6 CFR Proposed Rule 2020-27768
Removal of Certain Explosive Chemicals From the Chemical Facility Anti-Terrorism Standards
January 1, 2021
CFR

AGENCY:

Cybersecurity and Infrastructure Security Agency, DHS.

ACTION:

Advance Notice of Proposed Rulemaking (ANPRM).

SUMMARY:

The Cybersecurity and Infrastructure Security Agency (CISA) is considering removing all 49 Division 1.1 explosive chemicals of interest from Appendix A of the Chemical Facility Anti-Terrorism Standards (CFATS) regulations. Currently, both CISA and the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) regulate facilities possessing these chemicals for security concerns. Removing these chemicals of interest from coverage under CFATS would reduce regulatory requirements for facilities currently covered by both CFATS and ATF's regulatory frameworks and relieve compliance burdens for a small number of affected facilities.

DATES:

Comments on this ANPRM must be received by March 8, 2021.

ADDRESSES:

You may submit comments, identified by docket number CISA-2020-0014 through the Federal eRulemaking Portal available at http://www.regulations.gov. Follow the instructions for submitting comments.

Instructions: All comments received via https://www.regulations.gov will be posted to the public docket at https://www.regulations.gov, including any personal information provided.

Do not submit comments that include trade secrets, confidential commercial or financial information, Chemical-terrorism Vulnerability Information (CVI), Protected Critical Infrastructure Information (PCII), or Sensitive Security Information (SSI) directly to the public regulatory docket. Contact the individual listed in the FOR FURTHER INFORMATION CONTACT section below with questions about comments containing such protected information. CISA will not place comments containing such protected information in the public docket and will handle them in accordance with applicable safeguards and restrictions on access. Additionally, CISA will hold them in a separate file to which the public does not have access and place a note in the public docket that CISA has received such protected materials from the commenter. If CISA receives a request to examine or copy this information, CISA will treat it as any other request under the Freedom of Information Act (FOIA), 5 U.S.C. 552, and the Department's FOIA regulation found in part 5 of Title 6 of the Code of Federal Regulations (CFR).

Docket: For access to the docket and to read comments received visit http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT:

Lona Saccomando, (703) 603-4868, CISARulemaking@cisa.dhs.gov.

SUPPLEMENTARY INFORMATION:

I. Regulatory Information

CISA is issuing this Advance Notice of Proposed Rulemaking (ANPRM) to solicit comments on the advisability of removing Division 1.1 explosives from Appendix A to the Chemical Facility Anti-Terrorism Standards (CFATS) regulations located at 6 CFR part 27. As described below, we believe that these regulations may be unnecessarily burdensome for facilities that are already subject to security regulations for the same chemicals by another Federal agency, ATF. We encourage comments describing the nature of compliance operations in cases where regulatory duplication and overlap may exist, as well as on the costs and benefits of CFATS-specific security measures.

II. Background

CISA's CFATS program is an important part of our nation's counterterrorism efforts. The agency works with industry stakeholders to keep dangerous chemicals out of the hands of persons or organizations who wish to harm the United States. Since the CFATS program was created, the Department of Homeland Security (DHS) [1] has engaged with industry representatives to identify high-risk chemical facilities to ensure security measures are in place to reduce the risks associated with their possession of Chemicals of Interest (COI) listed on Appendix A to the CFATS regulations. The progress made in securing high-risk chemical facilities through the CFATS program since its implementation has significantly enhanced the security of the nation's chemical infrastructure.

The CFATS program identifies chemical facilities of interest and regulates the security of high-risk chemical facilities through risk-based performance standards.[2] The COI are listed in Appendix A to the CFATS regulations. If chemical facilities of interest possess the COI in the amounts and concentrations listed in Appendix A, chemical facilities of interest must complete and submit a Top-Screen survey to CISA.[3] CISA evaluates the information submitted in a Top-Screen and performs a risk assessment. Based upon this risk assessment, CISA determines which chemical facilities of interest qualify as high risk and are subject to full coverage under CFATS. Each of these covered chemical facilities is assigned a tier that ranges from Tier 1 (the highest risk of the high-risk covered chemical facilities) to Tier 4 (the lowest risk of the high-risk covered chemical facilities).[4] A facility that is determined to present a high-risk is required to develop and submit a Site Security Plan (SSP) addressing 18 risk-based performance standards containing physical security, cybersecurity, and various other security-focused measures and procedures.

