date of the regulations promulgated under paragraph (1), section 1433 of the Safe Drinking Water Act, as in effect on the day before the date of the enactment of this title, shall continue to apply.

(3)

Savings provision

Nothing in this section or the amendment made by this section shall affect the application of section 1433 of the Safe Drinking Water Act, as in effect before the effective date of the regulations promulgated under paragraph (1), to any violation of such section 1433 occurring before such effective date, and the requirements of such section 1433 shall remain in force and effect with respect to such violation until the violation has been corrected or enforcement proceedings completed, whichever is later.

203.

Study to assess the threat of contamination of drinking water distribution systems

Not later than 180 days after the date of the enactment of this title, the Administrator of the Environmental Protection Agency, in consultation with the Secretary of Homeland Security, shall—

(1)

conduct a study to assess the threat to drinking water posed by an intentional act of contamination, and the vulnerability of public water systems, including fire hydrants, to such a threat; and

(2)

submit a report to the Congress on the results of such study.

III

WASTEWATER TREATMENT WORKS SECURITY

301.

Short title

This title may be cited as the Wastewater Treatment Works Security Act of 2009.

302.

Wastewater treatment works security

(a)

In general

Title II of the Federal Water Pollution Control Act (33 U.S.C. 1281 et seq.) is amended by adding at the end the following:

222.

Wastewater treatment works security

(a)

Assessment of treatment works vulnerability and implementation of site security and emergency response plans

(1)

In general

Each owner or operator of a treatment works with either a treatment capacity of at least 2,500,000 gallons per day or, in the discretion of the Administrator, that presents a security risk making coverage under this section appropriate shall, consistent with regulations developed under subsection (b)—

(A)

conduct and, as required, update a vulnerability assessment of its treatment works;

(B)

develop, periodically update, and implement a site security plan for the treatment works; and

(C)

develop and, as required, revise an emergency response plan for the treatment works.

(2)

Vulnerability assessment

(A)

Definition

In this section, the term vulnerability assessment means an assessment of the vulnerability of a treatment works to intentional acts that may—

(i)

substantially disrupt the ability of the treatment works to safely and reliably operate; or

(ii)

have a substantial adverse effect on critical infrastructure, public health or safety, or the environment.

(B)

Review

A vulnerability assessment shall include an identification of the vulnerability of the treatment works’—

(i)

facilities, systems, and devices used in the storage, treatment, recycling, or reclamation of municipal sewage or industrial wastes;

(ii)

intercepting sewers, outfall sewers, sewage collection systems, and other constructed conveyances under the control of the owner or operator of the treatment works;

(iii)

electronic, computer, and other automated systems;

(iv)

pumping, power, and other equipment;

(v)

use, storage, and handling of various chemicals, including substances of concern, as identified by the Administrator;

(vi)

operation and maintenance procedures; and

(vii)

ability to ensure continuity of operations.

(3)

Site security plan

(A)

Definition

In this section, the term site security plan means a process developed by the owner or operator of a treatment works to address security risks identified in a vulnerability assessment developed for the treatment works.

(B)

Identification of security enhancements

A site security plan carried out under paragraph (1)(B) shall identify specific security enhancements, including procedures, countermeasures, or equipment, that, when implemented or utilized, will reduce the vulnerabilities identified in a vulnerability assessment (including the identification of the extent to which implementation or utilization of such security enhancements may impact the operations of the treatment works in meeting the goals and requirements of this Act).

(b)

Rulemaking and guidance documents

(1)

In general

Not later than December 31, 2010, the Administrator, after providing notice and an opportunity for public comment, shall issue regulations—

(A)

establishing risk-based performance standards for the security of a treatment works identified under subsection (a)(1); and

(B)

establishing requirements and deadlines for each owner or operator of a treatment works identified under subsection (a)(1)—

(i)

to conduct and submit to the Administrator a vulnerability assessment or, if the owner or operator of a treatment works already has conducted a vulnerability assessment, to revise and submit to the Administrator such assessment in accordance with this section;

(ii)

to update and submit to the Administrator the vulnerability assessment not less than every 5 years and promptly after any change at the treatment works that could cause the reassignment of the treatment works to a different risk-based tier under paragraph (2)(B);

(iii)

to develop and implement a site security plan and to update such plan not less than every 5 years and promptly after an update to the vulnerability assessment;

(iv)

to develop an emergency response plan (or, if the owner or operator of a treatment works has already developed an emergency response plan, to revise the plan to be in accordance with this section) and to revise the plan not less than every 5 years and promptly after an update to the vulnerability assessment; and

(v)

to provide annual training to employees of the treatment works on implementing site security plans and emergency response plans.

