Removal of Certain Explosive Chemicals From the Chemical Facility Anti-Terrorism Standards, 495-498 [2020-27768]

Agencies

• DEPARTMENT OF HOMELAND SECURITY

[Federal Register Volume 86, Number 3 (Wednesday, January 6, 2021)]
[Proposed Rules]
[Pages 495-498]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-27768]


========================================================================
Proposed Rules
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains notices to the public of 
the proposed issuance of rules and regulations. The purpose of these 
notices is to give interested persons an opportunity to participate in 
the rule making prior to the adoption of the final rules.

========================================================================


Federal Register / Vol. 86, No. 3 / Wednesday, January 6, 2021 / 
Proposed Rules

[[Page 495]]



DEPARTMENT OF HOMELAND SECURITY

6 CFR Part 27

[Docket No. CISA-2020-0014]
RIN 1670-AA03


Removal of Certain Explosive Chemicals From the Chemical Facility 
Anti-Terrorism Standards

AGENCY: Cybersecurity and Infrastructure Security Agency, DHS.

ACTION: Advance Notice of Proposed Rulemaking (ANPRM).

-----------------------------------------------------------------------

SUMMARY: The Cybersecurity and Infrastructure Security Agency (CISA) is 
considering removing all 49 Division 1.1 explosive chemicals of 
interest from Appendix A of the Chemical Facility Anti-Terrorism 
Standards (CFATS) regulations. Currently, both CISA and the Bureau of 
Alcohol, Tobacco, Firearms and Explosives (ATF) regulate facilities 
possessing these chemicals for security concerns. Removing these 
chemicals of interest from coverage under CFATS would reduce regulatory 
requirements for facilities currently covered by both CFATS and ATF's 
regulatory frameworks and relieve compliance burdens for a small number 
of affected facilities.

DATES: Comments on this ANPRM must be received by March 8, 2021.

ADDRESSES: You may submit comments, identified by docket number CISA-
2020-0014 through the Federal eRulemaking Portal available at https://www.regulations.gov. Follow the instructions for submitting comments.
    Instructions: All comments received via https://www.regulations.gov 
will be posted to the public docket at https://www.regulations.gov, 
including any personal information provided.
    Do not submit comments that include trade secrets, confidential 
commercial or financial information, Chemical-terrorism Vulnerability 
Information (CVI), Protected Critical Infrastructure Information 
(PCII), or Sensitive Security Information (SSI) directly to the public 
regulatory docket. Contact the individual listed in the FOR FURTHER 
INFORMATION CONTACT section below with questions about comments 
containing such protected information. CISA will not place comments 
containing such protected information in the public docket and will 
handle them in accordance with applicable safeguards and restrictions 
on access. Additionally, CISA will hold them in a separate file to 
which the public does not have access and place a note in the public 
docket that CISA has received such protected materials from the 
commenter. If CISA receives a request to examine or copy this 
information, CISA will treat it as any other request under the Freedom 
of Information Act (FOIA), 5 U.S.C. 552, and the Department's FOIA 
regulation found in part 5 of Title 6 of the Code of Federal 
Regulations (CFR).
    Docket: For access to the docket and to read comments received 
visit https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Lona Saccomando, (703) 603-4868, 
[email protected].

SUPPLEMENTARY INFORMATION: 

I. Regulatory Information

    CISA is issuing this Advance Notice of Proposed Rulemaking (ANPRM) 
to solicit comments on the advisability of removing Division 1.1 
explosives from Appendix A to the Chemical Facility Anti-Terrorism 
Standards (CFATS) regulations located at 6 CFR part 27. As described 
below, we believe that these regulations may be unnecessarily 
burdensome for facilities that are already subject to security 
regulations for the same chemicals by another Federal agency, ATF. We 
encourage comments describing the nature of compliance operations in 
cases where regulatory duplication and overlap may exist, as well as on 
the costs and benefits of CFATS-specific security measures.

II. Background

    CISA's CFATS program is an important part of our nation's 
counterterrorism efforts. The agency works with industry stakeholders 
to keep dangerous chemicals out of the hands of persons or 
organizations who wish to harm the United States. Since the CFATS 
program was created, the Department of Homeland Security (DHS) \1\ has 
engaged with industry representatives to identify high-risk chemical 
facilities to ensure security measures are in place to reduce the risks 
associated with their possession of Chemicals of Interest (COI) listed 
on Appendix A to the CFATS regulations. The progress made in securing 
high-risk chemical facilities through the CFATS program since its 
implementation has significantly enhanced the security of the nation's 
chemical infrastructure.
---------------------------------------------------------------------------

    \1\ We note that CISA was created in 2018, and that the CFATS 
program was previously run by an element of the Department of 
Homeland Security with a different name. In this document, we refer 
to CISA when describing present-day actions, and DHS when referring 
to actions that took place prior to 2018.
---------------------------------------------------------------------------