On November 20, 2007, DHS published a list of COI in Appendix A to 6 CFR part 27.[5] The final version of Appendix A included 49 chemicals that the Department of Transportation (DOT) lists as Class 1, Division 1.1 explosives at 49 CFR 172.101, with two broad exceptions.[6] Appendix A classifies all Division 1.1 explosives as posing both Release-Explosive and Theft/diversion-Explosives/Improvised Explosive Device Precursor (Theft/diversion-EXP/IEDP) security issues.

DHS included Division 1.1 explosives in Appendix A notwithstanding the Department of Justice's ATF regulation of the purchase, possession, storage, and transportation of the same types of explosives.[7] In an ANPRM that preceded the promulgation of the CFATS regulations and Appendix A, DHS noted that the authorizing statute [8] for CFATS excluded many types of facilities that were already the subject of existing federal security regulations.[9] This suggested a possibility of regulatory overlap between CFATS and ATF regulatory programs. DHS stated that “where there is concurrent jurisdiction [between DHS and ATF or another Federal agency], the Department will work closely with other Federal agencies [(e.g., ATF)] to ensure that regulated facilities can comply with applicable regulations while minimizing any duplication.” [10]

Division 1.1 explosives included in Appendix A are “explosive materials” as defined in 18 U.S.C. 841(c) and are subject to ATF regulation. ATF regulations require persons storing any explosives to follow certain safety and theft-prevention precautions, including specific requirements governing the secure storage of explosives and inspection of magazines.[11] While ATF regulations and CFATS regulations are both geared towards preventing the theft and release of explosive materials, the two agencies do not regulate facilities in a similar manner, which can potentially lead to additional security efforts and regulatory compliance burdens for Division 1.1 explosives. The business premises of an explosives licensee or permittee is subject to entry by ATF for the specific purpose of inspective or examining records and documents required to be kept by a licensee or permitee pursuant to 18 U.S.C. chapter 40 and its implementing regulations, as well as any explosive materials kept or stored at the premises.[12] While magazines in which explosive materials are stored must meet standards of public safety and security against theft as provided in 27 CFR part 555, subpart K, ATF may not require additional measures—such as those described above in the CFATS regulations—to address security risks or vulnerability to terrorist attack or incident of a business premises when issuing a new or renewal license or permit.[13]

CFATS and ATF regulations differ substantially, and the interaction between them can be complex. In many instances, compliance with the measures required to comply with ATF regulations and industry best practices result in some facilities not tiering as high-risk under CFATS. Therefore, this small portion of facilities has no additional regulatory obligations under CFATS after submission of a Top-Screen. For example, all explosives must be stored in compliance with ATF standoff-distance [14] and similar requirements, which mitigate the consequences of an explosion at the facility. The consequences from an explosion is a factor that CISA uses to determine whether a facility is high-risk. Because facilities that possess threshold quantities of release-explosive COI are required to comply with ATF standoff/storage regulations, CISA has never designated a facility as high risk on the basis that the facility contains COI classified as a “release-explosives” threat.

While the above is an example of a way in which CFATS and ATF regulations dovetail effectively, sometimes the regulations do not correspond so cleanly. For example, a small number of facilities, despite adhering to ATF regulations regarding the secure storage of explosive materials,[15] have been: (1) Considered high-risk under CFATS as a result of possession of explosives under the “theft/diversion” security issue, and (2) required to implement additional security measures to satisfy CFATS requirements, such as implementing cybersecurity and detection mechanisms.