(2)

Risk-based tiers and performance standards

(A)

In general

In developing regulations under this subsection, the Administrator shall—

(i)

provide for 4 risk-based tiers applicable to treatment works identified under subsection (a)(1), with tier one representing the highest degree of security risk; and

(ii)

establish risk-based performance standards for site security plans and emergency response plans required under this section.

(B)

Risk-based tiers

(i)

Assignment of risk-based tiers

The Administrator shall assign (and reassign when appropriate) each treatment works identified under subsection (a)(1) to one of the risk-based tiers established pursuant to this paragraph.

(ii)

Factors to consider

In assigning a treatment works to a risk-based tier, the Administrator shall consider—

(I)

the size of the treatment works;

(II)

the proximity of the treatment works to large population centers;

(III)

the adverse impacts of an intentional act, including a worst-case release of a substance of concern designated under subsection (c), on the operation of the treatment works or on critical infrastructure, public health or safety, or the environment; and

(IV)

any other factor that the Administrator determines to be appropriate.

(iii)

Information request for treatment works

The Administrator may require the owner or operator of a treatment works identified under subsection (a)(1) to submit information in order to determine the appropriate risk-based tier for the treatment works.

(iv)

Explanation for risk-based tier assignment

The Administrator shall provide the owner or operator of each treatment works assigned to a risk-based tier with the reasons for the tier assignment and whether such owner or operator of a treatment works is required to submit an assessment under paragraph (3)(B).

(C)

Risk-based performance standards

(i)

Classification

In establishing risk-based performance standards under subparagraph (A)(ii), the Administrator shall ensure that the standards are separate and, as appropriate, increasingly more stringent based on the level of risk associated with the risk-based tier assignment under subparagraph (B) for the treatment works.

(ii)

Consideration

In carrying out this subparagraph, the Administrator shall take into account section 27.230 of title 6, Code of Federal Regulations (or any successor regulation).

(D)

Site Security Plans

(i)

In general

In developing regulations under this subsection, the Administrator shall permit the owner or operator of a treatment works identified under subsection (a)(1), in developing and implementing a site security plan, to select layered security and preparedness measures that, in combination—

(I)

address the security risks identified in its vulnerability assessment; and

(II)

comply with the applicable risk-based performance standards required by this subsection.

(3)

Methods to Reduce the Consequences of a Chemical Release from an Intentional Act

(A)

Definition

In this section, the term method to reduce the consequences of a chemical release from an intentional act means a measure at a treatment works identified under subsection (a)(1) that reduces or eliminates the potential consequences of a release of a substance of concern designated under subsection (c) from an intentional act, such as—

(i)

the elimination of or a reduction in the amount of a substance of concern possessed or planned to be possessed by a treatment works through the use of alternate substances, formulations, or processes;

(ii)

the modification of pressures, temperatures, or concentrations of a substance of concern; and

(iii)

the reduction or elimination of onsite handling of a substance of concern through the improvement of inventory control or chemical use efficiency.

(B)

Assessment

(i)

In general

In developing the regulations under this subsection, for each treatment works identified under subsection (a)(1) that possesses or plans to possess a substance of concern in excess of the release threshold quantity set by the Administrator under subsection (c)(2), the Administrator shall require the treatment works to include in its site security plan an assessment of methods to reduce the consequences of a chemical release from an intentional act at the treatment works.

(ii)

Considerations for assessment

In developing the regulations under this subsection, the Administrator shall require the owner or operator of each treatment works, in preparing the assessment, to consider factors appropriate to address the responsibilities of the treatment works to meet the goals and requirements of this Act and to include—

(I)

a description of the methods to reduce the consequences of a chemical release from an intentional act;

(II)

a description of how each described method to reduce the consequences of a chemical release from an intentional act could, if applied—

(aa)

reduce the extent of death, injury, or serious adverse effects to human health or the environment as a result of a release, theft, or misappropriation of a substance of concern designated under subsection (c); and

(bb)

impact the operations of the treatment works in meeting the goals and requirements of this Act;

(III)

whether each described method to reduce the consequences of a chemical release from an intentional act at the treatment works is feasible, as determined by the Administrator;

(IV)

the costs (including capital and operational costs) and avoided costs (including potential savings) associated with applying each described method to reduce the consequences of a chemical release from an intentional act at the treatment works;

(V)

any other relevant information that the owner or operator of a treatment works relied on in conducting the assessment; and

(VI)

a statement of whether the owner or operator of a treatment works has implemented or plans to implement a method to reduce the consequences of a chemical release from an intentional act, a description of any such method, and, in the case of a treatment works described in subparagraph (C)(i), an explanation of the reasons for any decision not to implement any such method.

