Removal of Certain Explosive Chemicals From the Chemical Facility Anti-Terrorism Standards, 495-498 [2020-27768]

Download as PDF 495 Proposed Rules Federal Register Vol. 86, No. 3 Wednesday, January 6, 2021 This section of the FEDERAL REGISTER contains notices to the public of the proposed issuance of rules and regulations. The purpose of these notices is to give interested persons an opportunity to participate in the rule making prior to the adoption of the final rules. DEPARTMENT OF HOMELAND SECURITY 6 CFR Part 27 [Docket No. CISA–2020–0014] RIN 1670–AA03 Removal of Certain Explosive Chemicals From the Chemical Facility Anti-Terrorism Standards Cybersecurity and Infrastructure Security Agency, DHS. ACTION: Advance Notice of Proposed Rulemaking (ANPRM). AGENCY: The Cybersecurity and Infrastructure Security Agency (CISA) is considering removing all 49 Division 1.1 explosive chemicals of interest from Appendix A of the Chemical Facility Anti-Terrorism Standards (CFATS) regulations. Currently, both CISA and the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) regulate facilities possessing these chemicals for security concerns. Removing these chemicals of interest from coverage under CFATS would reduce regulatory requirements for facilities currently covered by both CFATS and ATF’s regulatory frameworks and relieve compliance burdens for a small number of affected facilities. DATES: Comments on this ANPRM must be received by March 8, 2021. ADDRESSES: You may submit comments, identified by docket number CISA– 2020–0014 through the Federal eRulemaking Portal available at http:// www.regulations.gov. Follow the instructions for submitting comments. Instructions: All comments received via https://www.regulations.gov will be posted to the public docket at https:// www.regulations.gov, including any personal information provided. Do not submit comments that include trade secrets, confidential commercial or financial information, Chemicalterrorism Vulnerability Information (CVI), Protected Critical Infrastructure Information (PCII), or Sensitive Security Information (SSI) directly to the public jbell on DSKJLSW7X2PROD with PROPOSALS SUMMARY: VerDate Sep<11>2014 16:47 Jan 05, 2021 Jkt 253001 regulatory docket. Contact the individual listed in the FOR FURTHER INFORMATION CONTACT section below with questions about comments containing such protected information. CISA will not place comments containing such protected information in the public docket and will handle them in accordance with applicable safeguards and restrictions on access. Additionally, CISA will hold them in a separate file to which the public does not have access and place a note in the public docket that CISA has received such protected materials from the commenter. If CISA receives a request to examine or copy this information, CISA will treat it as any other request under the Freedom of Information Act (FOIA), 5 U.S.C. 552, and the Department’s FOIA regulation found in part 5 of Title 6 of the Code of Federal Regulations (CFR). Docket: For access to the docket and to read comments received visit http:// www.regulations.gov. FOR FURTHER INFORMATION CONTACT: Lona Saccomando, (703) 603–4868, CISARulemaking@cisa.dhs.gov. SUPPLEMENTARY INFORMATION: I. Regulatory Information CISA is issuing this Advance Notice of Proposed Rulemaking (ANPRM) to solicit comments on the advisability of removing Division 1.1 explosives from Appendix A to the Chemical Facility Anti-Terrorism Standards (CFATS) regulations located at 6 CFR part 27. As described below, we believe that these regulations may be unnecessarily burdensome for facilities that are already subject to security regulations for the same chemicals by another Federal agency, ATF. We encourage comments describing the nature of compliance operations in cases where regulatory duplication and overlap may exist, as well as on the costs and benefits of CFATS-specific security measures. II. Background CISA’s CFATS program is an important part of our nation’s counterterrorism efforts. The agency works with industry stakeholders to keep dangerous chemicals out of the hands of persons or organizations who wish to harm the United States. Since the CFATS program was created, the Department of Homeland Security PO 00000 Frm 00001 Fmt 4702 Sfmt 4702 (DHS) 1 has engaged with industry representatives to identify high-risk chemical facilities to ensure security measures are in place to reduce the risks associated with their possession of Chemicals of Interest (COI) listed on Appendix A to the CFATS regulations. The progress made in securing high-risk chemical facilities through the CFATS program since its implementation has significantly enhanced the security of the nation’s chemical infrastructure. The CFATS program identifies chemical facilities of interest and regulates the security of high-risk chemical facilities through risk-based performance standards.2 The COI are listed in Appendix A to the CFATS regulations. If chemical facilities of interest possess the COI in the amounts and concentrations listed in Appendix A, chemical facilities of interest must complete and submit a Top-Screen survey to CISA.3 CISA evaluates the information submitted in a Top-Screen and performs a risk assessment. Based upon this risk assessment, CISA determines which chemical facilities of interest qualify as high risk and are subject to full coverage under CFATS. Each of these covered chemical facilities is assigned a tier that ranges from Tier 1 (the highest risk of the high-risk covered chemical facilities) to Tier 4 (the lowest risk of the high-risk covered chemical facilities).4 A facility that is determined to present a high-risk is required to develop and submit a Site Security Plan (SSP) addressing 18 riskbased performance standards containing physical security, cybersecurity, and various other security-focused measures and procedures. On November 20, 2007, DHS published a list of COI in Appendix A to 6 CFR part 27.5 The final version of 1 We note that CISA was created in 2018, and that the CFATS program was previously run by an element of the Department of Homeland Security with a different name. In this document, we refer to CISA when describing present-day actions, and DHS when referring to actions that took place prior to 2018. 2 The Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2014 (also known as the CFATS Act of 2014, Public Law 113–254) codified the CFATS program into the Homeland Security Act of 2002. See 6 U.S.C. 621 et seq., as amended by Public Law 116–136, Sec. 16007 (2020). 3 See 6 CFR 27.200(b)(2). 4 See 6 CFR 27.220. 