The partial regulatory overlap has led to frustration among some stakeholders in the explosives community and has led CISA to conduct a comprehensive review of the respective programs' regulatory requirements. As a result, CISA is considering modifications to Appendix A to remove Division 1.1 explosive chemicals from the COI listed in Appendix A.

III. Discussion

It is the policy of the executive branch to prudently manage the costs associated with governmental imposition of private expenditures required to comply with Federal regulations.[16] Agencies have long been charged to “avoid regulations that are inconsistent, incompatible, or duplicative with [their] other regulations or those of other Federal agencies.” [17] Given these and other polices, and given the partial overlap between DHS and ATF regulations on Division 1.1 explosives, as well as the relatively small number of facilities subject to this overlap, CISA is reconsidering whether to regulate facilities that possess explosives subject to ATF regulations is “prudent and financially responsible in the expenditure of funds, from both public and private sources.”

At this time, CISA is considering whether the elimination of the burden of dual regulation of Division 1.1 explosive chemicals between CISA and ATF programs could be warranted. To this end, CISA is soliciting comments on amending Appendix A to remove all Division 1.1 explosives from the list of COI listed in Appendix A. If Appendix A is so amended, facility operators would no longer be required to count Division 1.1 explosives when determining whether their facilities are subject to the Top-Screen requirements pursuant to 6 CFR 27.200.

At the time of the promulgation of CFATS, DHS believed that the increased security value of having high-risk facilities that possessed Division 1.1 explosives regulated under CFATS was worth the increased cost. In 2007, DHS distinguished its approach from the deference that the Environmental Protection Agency (EPA) had shown ATF regulations by noting that “EPA's decisions were based on safety and the prevention of an accidental release [and that] DHS is concerned with an intentional attack on an explosives facility.” [18] For these reasons, CFATS listed Division 1.1 explosives as presenting both Release-Explosive [19] and Theft/diversion-EXP/IEDP [20] security issues.

However, since implementation of the CFATS program, CISA has found that, for many facilities, possession of Division 1.1 explosives at the quantity triggering reporting for the Release-Explosive security issue under CFATS (i.e., 5,000 pounds or more) would not result in the risk of a large number of fatalities if attacked. Thus, CISA does not currently regulate any facilities for possession of Division 1.1 explosives for the Release-Explosive security concern. This is because facilities that possess Division 1.1 explosives are required to comply with ATF's table of distances for storage of explosive materials (i.e. standoff distances) at 27 CFR 555.218-224. The enhanced CFATS risk-tiering methodology implemented beginning in October 2016 accounts for the increased security resulting from ATF's table-of-distance regulations, which protects against offsite impacts of an explosive release, whether accidental or intentional.

We note that while ATF's and CISA's regulations differ substantially, other agencies have deferred to ATF's explosives expertise when considering regulation of explosives facilities. In 1998, while developing the Risk Management Plan regulations, the EPA issued a final rule removing Division 1.1 explosives from its list of regulated substances for accidental release prevention.[21] In removing Division 1.1 explosives from regulation, the EPA concluded that the “. . . current [ATF and other] regulations and current and contemplated industry practices promote safety and accident prevention in storage, handling, transportation, and use of explosives,” making them adequate for EPA's purposes.[22] While the ATF regulates explosives materials and the CFATS regulates the chemical facilities possessing explosive materials, CISA notes that ATF's current regulations address a number of the same safety and security precautions as the CFATS regulations for Division 1.1 explosives.

Other facilities that possess Division 1.1 explosives are considered high-risk under CFATS under the Theft/diversion-EXP/IEDP security issue, in part because of the concerns presented by the prospect of physical or cyber-focused security breaches. CISA currently regulates 85 facilities that possess Division 1.1 explosive COI under the Theft/diversion-EXP/IEDP security issue. Many of these facilities possess other COI regulated by CFATS that are not Division 1.1 explosives. If Division 1.1 explosives were removed from Appendix A, CISA estimates that 24 facilities would no longer be regulated as high-risk under CFATS.