(C)

Required methods

(i)

Application

This subparagraph applies to a treatment works identified under subsection (a)(1) that—

(I)

is assigned to one of the two highest risk-based tiers established under paragraph (2)(A); and

(II)

possesses or plans to possess a substance of concern in excess of the threshold quantity set by the Administrator under subsection (c)(2).

(ii)

Highest-risk systems

If, on the basis of its assessment developed pursuant to subparagraph (B), the owner or operator of a treatment works described in clause (i) decides not to implement a method to reduce the consequences of a chemical release from an intentional act, in accordance with a timeline set by the Administrator—

(I)

the Administrator or, where applicable, a State with an approved program under section 402, shall determine whether to require the owner or operator of a treatment works to implement such method; and

(II)

in the case of a State with such approved program, the State shall report such determination to the Administrator.

(iii)

Considerations

Before requiring the implementation of a method to reduce the consequences of a chemical release from an intentional act under clause (ii), the Administrator or a State, as the case may be, shall consider factors appropriate to address the responsibilities of the treatment works to meet the goals and requirements of this Act, including an examination of whether the method—

(I)

would significantly reduce the risk of death, injury, or serious adverse effects to human health resulting from a chemical release from an intentional act at the treatment works;

(II)

would not increase the interim storage by the treatment works of a substance of concern designated under subsection (c);

(III)

could impact the operations of the treatment works in meeting the goals and requirements of this Act or any more stringent standards established by the State or municipality in which the treatment works is located; and

(IV)

is feasible, as determined by the Administrator, to be incorporated into the operations of the treatment works.

(D)

Appeal

Before requiring the implementation of a method to reduce the consequences of a chemical release from an intentional act under clause (ii), the Administrator or a State, as the case may be, shall provide the owner or operator of the treatment works an opportunity to appeal the determination to require such implementation.

(E)

Incomplete or late assessments

(i)

Incomplete assessments

If the Administrator determines that a treatment works fails to meet the requirements of subparagraph (B) and the applicable regulations, the Administrator shall, after notifying the owner or operator of a treatment works and the State in which the treatment works is located, require the owner or operator of the treatment works to submit a revised assessment not later than 60 days after the Administrator notifies the owner or operator. The Administrator may require such additional revisions as are necessary to ensure that the treatment works meets the requirements of subparagraph (B) and the applicable regulations.

(ii)

Late assessments

If the Administrator finds that the owner or operator of a treatment works, in conducting an assessment pursuant to subparagraph (B), did not complete such assessment in accordance with the deadline set by the Administrator, the Administrator may, after notifying the owner or operator of the treatment works and the State in which the treatment works is located, take appropriate enforcement action under subsection (j).

(iii)

Review

A State with an approved program under section 402 or the Administrator, as the case may be, shall review a revised assessment that meets the requirements of subparagraph (B) and applicable regulations to determine whether the treatment works will be required to implement methods to reduce the consequences of a chemical release from an intentional act pursuant to subparagraph (C).

(F)

Enforcement

(i)

Failure by state to make determination

(I)

In general

If the Administrator determines that a State with an approved program under section 402 failed to determine whether to require a treatment works to implement a method to reduce the consequences of a chemical release from an intentional act, as required by subparagraph (C)(ii), the Administrator shall notify the State and the owner or operator of the treatment works.

(II)

Administrative action

If, after 30 days after the notification described in subclause (I), a State fails to make the determination described in that subclause, the Administrator shall notify the State and the owner or operator of the treatment works and shall determine whether to require the owner or operator to implement a method to reduce the consequences of a chemical release from an intentional act based on the factors described in subparagraph (C)(iii).