5 Appendix A to the CFATS Final Rule, 72 FR 65396, 65420–65434 (Nov. 20, 2007). E:\FR\FM\06JAP1.SGM 06JAP1 496 Federal Register / Vol. 86, No. 3 / Wednesday, January 6, 2021 / Proposed Rules jbell on DSKJLSW7X2PROD with PROPOSALS Appendix A included 49 chemicals that the Department of Transportation (DOT) lists as Class 1, Division 1.1 explosives at 49 CFR 172.101, with two broad exceptions.6 Appendix A classifies all Division 1.1 explosives as posing both Release-Explosive and Theft/diversionExplosives/Improvised Explosive Device Precursor (Theft/diversion-EXP/ IEDP) security issues. DHS included Division 1.1 explosives in Appendix A notwithstanding the Department of Justice’s ATF regulation of the purchase, possession, storage, and transportation of the same types of explosives.7 In an ANPRM that preceded the promulgation of the CFATS regulations and Appendix A, DHS noted that the authorizing statute 8 for CFATS excluded many types of facilities that were already the subject of existing federal security regulations.9 This suggested a possibility of regulatory overlap between CFATS and ATF regulatory programs. DHS stated that ‘‘where there is concurrent jurisdiction [between DHS and ATF or another Federal agency], the Department will work closely with other Federal agencies [(e.g., ATF)] to ensure that regulated facilities can comply with applicable regulations while minimizing any duplication.’’ 10 Division 1.1 explosives included in Appendix A are ‘‘explosive materials’’ as defined in 18 U.S.C. 841(c) and are subject to ATF regulation. ATF regulations require persons storing any explosives to follow certain safety and theft-prevention precautions, including specific requirements governing the secure storage of explosives and inspection of magazines.11 While ATF regulations and CFATS regulations are both geared towards preventing the theft and release of explosive materials, the two agencies do not regulate facilities in a similar manner, which can potentially lead to additional security efforts and regulatory compliance burdens for Division 1.1 explosives. The business premises of an explosives licensee or permittee is subject to entry by ATF for the specific purpose of inspective or examining records and documents 6 These exceptions include explosives which DOT uses a generic shipping name with the suffix ‘‘N.O.S.’’ or ‘‘not otherwise specified’’, and articles or devices listed on DOT’s Hazardous Materials Table at 49 CFR 172.101. See 75 FR at 65402–03. 7 See 27 CFR part 555, subpart C. 8 See Public Law 109–295, sec. 550 (Oct. 4, 2006) (codified as amended at 6 U.S.C. 621(3)(B) and (4)). 9 See Chemical Facility Anti-Terrorism Standards; Advance Notice of Rulemaking, 71 FR 78276, 78290 (Dec. 28, 2006). 10 See Chemical Facility Anti-Terrorism Standards; Interim Final Rule, 72 FR 17688, 17718– 19 (Apr. 9, 2007). 11 See 27 CFR part 555, subpart K. VerDate Sep<11>2014 16:47 Jan 05, 2021 Jkt 253001 required to be kept by a licensee or permitee pursuant to 18 U.S.C. chapter 40 and its implementing regulations, as well as any explosive materials kept or stored at the premises.12 While magazines in which explosive materials are stored must meet standards of public safety and security against theft as provided in 27 CFR part 555, subpart K, ATF may not require additional measures—such as those described above in the CFATS regulations—to address security risks or vulnerability to terrorist attack or incident of a business premises when issuing a new or renewal license or permit.13 CFATS and ATF regulations differ substantially, and the interaction between them can be complex. In many instances, compliance with the measures required to comply with ATF regulations and industry best practices result in some facilities not tiering as high-risk under CFATS. Therefore, this small portion of facilities has no additional regulatory obligations under CFATS after submission of a TopScreen. For example, all explosives must be stored in compliance with ATF standoff-distance 14 and similar requirements, which mitigate the consequences of an explosion at the facility. The consequences from an explosion is a factor that CISA uses to determine whether a facility is highrisk. Because facilities that possess threshold quantities of release-explosive COI are required to comply with ATF standoff/storage regulations, CISA has never designated a facility as high risk on the basis that the facility contains COI classified as a ‘‘release-explosives’’ threat. While the above is an example of a way in which CFATS and ATF regulations dovetail effectively, sometimes the regulations do not correspond so cleanly. For example, a small number of facilities, despite adhering to ATF regulations regarding the secure storage of explosive materials,15 have been: (1) Considered high-risk under CFATS as a result of possession of explosives under the ‘‘theft/diversion’’ security issue, and (2) required to implement additional security measures to satisfy CFATS requirements, such as implementing 12 See 18 U.S.C. 843(f) and 27 CFR 555.24. 18 U.S.C. 843 and 27 CFR part 555, subparts D and E. 14 ‘‘Standoff distance’’ refers to the requirement that explosive materials be stored a prescribed distance away from inhabited buildings, public highways, other magazines, and other infrastructure. See 27 CFR 555.218–224. 15 See 27 CFR part 555, subpart K. 13 See PO 00000 Frm 00002 Fmt 4702 Sfmt 4702 cybersecurity and detection mechanisms. The partial regulatory overlap has led to frustration among some stakeholders in the explosives community and has led CISA to conduct a comprehensive review of the respective programs’ regulatory requirements. As a result, CISA is considering modifications to Appendix A to remove Division 1.1 explosive chemicals from the COI listed in Appendix A. III. Discussion It is the policy of the executive branch to prudently manage the costs associated with governmental imposition of private expenditures required to comply with Federal regulations.16 Agencies have long been charged to ‘‘avoid regulations that are inconsistent, incompatible, or duplicative with [their] other regulations or those of other Federal agencies.’’ 17 Given these and other polices, and given the partial overlap between DHS and ATF regulations on Division 1.1 explosives, as well as the relatively small number of facilities subject to this overlap, CISA is reconsidering whether to regulate facilities that possess explosives subject to ATF regulations is ‘‘prudent and financially responsible in the expenditure of funds, from both public and private sources.’’ At this time, CISA is considering whether the elimination of the burden of dual regulation of Division 1.1 explosive chemicals between CISA and ATF programs could be warranted. To this end, CISA is soliciting comments on amending Appendix A to remove all Division 1.1 explosives from the list of COI listed in Appendix A. If Appendix A is so amended, facility operators would no longer be required to count Division 1.1 explosives when determining whether their facilities are subject to the Top-Screen requirements pursuant to 6 CFR 27.200. At the time of the promulgation of CFATS, DHS believed that the increased security value of having high-risk facilities that possessed Division 1.1 explosives regulated under CFATS was worth the increased cost. In 2007, DHS distinguished its approach from the deference that the Environmental Protection Agency (EPA) had shown ATF regulations by noting that ‘‘EPA’s decisions were based on safety and the prevention of an accidental release [and that] DHS is concerned with an 16 Exec. Order No. 13,771, Sec. 1., 82 FR 9339 at 9339 (Feb. 3, 2017). 