Though CFATS includes cybersecurity and some other requirements such as security plans, security equipment, training, or recording/reporting of threats that are not accounted for in ATF's framework, ATF regulations include some important theft-prevention and inventory-tracking standards [23] and adherence with ATF requirements is verified through periodic regulatory inspections of ATF's construction and locking requirements for magazines as well as reporting of theft/loss.[24] For these reasons, it may be appropriate to rely solely on ATF's standards to address the threat that Division 1.1 explosives could be diverted. Further supporting this argument is the fact that ATF's secure-storage and related requirements appear to have successfully driven down the number of thefts of commercial explosives nationwide—with only three such thefts having been reported during the 2019 calendar year.[25] However, there has been a slight increase in the number of reported losses.[26] ATF's standards are applied across the explosives industry, covering thousands of entities that manufacture, distribute, receive, ship, and/or import explosives, while DHS' standards are applied only to a small number of the highest-risk facilities (85 chemical facilities). Given the wide application of ATF regulations across the explosives industry and their success in limiting thefts of commercial explosives, we believe there may be value in uniform application of security measures for these materials.

IV. Request for Comments

Prior to implementing the enhanced tiering methodology in October of 2016, DHS published a CFATS ANPRM on August 18, 2014, to seek public comment on ways in which the CFATS regulation and program might be improved.[27] The ANPRM solicited public comments on any and all aspects of 6 CFR part 27, including Appendix A. The Department also conducted seven listening sessions for the ANPRM. In addition, the Department published a notice on October 16, 2015 in the Federal Register soliciting additional public comments through November 30, 2015 about Appendix A to the CFATS regulation and conducted a roundtable discussion and public listening session on October 27, 2015.[28]

In response to the 2014 CFATS ANPRM, the Department received several detailed comments relevant to the coverage of Division 1.1 explosives under CFATS generally encouraging the Department to remove Division 1.1 explosives for both release-explosive and theft/diversion-EXP/IEDP security issues.[29] Commenters also generally suggested that ATF's regulations governing commerce in explosives located at 27 CFR part 555 are sufficient and that the security obligations imposed by CFATS under 6 CFR part 27 are unnecessary. CISA also published a retrospective economic analysis of the CFATS program and received one responsive comment about facilities that are regulated by CFATS and the ATF.[30]

In light of the time that has passed since 2015, and the changes to the tiering methodology made since then, CISA is soliciting comments from stakeholders on the current coverage of release-explosive and theft/diversion-EXP/IEDP COI under CFATS and on the proposed elimination of these COI from Appendix A. Specifically:

(1) Should CISA remove Division 1.1 explosives for consideration as a release-explosive security concern? Why or why not?

(2) Should CISA remove Division 1.1 explosives for consideration as a theft/diversion-EXP/IEDP security concern? Why or why not?

(3) How would the removal of Division 1.1 explosives impact the security posture of chemical facilities?

(4) Would the removal of Division 1.1 explosives impact the regulatory burden of CFATS on chemical facilities? If so, in what ways and to what extent?

V. Signature

The Acting Secretary of Homeland Security, Chad F. Wolf, having reviewed and approved this document, has delegated the authority to electronically sign this document to Chad R. Mizelle, who is the Senior Official Performing the Duties of the General Counsel for DHS, for purposes of publication in the Federal Register.

Chad R. Mizelle,

Senior Official Performing the Duties of the General Counsel Department of Homeland Security.

Footnotes

1.  We note that CISA was created in 2018, and that the CFATS program was previously run by an element of the Department of Homeland Security with a different name. In this document, we refer to CISA when describing present-day actions, and DHS when referring to actions that took place prior to 2018.

Back to Citation

2.  The Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2014 (also known as the CFATS Act of 2014, Public Law 113-254) codified the CFATS program into the Homeland Security Act of 2002. See 6 U.S.C. 621 et seq., as amended by Public Law 116-136, Sec. 16007 (2020).