(ii)

Failure by state to bring enforcement action

(I)

In general

If, in a State with an approved program under section 402, the Administrator determines that the owner or operator of a treatment works fails to implement a method to reduce the consequences of a chemical release from an intentional act (as required by the State or the Administrator under subparagraph (C)(ii) or the Administrator under clause (i)(II)), the Administrator shall notify the State and the owner or operator of the treatment works.

(II)

Administrative enforcement action

If, after 30 days after the notification described in subclause (I), the State has not commenced appropriate enforcement action, the Administrator shall notify the State and may commence an enforcement action against the owner or operator of the treatment works, including by seeking or imposing civil penalties under subsection (j), to require implementation of such method.

(4)

Consultation with state authorities

In developing the regulations under this subsection, the Administrator shall consult with States with approved programs under section 402.

(5)

Consultation with other persons

In developing the regulations under this subsection, the Administrator shall consult with the Secretary of Homeland Security, and, as appropriate, other persons regarding—

(A)

the provision of threat-related and other baseline information to treatment works identified under subsection (a)(1);

(B)

the designation of substances of concern under subsection (c);

(C)

the development of risk-based performance standards;

(D)

the establishment of risk-based tiers and the process for the assignment of treatment works identified under subsection (a)(1) to such tiers;

(E)

the process for the development and evaluation of vulnerability assessments, site security plans, and emergency response plans;

(F)

the treatment of protected information; and

(G)

any other factor that the Administrator determines to be appropriate.

(6)

Consideration

In developing the regulations under this subsection, the Administrator shall ensure that such regulations are consistent with the goals and requirements of this Act.

(c)

Substances of concern

For purposes of this section, the Administrator, in consultation with the Secretary of Homeland Security—

(1)

may designate any chemical substance as a substance of concern;

(2)

at the time any chemical substance is designated pursuant to paragraph (1), shall establish by rulemaking a threshold quantity for the release or theft of a substance, taking into account the toxicity, reactivity, volatility, dispersability, combustability, and flammability of the substance and the amount of the substance, that, as a result of the release or theft, is known to cause, or may be reasonably anticipated to cause, death, injury, or serious adverse impacts to human health or the environment; and

(3)

in making such a designation, shall take into account appendix A to part 27 of title 6, Code of Federal Regulations (or any successor regulation).

(d)

Review of Vulnerability Assessment and Site Security Plan

(1)

In general

Each owner or operator of a treatment works identified under subsection (a)(1) shall submit its vulnerability assessment and site security plan to the Administrator for review in accordance with deadlines established by the Administrator.

(2)

Standard of review

The Administrator shall review each vulnerability assessment and site security plan submitted under this subsection and—

(A)

if the assessment or plan has a significant deficiency described in paragraph (3), require the owner or operator of the treatment works to correct the deficiency; or

(B)

approve such assessment or plan.

(3)

Significant deficiency

A vulnerability assessment or site security plan of a treatment works has a significant deficiency under this subsection if the Administrator, in consultation, as appropriate, with a State with an approved program under section 402, determines that—

(A)

such assessment does not comply with the regulations promulgated under subsection (b); or

(B)

such plan—

(i)

fails to address vulnerabilities identified in a vulnerability assessment; or

(ii)

fails to meet applicable risk-based performance standards.

(4)

Identification of deficiencies

If the Administrator identifies a significant deficiency in the vulnerability assessment or site security plan of an owner or operator of a treatment works under paragraph (3), the Administrator shall provide the owner or operator with a written notification of the deficiency that—

(A)

includes a clear explanation of the deficiency in the vulnerability assessment or site security plan;

(B)

provides guidance to assist the owner or operator in addressing the deficiency; and

(C)

requires the owner or operator to correct the deficiency and, by such date as the Administrator determines appropriate, to submit to the Administrator a revised vulnerability assessment or site security plan.

(5)

State, local, or tribal governmental entities

No owner or operator of a treatment works identified under subsection (a)(1) shall be required under State, local, or tribal law to provide a vulnerability assessment or site security plan described in this section to any State, local, or tribal governmental entity solely by reason of the requirement set forth in paragraph (1) that the owner or operator of a treatment works submit such an assessment and plan to the Administrator.

(e)

Emergency response plan

(1)

In general

The owner or operator of a treatment works identified under subsection (a)(1) shall develop or revise, as appropriate, an emergency response plan that incorporates the results of the current vulnerability assessment and site security plan for the treatment works.