17 Exec. Order No. 12,866, Sec. 1(b)(10), 58 FR 51735 (Oct. 4, 1993). E:\FR\FM\06JAP1.SGM 06JAP1 Federal Register / Vol. 86, No. 3 / Wednesday, January 6, 2021 / Proposed Rules intentional attack on an explosives facility.’’ 18 For these reasons, CFATS listed Division 1.1 explosives as presenting both Release-Explosive 19 and Theft/diversion-EXP/IEDP 20 security issues. However, since implementation of the CFATS program, CISA has found that, for many facilities, possession of Division 1.1 explosives at the quantity triggering reporting for the ReleaseExplosive security issue under CFATS (i.e., 5,000 pounds or more) would not result in the risk of a large number of fatalities if attacked. Thus, CISA does not currently regulate any facilities for possession of Division 1.1 explosives for the Release-Explosive security concern. This is because facilities that possess Division 1.1 explosives are required to comply with ATF’s table of distances for storage of explosive materials (i.e. standoff distances) at 27 CFR 555.218– 224. The enhanced CFATS risk-tiering methodology implemented beginning in October 2016 accounts for the increased security resulting from ATF’s table-ofdistance regulations, which protects against offsite impacts of an explosive release, whether accidental or intentional. We note that while ATF’s and CISA’s regulations differ substantially, other agencies have deferred to ATF’s explosives expertise when considering regulation of explosives facilities. In 1998, while developing the Risk Management Plan regulations, the EPA issued a final rule removing Division 1.1 explosives from its list of regulated substances for accidental release prevention.21 In removing Division 1.1 explosives from regulation, the EPA concluded that the ‘‘. . . current [ATF and other] regulations and current and contemplated industry practices promote safety and accident prevention in storage, handling, transportation, and use of explosives,’’ making them adequate for EPA’s purposes.22 While the ATF regulates explosives materials and the CFATS regulates the chemical facilities possessing explosive materials, CISA notes that ATF’s current regulations address a number of the same safety and security precautions as 18 72 FR 65396, 65403 (emphasis added). chemicals have potential to affect populations within and beyond the facility if intentionally denotated. 72 FR 65396, 65397 (Nov. 20, 2007). 20 Theft/Diversion-Explosives EXP/IEDP chemicals could be stolen or diverted and used in explosives or IEDs. Id. at 65397. 21 List of Regulated Substances and Thresholds for Accidental Release Prevention; Amendments, 63 FR 640, 641 (Jan. 6, 1998) (announcing effective date of final rule amending 40 CFR part 68). 22 Id. jbell on DSKJLSW7X2PROD with PROPOSALS 19 Release-Explosive VerDate Sep<11>2014 16:47 Jan 05, 2021 Jkt 253001 the CFATS regulations for Division 1.1 explosives. Other facilities that possess Division 1.1 explosives are considered high-risk under CFATS under the Theft/ diversion-EXP/IEDP security issue, in part because of the concerns presented by the prospect of physical or cyberfocused security breaches. CISA currently regulates 85 facilities that possess Division 1.1 explosive COI under the Theft/diversion-EXP/IEDP security issue. Many of these facilities possess other COI regulated by CFATS that are not Division 1.1 explosives. If Division 1.1 explosives were removed from Appendix A, CISA estimates that 24 facilities would no longer be regulated as high-risk under CFATS. Though CFATS includes cybersecurity and some other requirements such as security plans, security equipment, training, or recording/reporting of threats that are not accounted for in ATF’s framework, ATF regulations include some important theft-prevention and inventory-tracking standards 23 and adherence with ATF requirements is verified through periodic regulatory inspections of ATF’s construction and locking requirements for magazines as well as reporting of theft/loss.24 For these reasons, it may be appropriate to rely solely on ATF’s standards to address the threat that Division 1.1 explosives could be diverted. Further supporting this argument is the fact that ATF’s secure-storage and related requirements appear to have successfully driven down the number of thefts of commercial explosives nationwide—with only three such thefts having been reported during the 2019 calendar year.25 However, there has been a slight increase in the number of reported losses.26 ATF’s standards are applied across the explosives industry, covering thousands of entities that manufacture, distribute, receive, ship, and/or import explosives, while DHS’ standards are applied only to a small number of the highest-risk facilities (85 chemical facilities). Given the wide application of ATF regulations across the explosives industry and their success in limiting thefts of commercial explosives, we believe there may be 23 See 27 CFR part 555. 27 CFR 555.207–211 and 555.30. 25 United States Bomb Data Center, 2019 Explosives Incident Report, 15 (2019), https:// www.atf.gov/file/143481/download. 26 Id. at 16. The number of reported losses at commercial facilities nationwide has increased somewhat in the past five years, from 95 in 2015 to 113 in 2019. 24 See PO 00000 Frm 00003 Fmt 4702 Sfmt 4702 497 value in uniform application of security measures for these materials. IV. Request for Comments Prior to implementing the enhanced tiering methodology in October of 2016, DHS published a CFATS ANPRM on August 18, 2014, to seek public comment on ways in which the CFATS regulation and program might be improved.27 The ANPRM solicited public comments on any and all aspects of 6 CFR part 27, including Appendix A. The Department also conducted seven listening sessions for the ANPRM. In addition, the Department published a notice on October 16, 2015 in the Federal Register soliciting additional public comments through November 30, 2015 about Appendix A to the CFATS regulation and conducted a roundtable discussion and public listening session on October 27, 2015.28 In response to the 2014 CFATS ANPRM, the Department received several detailed comments relevant to the coverage of Division 1.1 explosives under CFATS generally encouraging the Department to remove Division 1.1 explosives for both release-explosive and theft/diversion-EXP/IEDP security issues.29 Commenters also generally suggested that ATF’s regulations governing commerce in explosives located at 27 CFR part 555 are sufficient and that the security obligations imposed by CFATS under 6 CFR part 27 are unnecessary. CISA also published a retrospective economic analysis of the CFATS program and received one responsive comment about facilities that are regulated by CFATS and the ATF.30 In light of the time that has passed since 2015, and the changes to the tiering methodology made since then, CISA is soliciting comments from stakeholders on the current coverage of release-explosive and theft/diversionEXP/IEDP COI under CFATS and on the proposed elimination of these COI from Appendix A. Specifically: (1) Should CISA remove Division 1.1 explosives for consideration as a release-explosive security concern? Why or why not? (2) Should CISA remove Division 1.1 explosives for consideration as a theft/ diversion-EXP/IEDP security concern? Why or why not? 27 CFATS Advance Notice of Proposed Rulemaking, 79 FR 48693 (Aug. 18, 2014). 