    The CFATS program identifies chemical facilities of interest and 
regulates the security of high-risk chemical facilities through risk-
based performance standards.\2\ The COI are listed in Appendix A to the 
CFATS regulations. If chemical facilities of interest possess the COI 
in the amounts and concentrations listed in Appendix A, chemical 
facilities of interest must complete and submit a Top-Screen survey to 
CISA.\3\ CISA evaluates the information submitted in a Top-Screen and 
performs a risk assessment. Based upon this risk assessment, CISA 
determines which chemical facilities of interest qualify as high risk 
and are subject to full coverage under CFATS. Each of these covered 
chemical facilities is assigned a tier that ranges from Tier 1 (the 
highest risk of the high-risk covered chemical facilities) to Tier 4 
(the lowest risk of the high-risk covered chemical facilities).\4\ A 
facility that is determined to present a high-risk is required to 
develop and submit a Site Security Plan (SSP) addressing 18 risk-based 
performance standards containing physical security, cybersecurity, and 
various other security-focused measures and procedures.
---------------------------------------------------------------------------

    \2\ The Protecting and Securing Chemical Facilities from 
Terrorist Attacks Act of 2014 (also known as the CFATS Act of 2014, 
Public Law 113-254) codified the CFATS program into the Homeland 
Security Act of 2002. See 6 U.S.C. 621 et seq., as amended by Public 
Law 116-136, Sec. 16007 (2020).
    \3\ See 6 CFR 27.200(b)(2).
    \4\ See 6 CFR 27.220.
---------------------------------------------------------------------------

    On November 20, 2007, DHS published a list of COI in Appendix A to 
6 CFR part 27.\5\ The final version of

[[Page 496]]

Appendix A included 49 chemicals that the Department of Transportation 
(DOT) lists as Class 1, Division 1.1 explosives at 49 CFR 172.101, with 
two broad exceptions.\6\ Appendix A classifies all Division 1.1 
explosives as posing both Release-Explosive and Theft/diversion-
Explosives/Improvised Explosive Device Precursor (Theft/diversion-EXP/
IEDP) security issues.
---------------------------------------------------------------------------

    \5\ Appendix A to the CFATS Final Rule, 72 FR 65396, 65420-65434 
(Nov. 20, 2007).
    \6\ These exceptions include explosives which DOT uses a generic 
shipping name with the suffix ``N.O.S.'' or ``not otherwise 
specified'', and articles or devices listed on DOT's Hazardous 
Materials Table at 49 CFR 172.101. See 75 FR at 65402-03.
---------------------------------------------------------------------------

    DHS included Division 1.1 explosives in Appendix A notwithstanding 
the Department of Justice's ATF regulation of the purchase, possession, 
storage, and transportation of the same types of explosives.\7\ In an 
ANPRM that preceded the promulgation of the CFATS regulations and 
Appendix A, DHS noted that the authorizing statute \8\ for CFATS 
excluded many types of facilities that were already the subject of 
existing federal security regulations.\9\ This suggested a possibility 
of regulatory overlap between CFATS and ATF regulatory programs. DHS 
stated that ``where there is concurrent jurisdiction [between DHS and 
ATF or another Federal agency], the Department will work closely with 
other Federal agencies [(e.g., ATF)] to ensure that regulated 
facilities can comply with applicable regulations while minimizing any 
duplication.'' \10\
---------------------------------------------------------------------------

    \7\ See 27 CFR part 555, subpart C.
    \8\ See Public Law 109-295, sec. 550 (Oct. 4, 2006) (codified as 
amended at 6 U.S.C. 621(3)(B) and (4)).
    \9\ See Chemical Facility Anti-Terrorism Standards; Advance 
Notice of Rulemaking, 71 FR 78276, 78290 (Dec. 28, 2006).
    \10\ See Chemical Facility Anti-Terrorism Standards; Interim 
Final Rule, 72 FR 17688, 17718-19 (Apr. 9, 2007).
---------------------------------------------------------------------------

    Division 1.1 explosives included in Appendix A are ``explosive 
materials'' as defined in 18 U.S.C. 841(c) and are subject to ATF 
regulation. ATF regulations require persons storing any explosives to 
follow certain safety and theft-prevention precautions, including 
specific requirements governing the secure storage of explosives and 
inspection of magazines.\11\ While ATF regulations and CFATS 
regulations are both geared towards preventing the theft and release of 
explosive materials, the two agencies do not regulate facilities in a 
similar manner, which can potentially lead to additional security 
efforts and regulatory compliance burdens for Division 1.1 explosives. 
The business premises of an explosives licensee or permittee is subject 
to entry by ATF for the specific purpose of inspective or examining 
records and documents required to be kept by a licensee or permitee 
pursuant to 18 U.S.C. chapter 40 and its implementing regulations, as 
well as any explosive materials kept or stored at the premises.\12\ 
While magazines in which explosive materials are stored must meet 
standards of public safety and security against theft as provided in 27 
CFR part 555, subpart K, ATF may not require additional measures--such 
as those described above in the CFATS regulations--to address security 
risks or vulnerability to terrorist attack or incident of a business 
premises when issuing a new or renewal license or permit.\13\
---------------------------------------------------------------------------