(2)

Certification

The owner or operator of a treatment works identified under subsection (a)(1) shall certify to the Administrator that the owner or operator has completed an emergency response plan, shall submit such certification to the Administrator not later than 6 months after the first completion or revision of a vulnerability assessment under this section, and shall submit an additional certification following any update of the emergency response plan.

(3)

Contents

An emergency response plan shall include a description of—

(A)

plans, procedures, and identification of equipment that can be implemented or used in the event of an intentional act at the treatment works; and

(B)

actions, procedures, and identification of equipment that can obviate or significantly reduce the impact of intentional acts to—

(i)

substantially disrupt the ability of the treatment works to safely and reliably operate; or

(ii)

have a substantial adverse effect on critical infrastructure, public health or safety, or the environment.

(4)

Coordination

As part of its emergency response plan, the owner or operator of a treatment works shall provide appropriate information to any local emergency planning committee, local law enforcement officials, and local emergency response providers to ensure an effective, collective response.

(f)

Role of employees

(1)

Description of role

Site security plans and emergency response plans required under this section shall describe the appropriate roles or responsibilities that employees and contractor employees of treatment works are expected to perform to deter or respond to the intentional acts identified in a current vulnerability assessment.

(2)

Training for employees

The owner or operator of a treatment works identified under subsection (a)(1) shall annually provide employees and contractor employees with the roles or responsibilities described in paragraph (1) with sufficient training, as determined by the Administrator, on carrying out those roles or responsibilities.

(3)

Employee participation

In developing, revising, or updating a vulnerability assessment, site security plan, and emergency response plan required under this section, the owner or operator of a treatment works shall include—

(A)

at least one supervisory and at least one nonsupervisory employee of the treatment works; and

(B)

at least one representative of each certified or recognized bargaining agent representing facility employees or contractor employees with roles or responsibilities described in paragraph (1), if any, in a collective bargaining relationship with the owner or operator of the treatment works or with a contractor to the treatment works.

(g)

Maintenance of records

The owner or operator of a treatment works identified under subsection (a)(1) shall maintain an updated copy of its vulnerability assessment, site security plan, and emergency response plan on the premises of the treatment works.

(h)

Audit; inspection

(1)

In general

The Administrator shall audit and inspect a treatment works identified under subsection (a)(1), as necessary, for purposes of determining compliance with this section.

(2)

Access

In conducting an audit or inspection of a treatment works under paragraph (1), the Administrator shall have access to the owners, operators, employees and contractor employees, and employee representatives, if any, of such treatment works.

(3)

Confidential communication of information; aiding inspections

The Administrator shall offer nonsupervisory employees of a treatment works the opportunity confidentially to communicate information relevant to the compliance or noncompliance of the owner or operator of the treatment works with this section, including compliance or noncompliance with any regulation or requirement adopted by the Administrator in furtherance of the purposes of this section. A representative of each certified or recognized bargaining agent described in subsection (f)(3)(B), if any, or, if none, a nonsupervisory employee, shall be given an opportunity to accompany the Administrator during the physical inspection of any treatment works for the purpose of aiding such inspection, if representatives of the treatment works will also be accompanying the Administrator on such inspection.

(i)

Protection of information

(1)

Prohibition of public disclosure of protected information

Protected information shall—

(A)

be exempt from disclosure under section 552 of title 5, United States Code; and

(B)

not be made available pursuant to any State, local, or tribal law requiring disclosure of information or records.

(2)

Information sharing

(A)

In general

The Administrator shall prescribe such regulations, and may issue such orders, as necessary to prohibit the unauthorized disclosure of protected information, as described in paragraph (7).

(B)

Sharing of protected information

The regulations under subparagraph (A) shall provide standards for and facilitate the appropriate sharing of protected information with and among Federal, State, local, and tribal authorities, first responders, law enforcement officials, supervisory and nonsupervisory treatment works personnel with security, operational, or fiduciary responsibility for the system designated by the owner or operator of the treatment works, and facility employee representatives designated by the owner or operator of the treatment works, if any.

(C)

Information sharing procedures

Such standards shall include procedures for the sharing of all portions of the vulnerability assessment and site security plan of a treatment works relating to the roles and responsibilities of the employees or contractor employees of a treatment works under subsection (f)(1) with a representative of each certified or recognized bargaining agent representing such employees, if any, or, if none, with at least one supervisory and at least one non-supervisory employee with roles and responsibilities under subsection (f)(1).