28 CFATS Appendix A, Notice of Public Meeting, 80 FR 62504 (Oct. 16, 2015). 29 The public comments provided in response to the August 2014 ANPRM are posted on www.regulations.gov under docket number DHS– 2014–0016. 30 Retrospective Analysis of the Chemical Facility Anti-Terrorism Standards, 85 FR 37393 (Jun. 22, 2020). E:\FR\FM\06JAP1.SGM 06JAP1 498 Federal Register / Vol. 86, No. 3 / Wednesday, January 6, 2021 / Proposed Rules (3) How would the removal of Division 1.1 explosives impact the security posture of chemical facilities? (4) Would the removal of Division 1.1 explosives impact the regulatory burden of CFATS on chemical facilities? If so, in what ways and to what extent? V. Signature The Acting Secretary of Homeland Security, Chad F. Wolf, having reviewed and approved this document, has delegated the authority to electronically sign this document to Chad R. Mizelle, who is the Senior Official Performing the Duties of the General Counsel for DHS, for purposes of publication in the Federal Register. Chad R. Mizelle, Senior Official Performing the Duties of the General Counsel Department of Homeland Security. BILLING CODE 4410–10–P DEPARTMENT OF DEFENSE Office of the Secretary 32 CFR Part 310 [Docket ID DoD–2020–OS–0095] RIN 0790–AK96 Privacy Act of 1974; Implementation Department of Defense (DoD). Proposed rule. AGENCY: The DoD is giving concurrent notice of an updated system of records pursuant to the Privacy Act of 1974 for the DoD 0004 ‘‘Defense Repository for Common Enterprise Data (DRCED)’’ system of records and this proposed rulemaking. In this proposed rulemaking, the Department proposes to exempt portions of the DRCED system of records from certain provisions of the Privacy Act because of national security requirements. DATES: Send comments on or before March 8, 2021. ADDRESSES: You may submit comments, identified by docket number and title, by any of the following methods: • Federal Rulemaking Portal: https:// www.regulations.gov. Follow the instructions for submitting comments. • Mail: The DoD cannot receive written comments at this time due to the COVID–19 pandemic. Comments should be sent electronically to the docket listed above. Instructions: All submissions received must include the agency name and docket number for this Federal Register jbell on DSKJLSW7X2PROD with PROPOSALS SUMMARY: VerDate Sep<11>2014 16:47 Jan 05, 2021 Jkt 253001 Ms. Lyn Kirby, Chief, Defense Privacy, Civil Liberties, and Transparency Division, Directorate for Oversight and Compliance, Department of Defense, 4800 Mark Center Drive, Mailbox #24, Suite 08D09, Alexandria, VA 22350– 1700; OSD.DPCLTD@mail.mil; (703) 571–0070. SUPPLEMENTARY INFORMATION: FOR FURTHER INFORMATION CONTACT: I. Background [FR Doc. 2020–27768 Filed 1–5–21; 8:45 am] ACTION: document. The general policy for comments and other submissions from members of the public is to make these submissions available for public viewing on the internet at https:// www.regulations.gov as they are received without change, including any personal identifiers or contact information. The DoD 0004 DRCED system of records is a DoD-wide system of records that supports multiple information systems that provide DoD-wide and component-level enterprise solutions for integrating and analyzing targeted data from existing DoD systems to develop timely, actionable, and insightful conclusions in support of national strategies. These systems are used to automate financial and business transactions, perform cost-management analysis, produce oversight and audit reports, and provide critical data linking to improve performance of mission objectives. These systems are also capable of creating predictive analytic models based upon specific data streams to equip decision makers with critical data necessary for execution of fiscal and operational requirements. II. Privacy Act Exemption The Privacy Act allows federal agencies to exempt eligible records in a system of records from certain provisions of the Act, including the provisions providing individuals with a right to request access to and amendment of their own records. If an agency intends to exempt a particular system of records, it must typically first go through the rulemaking process to provide public notice and an opportunity to comment on the proposed exemption. This proposed rule explains why an exemption is being claimed for this system of records and invites public comment, which DoD will consider before the issuance of a final rule implementing the exemption. The DoD proposes to modify 32 CFR part 310 to add a new Privacy Act exemption rule for the DoD 0004 DRCED system of records. The DoD proposes an exemption for DoD 0004 DRCED because some of its records may PO 00000 Frm 00004 Fmt 4702 Sfmt 4702 contain classified national security information and disclosure of those records to an individual may cause damage to national security. The Privacy Act, pursuant to 5 U.S.C. 552a(k)(1), authorizes agencies to claim an exemption for systems of records that contain information properly classified pursuant to executive order. DoD is proposing to claim an exemption from the access and amendment requirements of the Privacy Act, pursuant to 5 U.S.C. 552a(k)(1), to prevent disclosure of any information properly classified pursuant to executive order, as implemented by DoD Instruction (DoDI) 5200.01 and DoD Manual (DoDM) 5200.01, Volumes 1 and 3. If implemented, this proposed rule will deny an individual access under the Privacy Act to only those portions of records for which the claimed exemption applies. In addition, records in the DoD 0004 DRCED system of records are only exempt from the Privacy Act to the extent the purposes underlying the exemption pertain to the record. A notice of a modified system of records for DoD 0004 DRCED is also published in this issue of the Federal Register. Regulatory Analysis Executive Order 12866, ‘‘Regulatory Planning and Review’’ and Executive Order 13563, ‘‘Improving Regulation and Regulatory Review’’ Executive Orders 12866 and 13563 direct agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distribute impacts, and equity). Executive Order 13563 emphasizes the importance of quantifying both costs and benefits, of reducing costs, of harmonizing rules, and of promoting flexibility. It has been determined that this proposed rule is not a significant regulatory action. Executive Order 13771, ‘‘Reducing Regulation and Controlling Regulatory Costs’’ This proposed rule has been deemed not significant under Executive Order (E.O.) 12866, ‘‘Regulatory Planning and Review,’’ therefore, the requirements of E.O. 13771, ‘‘Reducing Regulation and Controlling Regulatory Costs’’ do not apply. Congressional Review Act This proposed rule is not a ‘‘major rule’’ as defined by 5 U.S.C. 804(2). E:\FR\FM\06JAP1.SGM 06JAP1