Back to Citation

3.  See 6 CFR 27.200(b)(2).

Back to Citation

4.  See 6 CFR 27.220.

Back to Citation

5.  Appendix A to the CFATS Final Rule, 72 FR 65396, 65420-65434 (Nov. 20, 2007).

Back to Citation

6.  These exceptions include explosives which DOT uses a generic shipping name with the suffix “N.O.S.” or “not otherwise specified”, and articles or devices listed on DOT's Hazardous Materials Table at 49 CFR 172.101. See 75 FR at 65402-03.

Back to Citation

7.  See 27 CFR part 555, subpart C.

Back to Citation

8.  See Public Law 109-295, sec. 550 (Oct. 4, 2006) (codified as amended at 6 U.S.C. 621(3)(B) and (4)).

Back to Citation

9.  See Chemical Facility Anti-Terrorism Standards; Advance Notice of Rulemaking, 71 FR 78276, 78290 (Dec. 28, 2006).

Back to Citation

10.  See Chemical Facility Anti-Terrorism Standards; Interim Final Rule, 72 FR 17688, 17718-19 (Apr. 9, 2007).

Back to Citation

11.  See 27 CFR part 555, subpart K.

Back to Citation

12.  See 18 U.S.C. 843(f) and 27 CFR 555.24.

Back to Citation

13.  See 18 U.S.C. 843 and 27 CFR part 555, subparts D and E.

Back to Citation

14.  “Standoff distance” refers to the requirement that explosive materials be stored a prescribed distance away from inhabited buildings, public highways, other magazines, and other infrastructure. See 27 CFR 555.218-224.

Back to Citation

15.  See 27 CFR part 555, subpart K.

Back to Citation

16.  Exec. Order No. 13,771, Sec. 1., 82 FR 9339 at 9339 (Feb. 3, 2017).

Back to Citation

17.  Exec. Order No. 12,866, Sec. 1(b)(10), 58 FR 51735 (Oct. 4, 1993).

Back to Citation

18.  72 FR 65396, 65403 (emphasis added).

Back to Citation

19.  Release-Explosive chemicals have potential to affect populations within and beyond the facility if intentionally denotated. 72 FR 65396, 65397 (Nov. 20, 2007).

Back to Citation

20.  Theft/Diversion-Explosives EXP/IEDP chemicals could be stolen or diverted and used in explosives or IEDs. Id. at 65397.

Back to Citation

21.  List of Regulated Substances and Thresholds for Accidental Release Prevention; Amendments, 63 FR 640, 641 (Jan. 6, 1998) (announcing effective date of final rule amending 40 CFR part 68).

Back to Citation

22.  Id.

Back to Citation

23.  See 27 CFR part 555.

Back to Citation

24.  See 27 CFR 555.207-211 and 555.30.

Back to Citation

25.  United States Bomb Data Center, 2019 Explosives Incident Report, 15 (2019), https://www.atf.gov/​file/​143481/​download.

Back to Citation

26.  Id. at 16. The number of reported losses at commercial facilities nationwide has increased somewhat in the past five years, from 95 in 2015 to 113 in 2019.

Back to Citation

27.  CFATS Advance Notice of Proposed Rulemaking, 79 FR 48693 (Aug. 18, 2014).

Back to Citation

28.  CFATS Appendix A, Notice of Public Meeting, 80 FR 62504 (Oct. 16, 2015).

Back to Citation

29.  The public comments provided in response to the August 2014 ANPRM are posted on www.regulations.gov under docket number DHS-2014-0016.

Back to Citation

30.  Retrospective Analysis of the Chemical Facility Anti-Terrorism Standards, 85 FR 37393 (Jun. 22, 2020).

Back to Citation

[FR Doc. 2020-27768 Filed 1-5-21; 8:45 am]

BILLING CODE 4410-10-P


Tried the LawStack mobile app?

Join thousands and try LawStack mobile for FREE today.

  • Carry the law offline, wherever you go.
  • Download CFR, USC, rules, and state law to your mobile device.