(D)

Penalties

Protected information, as described in paragraph (7), shall not be shared except in accordance with the standards provided by the regulations under subparagraph (A). Whoever discloses protected information in knowing violation of the regulations and orders issued under subparagraph (A) shall be fined under title 18, United States Code, imprisoned for not more than one year, or both, and, in the case of a Federal officeholder or employee, shall be removed from Federal office or employment.

(3)

Treatment of information in adjudicative proceedings

In any judicial or administrative proceeding, protected information, as described in paragraph (7), shall be treated in a manner consistent with the treatment of sensitive security information under section 525 of the Department of Homeland Security Appropriations Act, 2007 (120 Stat. 1381).

(4)

Other obligations unaffected

Nothing in this section amends or affects an obligation of the owner or operator of a treatment works to—

(A)

submit or make available information to employees of the treatment works, employee organizations, or a Federal, State, local, or tribal government agency under any other provision of law; or

(B)

comply with any other provision of law.

(5)

Congressional oversight

Nothing in this section permits or authorizes the withholding of information from Congress or any committee or subcommittee thereof.

(6)

Disclosure of independently furnished information

Nothing in this section amends or affects any authority or obligation of a Federal, State, local, or tribal agency to protect or disclose any record or information that the Federal, State, local, or tribal agency obtains from a treatment works or the Administrator under any other provision of law except as provided in subsection (d)(5).

(7)

Protected information

(A)

In general

For purposes of this section, the term protected information means any of the following:

(i)

Vulnerability assessments and site security plans under this section, including any assessment developed under subsection (b)(3)(B).

(ii)

Documents directly related to the Administrator’s review of assessments and plans described in clause (i) and, as applicable, the State’s review of an assessment developed under subsection (b)(3)(B).

(iii)

Documents directly related to inspections and audits under this section.

(iv)

Orders, notices, or letters regarding the compliance of a treatment works described in subsection (a)(1) with the requirements of this section.

(v)

Information required to be provided to, or documents and records created by, the Administrator under subsection (b)(2).

(vi)

Documents directly related to security drills and training exercises, security threats and breaches of security, and maintenance, calibration, and testing of security equipment.

(vii)

Other information, documents, and records developed for the purposes of this section that the Administrator has determined by regulation would be detrimental to the security of a treatment works if disclosed.

(B)

Detriment requirement

For purposes of clauses (ii), (iii), (iv), (v), and (vi) of subparagraph (A), the only portions of documents, records, orders, notices, and letters that shall be considered protected information are those portions that—

(i)

the Secretary has determined by regulation would be detrimental to the security of a treatment works if disclosed; and

(ii)

are developed by the Administrator, the State, or the treatment works for the purposes of this section.

(C)

Exclusions

Notwithstanding subparagraphs (A) and (B), the term ‘protected information’ does not include—

(i)

information, other than a security vulnerability assessment or site security plan, that the Administrator has determined by regulation to be—

(I)

appropriate to describe treatment works compliance with the requirements of this title and the Administrator’s implementation of such requirements; and

(II)

not detrimental to the security of one or more treatment works if disclosed; or

(ii)

information, whether or not also contained in a security vulnerability assessment, site security plan, or in a document, record, order, notice, or letter, or portion thereof, described in any of clauses (ii) through (vii) of subparagraph (A) that is obtained from another source with respect to which the Administrator has not made a determination under either subparagraph (A)(vii) or (B), including—

(I)

information that is required to be made publicly available under any other provision of law; and

(II)

information that a treatment works has lawfully disclosed other than in a submission to the Administrator pursuant to a requirement of this title.

(j)

Violations

For the purposes of section 309 of this Act, any violation of any requirement of this section, including any regulations promulgated pursuant to this section, by an owner or operator of a treatment works described in subsection (a)(1) shall be treated in the same manner as a violation of a permit condition under section 402 of this Act.

(k)

Report to congress

(1)

Periodic report

Not later than 3 years after the effective date of the regulations issued under subsection (b) and every 3 years thereafter, the Administrator shall transmit to the Committee on Transportation and Infrastructure of the House of Representatives and the Committee on Environment and Public Works of the Senate a report on progress in achieving compliance with this section.

(2)

Contents of the report

Each such report shall include, at a minimum, the following:

(A)

A generalized summary of measures implemented by the owner or operator of a treatment works identified under subsection (a)(1) in order to meet each risk-based performance standard established by this section.