Agencies

[Federal Register Volume 86, Number 3 (Wednesday, January 6, 2021)]
[Proposed Rules]
[Pages 495-498]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-27768]


========================================================================
Proposed Rules
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains notices to the public of 
the proposed issuance of rules and regulations. The purpose of these 
notices is to give interested persons an opportunity to participate in 
the rule making prior to the adoption of the final rules.

========================================================================


Federal Register / Vol. 86, No. 3 / Wednesday, January 6, 2021 / 
Proposed Rules

[[Page 495]]



DEPARTMENT OF HOMELAND SECURITY

6 CFR Part 27

[Docket No. CISA-2020-0014]
RIN 1670-AA03


Removal of Certain Explosive Chemicals From the Chemical Facility 
Anti-Terrorism Standards

AGENCY: Cybersecurity and Infrastructure Security Agency, DHS.

ACTION: Advance Notice of Proposed Rulemaking (ANPRM).

-----------------------------------------------------------------------

SUMMARY: The Cybersecurity and Infrastructure Security Agency (CISA) is 
considering removing all 49 Division 1.1 explosive chemicals of 
interest from Appendix A of the Chemical Facility Anti-Terrorism 
Standards (CFATS) regulations. Currently, both CISA and the Bureau of 
Alcohol, Tobacco, Firearms and Explosives (ATF) regulate facilities 
possessing these chemicals for security concerns. Removing these 
chemicals of interest from coverage under CFATS would reduce regulatory 
requirements for facilities currently covered by both CFATS and ATF's 
regulatory frameworks and relieve compliance burdens for a small number 
of affected facilities.

DATES: Comments on this ANPRM must be received by March 8, 2021.

ADDRESSES: You may submit comments, identified by docket number CISA-
2020-0014 through the Federal eRulemaking Portal available at http://www.regulations.gov. Follow the instructions for submitting comments.
    Instructions: All comments received via https://www.regulations.gov 
will be posted to the public docket at https://www.regulations.gov, 
including any personal information provided.
    Do not submit comments that include trade secrets, confidential 
commercial or financial information, Chemical-terrorism Vulnerability 
Information (CVI), Protected Critical Infrastructure Information 
(PCII), or Sensitive Security Information (SSI) directly to the public 
regulatory docket. Contact the individual listed in the FOR FURTHER 
INFORMATION CONTACT section below with questions about comments 
containing such protected information. CISA will not place comments 
containing such protected information in the public docket and will 
handle them in accordance with applicable safeguards and restrictions 
on access. Additionally, CISA will hold them in a separate file to 
which the public does not have access and place a note in the public 
docket that CISA has received such protected materials from the 
commenter. If CISA receives a request to examine or copy this 
information, CISA will treat it as any other request under the Freedom 
of Information Act (FOIA), 5 U.S.C. 552, and the Department's FOIA 
regulation found in part 5 of Title 6 of the Code of Federal 
Regulations (CFR).
    Docket: For access to the docket and to read comments received 
visit http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Lona Saccomando, (703) 603-4868, 
[email protected].

SUPPLEMENTARY INFORMATION: 

I. Regulatory Information

    CISA is issuing this Advance Notice of Proposed Rulemaking (ANPRM) 
to solicit comments on the advisability of removing Division 1.1 
explosives from Appendix A to the Chemical Facility Anti-Terrorism 
Standards (CFATS) regulations located at 6 CFR part 27. As described 
below, we believe that these regulations may be unnecessarily 
burdensome for facilities that are already subject to security 
regulations for the same chemicals by another Federal agency, ATF. We 
encourage comments describing the nature of compliance operations in 
cases where regulatory duplication and overlap may exist, as well as on 
the costs and benefits of CFATS-specific security measures.

II. Background

    CISA's CFATS program is an important part of our nation's 
counterterrorism efforts. The agency works with industry stakeholders 
to keep dangerous chemicals out of the hands of persons or 
organizations who wish to harm the United States. Since the CFATS 
program was created, the Department of Homeland Security (DHS) \1\ has 
engaged with industry representatives to identify high-risk chemical 
facilities to ensure security measures are in place to reduce the risks 
associated with their possession of Chemicals of Interest (COI) listed 
on Appendix A to the CFATS regulations. The progress made in securing 
high-risk chemical facilities through the CFATS program since its 
implementation has significantly enhanced the security of the nation's 
chemical infrastructure.
---------------------------------------------------------------------------

    \1\ We note that CISA was created in 2018, and that the CFATS 
program was previously run by an element of the Department of 
Homeland Security with a different name. In this document, we refer 
to CISA when describing present-day actions, and DHS when referring 
to actions that took place prior to 2018.
---------------------------------------------------------------------------

    The CFATS program identifies chemical facilities of interest and 
regulates the security of high-risk chemical facilities through risk-
based performance standards.\2\ The COI are listed in Appendix A to the 
CFATS regulations. If chemical facilities of interest possess the COI 
in the amounts and concentrations listed in Appendix A, chemical 
facilities of interest must complete and submit a Top-Screen survey to 
CISA.\3\ CISA evaluates the information submitted in a Top-Screen and 
performs a risk assessment. Based upon this risk assessment, CISA 
determines which chemical facilities of interest qualify as high risk 
and are subject to full coverage under CFATS. Each of these covered 
chemical facilities is assigned a tier that ranges from Tier 1 (the 
highest risk of the high-risk covered chemical facilities) to Tier 4 
(the lowest risk of the high-risk covered chemical facilities).\4\ A 
facility that is determined to present a high-risk is required to 
develop and submit a Site Security Plan (SSP) addressing 18 risk-based 
performance standards containing physical security, cybersecurity, and 
various other security-focused measures and procedures.
---------------------------------------------------------------------------

    \2\ The Protecting and Securing Chemical Facilities from 
Terrorist Attacks Act of 2014 (also known as the CFATS Act of 2014, 
Public Law 113-254) codified the CFATS program into the Homeland 
Security Act of 2002. See 6 U.S.C. 621 et seq., as amended by Public 
Law 116-136, Sec. 16007 (2020).
    \3\ See 6 CFR 27.200(b)(2).
    \4\ See 6 CFR 27.220.
---------------------------------------------------------------------------

    On November 20, 2007, DHS published a list of COI in Appendix A to 
6 CFR part 27.\5\ The final version of

[[Page 496]]

Appendix A included 49 chemicals that the Department of Transportation 
(DOT) lists as Class 1, Division 1.1 explosives at 49 CFR 172.101, with 
two broad exceptions.\6\ Appendix A classifies all Division 1.1 
explosives as posing both Release-Explosive and Theft/diversion-
Explosives/Improvised Explosive Device Precursor (Theft/diversion-EXP/
IEDP) security issues.
---------------------------------------------------------------------------

    \5\ Appendix A to the CFATS Final Rule, 72 FR 65396, 65420-65434 
(Nov. 20, 2007).
    \6\ These exceptions include explosives which DOT uses a generic 
shipping name with the suffix ``N.O.S.'' or ``not otherwise 
specified'', and articles or devices listed on DOT's Hazardous 
Materials Table at 49 CFR 172.101. See 75 FR at 65402-03.
---------------------------------------------------------------------------

    DHS included Division 1.1 explosives in Appendix A notwithstanding 
the Department of Justice's ATF regulation of the purchase, possession, 
storage, and transportation of the same types of explosives.\7\ In an 
ANPRM that preceded the promulgation of the CFATS regulations and 
Appendix A, DHS noted that the authorizing statute \8\ for CFATS 
excluded many types of facilities that were already the subject of 
existing federal security regulations.\9\ This suggested a possibility 
of regulatory overlap between CFATS and ATF regulatory programs. DHS 
stated that ``where there is concurrent jurisdiction [between DHS and 
ATF or another Federal agency], the Department will work closely with 
other Federal agencies [(e.g., ATF)] to ensure that regulated 
facilities can comply with applicable regulations while minimizing any 
duplication.'' \10\
---------------------------------------------------------------------------

    \7\ See 27 CFR part 555, subpart C.
    \8\ See Public Law 109-295, sec. 550 (Oct. 4, 2006) (codified as 
amended at 6 U.S.C. 621(3)(B) and (4)).
    \9\ See Chemical Facility Anti-Terrorism Standards; Advance 
Notice of Rulemaking, 71 FR 78276, 78290 (Dec. 28, 2006).
    \10\ See Chemical Facility Anti-Terrorism Standards; Interim 
Final Rule, 72 FR 17688, 17718-19 (Apr. 9, 2007).
---------------------------------------------------------------------------

    Division 1.1 explosives included in Appendix A are ``explosive 
materials'' as defined in 18 U.S.C. 841(c) and are subject to ATF 
regulation. ATF regulations require persons storing any explosives to 
follow certain safety and theft-prevention precautions, including 
specific requirements governing the secure storage of explosives and 
inspection of magazines.\11\ While ATF regulations and CFATS 
regulations are both geared towards preventing the theft and release of 
explosive materials, the two agencies do not regulate facilities in a 
similar manner, which can potentially lead to additional security 
efforts and regulatory compliance burdens for Division 1.1 explosives. 
The business premises of an explosives licensee or permittee is subject 
to entry by ATF for the specific purpose of inspective or examining 
records and documents required to be kept by a licensee or permitee 
pursuant to 18 U.S.C. chapter 40 and its implementing regulations, as 
well as any explosive materials kept or stored at the premises.\12\ 
While magazines in which explosive materials are stored must meet 
standards of public safety and security against theft as provided in 27 
CFR part 555, subpart K, ATF may not require additional measures--such 
as those described above in the CFATS regulations--to address security 
risks or vulnerability to terrorist attack or incident of a business 
premises when issuing a new or renewal license or permit.\13\
---------------------------------------------------------------------------

    \11\ See 27 CFR part 555, subpart K.
    \12\ See 18 U.S.C. 843(f) and 27 CFR 555.24.
    \13\ See 18 U.S.C. 843 and 27 CFR part 555, subparts D and E.
---------------------------------------------------------------------------