(B)

A summary of how the treatment works, differentiated by risk-based tier assignment, are complying with the requirements of this section during the period covered by the report and how the Administrator is implementing and enforcing such requirements during such period, including—

(i)

the number of treatment works that provided the Administrator with information pursuant to subsection (b)(2)(B)(iii);

(ii)

the number of treatment works assigned to each risk-based tier;

(iii)

the number of vulnerability assessments and site security plans submitted by treatment works;

(iv)

the number of vulnerability assessments and site security plans approved or found to have a significant deficiency under subsection (d)(2) by the Administrator;

(v)

the number of treatment works without approved vulnerability assessments or site security plans;

(vi)

the number of treatment works that have been assigned to a different risk-based tier due to implementation of a method to reduce the consequences of a chemical release from an intentional act and a description of the types of such implemented methods;

(vii)

the number of audits and inspections conducted by the Administrator; and

(viii)

any other regulatory data the Administrator determines appropriate to describe the compliance of owners or operators of treatment works with the requirements of this section and the Administrator’s implementation of such requirements.

(3)

Public availability

A report submitted under this section shall be made publicly available.

(l)

Grants for vulnerability assessments, security enhancements, and worker training programs

(1)

In general

The Administrator may make a grant to a State, municipality, or intermunicipal or interstate agency—

(A)

to conduct or update a vulnerability assessment, site security plan, or emergency response plan for a publicly owned treatment works identified under subsection (a)(1);

(B)

to implement a security enhancement at a publicly owned treatment works identified under subsection (a)(1), including a method to reduce the consequences of a chemical release from an intentional act, identified in an approved site security plan and listed in paragraph (2);

(C)

to implement an additional security enhancement at a publicly owned treatment works identified under subsection (a)(1), including a method to reduce the consequences of a chemical release from an intentional act, identified in an approved site security plan; and

(D)

to provide for security-related training of employees or contractor employees of the treatment works and training for first responders and emergency response providers.

(2)

Grants for security enhancements

(A)

Preapproved security enhancements

The Administrator may make a grant under paragraph (1)(B) to implement a security enhancement of a treatment works for one or more of the following:

(i)

Purchase and installation of equipment for access control, intrusion prevention and delay, and detection of intruders and hazardous or dangerous substances, including—

(I)

barriers, fencing, and gates;

(II)

security lighting and cameras;

(III)

metal grates, wire mesh, and outfall entry barriers;

(IV)

securing of manhole covers and fill and vent pipes;

(V)

installation and re-keying of doors and locks; and

(VI)

smoke, chemical, and explosive mixture detection systems.

(ii)

Security improvements to electronic, computer, or other automated systems and remote security systems, including controlling access to such systems, intrusion detection and prevention, and system backup.

(iii)

Participation in training programs and the purchase of training manuals and guidance materials relating to security.

(iv)

Security screening of employees or contractor support services.

(B)

Additional security enhancements

The Administrator may make a grant under paragraph (1)(C) for additional security enhancements not listed in subparagraph (A) that are identified in an approved site security plan. The additional security enhancements may include the implementation of a method to reduce the consequences of a chemical release from an intentional act.

(C)

Limitation on use of funds

Grants under this subsection may not be used for personnel costs or operation or maintenance of facilities, equipment, or systems.

(D)

Federal share

The Federal share of the cost of activities funded by a grant under paragraph (1) may not exceed 75 percent.

(3)

Eligibility

To be eligible for a grant under this subsection, a State, municipality, or intermunicipal or interstate agency shall submit information to the Administrator at such time, in such form, and with such assurances as the Administrator may require.

(m)

Preemption

This section does not preclude or deny the right of any State or political subdivision thereof to adopt or enforce any regulation, requirement, or standard of performance with respect to a treatment works that is more stringent than a regulation, requirement, or standard of performance under this section.

(n)

Authorization of appropriations

There is authorized to be appropriated to the Administrator $200,000,000 for each of fiscal years 2010 through 2014 for making grants under subsection (l). Such sums shall remain available until expended.

(o)

Relation to chemical facility security requirements

Title XXI of the Homeland Security Act of 2002 and title I of the Chemical and Water Security Act of 2009 shall not apply to any treatment works.

.

Passed the House of Representatives November 6, 2009.

Lorraine C. Miller,

Clerk.