    CFATS and ATF regulations differ substantially, and the interaction 
between them can be complex. In many instances, compliance with the 
measures required to comply with ATF regulations and industry best 
practices result in some facilities not tiering as high-risk under 
CFATS. Therefore, this small portion of facilities has no additional 
regulatory obligations under CFATS after submission of a Top-Screen. 
For example, all explosives must be stored in compliance with ATF 
standoff-distance \14\ and similar requirements, which mitigate the 
consequences of an explosion at the facility. The consequences from an 
explosion is a factor that CISA uses to determine whether a facility is 
high-risk. Because facilities that possess threshold quantities of 
release-explosive COI are required to comply with ATF standoff/storage 
regulations, CISA has never designated a facility as high risk on the 
basis that the facility contains COI classified as a ``release-
explosives'' threat.
---------------------------------------------------------------------------

    \14\ ``Standoff distance'' refers to the requirement that 
explosive materials be stored a prescribed distance away from 
inhabited buildings, public highways, other magazines, and other 
infrastructure. See 27 CFR 555.218-224.
---------------------------------------------------------------------------

    While the above is an example of a way in which CFATS and ATF 
regulations dovetail effectively, sometimes the regulations do not 
correspond so cleanly. For example, a small number of facilities, 
despite adhering to ATF regulations regarding the secure storage of 
explosive materials,\15\ have been: (1) Considered high-risk under 
CFATS as a result of possession of explosives under the ``theft/
diversion'' security issue, and (2) required to implement additional 
security measures to satisfy CFATS requirements, such as implementing 
cybersecurity and detection mechanisms.
---------------------------------------------------------------------------

    \15\ See 27 CFR part 555, subpart K.
---------------------------------------------------------------------------

    The partial regulatory overlap has led to frustration among some 
stakeholders in the explosives community and has led CISA to conduct a 
comprehensive review of the respective programs' regulatory 
requirements. As a result, CISA is considering modifications to 
Appendix A to remove Division 1.1 explosive chemicals from the COI 
listed in Appendix A.

III. Discussion

    It is the policy of the executive branch to prudently manage the 
costs associated with governmental imposition of private expenditures 
required to comply with Federal regulations.\16\ Agencies have long 
been charged to ``avoid regulations that are inconsistent, 
incompatible, or duplicative with [their] other regulations or those of 
other Federal agencies.'' \17\ Given these and other polices, and given 
the partial overlap between DHS and ATF regulations on Division 1.1 
explosives, as well as the relatively small number of facilities 
subject to this overlap, CISA is reconsidering whether to regulate 
facilities that possess explosives subject to ATF regulations is 
``prudent and financially responsible in the expenditure of funds, from 
both public and private sources.''
---------------------------------------------------------------------------

    \16\ Exec. Order No. 13,771, Sec. 1., 82 FR 9339 at 9339 (Feb. 
3, 2017).
    \17\ Exec. Order No. 12,866, Sec. 1(b)(10), 58 FR 51735 (Oct. 4, 
1993).
---------------------------------------------------------------------------

    At this time, CISA is considering whether the elimination of the 
burden of dual regulation of Division 1.1 explosive chemicals between 
CISA and ATF programs could be warranted. To this end, CISA is 
soliciting comments on amending Appendix A to remove all Division 1.1 
explosives from the list of COI listed in Appendix A. If Appendix A is 
so amended, facility operators would no longer be required to count 
Division 1.1 explosives when determining whether their facilities are 
subject to the Top-Screen requirements pursuant to 6 CFR 27.200.
    At the time of the promulgation of CFATS, DHS believed that the 
increased security value of having high-risk facilities that possessed 
Division 1.1 explosives regulated under CFATS was worth the increased 
cost. In 2007, DHS distinguished its approach from the deference that 
the Environmental Protection Agency (EPA) had shown ATF regulations by 
noting that ``EPA's decisions were based on safety and the prevention 
of an accidental release [and that] DHS is concerned with an

[[Page 497]]

intentional attack on an explosives facility.'' \18\ For these reasons, 
CFATS listed Division 1.1 explosives as presenting both Release-
Explosive \19\ and Theft/diversion-EXP/IEDP \20\ security issues.
---------------------------------------------------------------------------

    \18\ 72 FR 65396, 65403 (emphasis added).
    \19\ Release-Explosive chemicals have potential to affect 
populations within and beyond the facility if intentionally 
denotated. 72 FR 65396, 65397 (Nov. 20, 2007).
    \20\ Theft/Diversion-Explosives EXP/IEDP chemicals could be 
stolen or diverted and used in explosives or IEDs. Id. at 65397.
---------------------------------------------------------------------------

    However, since implementation of the CFATS program, CISA has found 
that, for many facilities, possession of Division 1.1 explosives at the 
quantity triggering reporting for the Release-Explosive security issue 
under CFATS (i.e., 5,000 pounds or more) would not result in the risk 
of a large number of fatalities if attacked. Thus, CISA does not 
currently regulate any facilities for possession of Division 1.1 
explosives for the Release-Explosive security concern. This is because 
facilities that possess Division 1.1 explosives are required to comply 
with ATF's table of distances for storage of explosive materials (i.e. 
standoff distances) at 27 CFR 555.218-224. The enhanced CFATS risk-
tiering methodology implemented beginning in October 2016 accounts for 
the increased security resulting from ATF's table-of-distance 
regulations, which protects against offsite impacts of an explosive 
release, whether accidental or intentional.
    We note that while ATF's and CISA's regulations differ 
substantially, other agencies have deferred to ATF's explosives 
expertise when considering regulation of explosives facilities. In 
1998, while developing the Risk Management Plan regulations, the EPA 
issued a final rule removing Division 1.1 explosives from its list of 
regulated substances for accidental release prevention.\21\ In removing 
Division 1.1 explosives from regulation, the EPA concluded that the ``. 
. . current [ATF and other] regulations and current and contemplated 
industry practices promote safety and accident prevention in storage, 
handling, transportation, and use of explosives,'' making them adequate 
for EPA's purposes.\22\ While the ATF regulates explosives materials 
and the CFATS regulates the chemical facilities possessing explosive 
materials, CISA notes that ATF's current regulations address a number 
of the same safety and security precautions as the CFATS regulations 
for Division 1.1 explosives.
---------------------------------------------------------------------------

    \21\ List of Regulated Substances and Thresholds for Accidental 
Release Prevention; Amendments, 63 FR 640, 641 (Jan. 6, 1998) 
(announcing effective date of final rule amending 40 CFR part 68).
    \22\ Id.
---------------------------------------------------------------------------

    Other facilities that possess Division 1.1 explosives are 
considered high-risk under CFATS under the Theft/diversion-EXP/IEDP 
security issue, in part because of the concerns presented by the 
prospect of physical or cyber-focused security breaches. CISA currently 
regulates 85 facilities that possess Division 1.1 explosive COI under 
the Theft/diversion-EXP/IEDP security issue. Many of these facilities 
possess other COI regulated by CFATS that are not Division 1.1 
explosives. If Division 1.1 explosives were removed from Appendix A, 
CISA estimates that 24 facilities would no longer be regulated as high-
risk under CFATS.
    Though CFATS includes cybersecurity and some other requirements 
such as security plans, security equipment, training, or recording/
reporting of threats that are not accounted for in ATF's framework, ATF 
regulations include some important theft-prevention and inventory-
tracking standards \23\ and adherence with ATF requirements is verified 
through periodic regulatory inspections of ATF's construction and 
locking requirements for magazines as well as reporting of theft/
loss.\24\ For these reasons, it may be appropriate to rely solely on 
ATF's standards to address the threat that Division 1.1 explosives 
could be diverted. Further supporting this argument is the fact that 
ATF's secure-storage and related requirements appear to have 
successfully driven down the number of thefts of commercial explosives 
nationwide--with only three such thefts having been reported during the 
2019 calendar year.\25\ However, there has been a slight increase in 
the number of reported losses.\26\ ATF's standards are applied across 
the explosives industry, covering thousands of entities that 
manufacture, distribute, receive, ship, and/or import explosives, while 
DHS' standards are applied only to a small number of the highest-risk 
facilities (85 chemical facilities). Given the wide application of ATF 
regulations across the explosives industry and their success in 
limiting thefts of commercial explosives, we believe there may be value 
in uniform application of security measures for these materials.
---------------------------------------------------------------------------

    \23\ See 27 CFR part 555.
    \24\ See 27 CFR 555.207-211 and 555.30.
    \25\ United States Bomb Data Center, 2019 Explosives Incident 
Report, 15 (2019), https://www.atf.gov/file/143481/download.
    \26\ Id. at 16. The number of reported losses at commercial 
facilities nationwide has increased somewhat in the past five years, 
from 95 in 2015 to 113 in 2019.
---------------------------------------------------------------------------

IV. Request for Comments

    Prior to implementing the enhanced tiering methodology in October 
of 2016, DHS published a CFATS ANPRM on August 18, 2014, to seek public 
comment on ways in which the CFATS regulation and program might be 
improved.\27\ The ANPRM solicited public comments on any and all 
aspects of 6 CFR part 27, including Appendix A. The Department also 
conducted seven listening sessions for the ANPRM. In addition, the 
Department published a notice on October 16, 2015 in the Federal 
Register soliciting additional public comments through November 30, 
2015 about Appendix A to the CFATS regulation and conducted a 
roundtable discussion and public listening session on October 27, 
2015.\28\
---------------------------------------------------------------------------

    \27\ CFATS Advance Notice of Proposed Rulemaking, 79 FR 48693 
(Aug. 18, 2014).
    \28\ CFATS Appendix A, Notice of Public Meeting, 80 FR 62504 
(Oct. 16, 2015).
---------------------------------------------------------------------------

    In response to the 2014 CFATS ANPRM, the Department received 
several detailed comments relevant to the coverage of Division 1.1 
explosives under CFATS generally encouraging the Department to remove 
Division 1.1 explosives for both release-explosive and theft/diversion-
EXP/IEDP security issues.\29\ Commenters also generally suggested that 
ATF's regulations governing commerce in explosives located at 27 CFR 
part 555 are sufficient and that the security obligations imposed by 
CFATS under 6 CFR part 27 are unnecessary. CISA also published a 
retrospective economic analysis of the CFATS program and received one 
responsive comment about facilities that are regulated by CFATS and the 
ATF.\30\
---------------------------------------------------------------------------

    \29\ The public comments provided in response to the August 2014 
ANPRM are posted on www.regulations.gov under docket number DHS-
2014-0016.
    \30\ Retrospective Analysis of the Chemical Facility Anti-
Terrorism Standards, 85 FR 37393 (Jun. 22, 2020).
---------------------------------------------------------------------------

    In light of the time that has passed since 2015, and the changes to 
the tiering methodology made since then, CISA is soliciting comments 
from stakeholders on the current coverage of release-explosive and 
theft/diversion-EXP/IEDP COI under CFATS and on the proposed 
elimination of these COI from Appendix A. Specifically:
    (1) Should CISA remove Division 1.1 explosives for consideration as 
a release-explosive security concern? Why or why not?
    (2) Should CISA remove Division 1.1 explosives for consideration as 
a theft/diversion-EXP/IEDP security concern? Why or why not?

[[Page 498]]

    (3) How would the removal of Division 1.1 explosives impact the 
security posture of chemical facilities?
    (4) Would the removal of Division 1.1 explosives impact the 
regulatory burden of CFATS on chemical facilities? If so, in what ways 
and to what extent?

V. Signature

    The Acting Secretary of Homeland Security, Chad F. Wolf, having 
reviewed and approved this document, has delegated the authority to 
electronically sign this document to Chad R. Mizelle, who is the Senior 
Official Performing the Duties of the General Counsel for DHS, for 
purposes of publication in the Federal Register.

Chad R. Mizelle,
Senior Official Performing the Duties of the General Counsel Department 
of Homeland Security.
[FR Doc. 2020-27768 Filed 1-5-21; 8:45 am]
BILLING CODE 4410-10-P