    \11\ See 27 CFR part 555, subpart K.
    \12\ See 18 U.S.C. 843(f) and 27 CFR 555.24.
    \13\ See 18 U.S.C. 843 and 27 CFR part 555, subparts D and E.
---------------------------------------------------------------------------

    CFATS and ATF regulations differ substantially, and the interaction 
between them can be complex. In many instances, compliance with the 
measures required to comply with ATF regulations and industry best 
practices result in some facilities not tiering as high-risk under 
CFATS. Therefore, this small portion of facilities has no additional 
regulatory obligations under CFATS after submission of a Top-Screen. 
For example, all explosives must be stored in compliance with ATF 
standoff-distance \14\ and similar requirements, which mitigate the 
consequences of an explosion at the facility. The consequences from an 
explosion is a factor that CISA uses to determine whether a facility is 
high-risk. Because facilities that possess threshold quantities of 
release-explosive COI are required to comply with ATF standoff/storage 
regulations, CISA has never designated a facility as high risk on the 
basis that the facility contains COI classified as a ``release-
explosives'' threat.
---------------------------------------------------------------------------

    \14\ ``Standoff distance'' refers to the requirement that 
explosive materials be stored a prescribed distance away from 
inhabited buildings, public highways, other magazines, and other 
infrastructure. See 27 CFR 555.218-224.
---------------------------------------------------------------------------

    While the above is an example of a way in which CFATS and ATF 
regulations dovetail effectively, sometimes the regulations do not 
correspond so cleanly. For example, a small number of facilities, 
despite adhering to ATF regulations regarding the secure storage of 
explosive materials,\15\ have been: (1) Considered high-risk under 
CFATS as a result of possession of explosives under the ``theft/
diversion'' security issue, and (2) required to implement additional 
security measures to satisfy CFATS requirements, such as implementing 
cybersecurity and detection mechanisms.
---------------------------------------------------------------------------

    \15\ See 27 CFR part 555, subpart K.
---------------------------------------------------------------------------

    The partial regulatory overlap has led to frustration among some 
stakeholders in the explosives community and has led CISA to conduct a 
comprehensive review of the respective programs' regulatory 
requirements. As a result, CISA is considering modifications to 
Appendix A to remove Division 1.1 explosive chemicals from the COI 
listed in Appendix A.

III. Discussion

    It is the policy of the executive branch to prudently manage the 
costs associated with governmental imposition of private expenditures 
required to comply with Federal regulations.\16\ Agencies have long 
been charged to ``avoid regulations that are inconsistent, 
incompatible, or duplicative with [their] other regulations or those of 
other Federal agencies.'' \17\ Given these and other polices, and given 
the partial overlap between DHS and ATF regulations on Division 1.1 
explosives, as well as the relatively small number of facilities 
subject to this overlap, CISA is reconsidering whether to regulate 
facilities that possess explosives subject to ATF regulations is 
``prudent and financially responsible in the expenditure of funds, from 
both public and private sources.''
---------------------------------------------------------------------------

    \16\ Exec. Order No. 13,771, Sec. 1., 82 FR 9339 at 9339 (Feb. 
3, 2017).
    \17\ Exec. Order No. 12,866, Sec. 1(b)(10), 58 FR 51735 (Oct. 4, 
1993).
---------------------------------------------------------------------------

    At this time, CISA is considering whether the elimination of the 
burden of dual regulation of Division 1.1 explosive chemicals between 
CISA and ATF programs could be warranted. To this end, CISA is 
soliciting comments on amending Appendix A to remove all Division 1.1 
explosives from the list of COI listed in Appendix A. If Appendix A is 
so amended, facility operators would no longer be required to count 
Division 1.1 explosives when determining whether their facilities are 
subject to the Top-Screen requirements pursuant to 6 CFR 27.200.
    At the time of the promulgation of CFATS, DHS believed that the 
increased security value of having high-risk facilities that possessed 
Division 1.1 explosives regulated under CFATS was worth the increased 
cost. In 2007, DHS distinguished its approach from the deference that 
the Environmental Protection Agency (EPA) had shown ATF regulations by 
noting that ``EPA's decisions were based on safety and the prevention 
of an accidental release [and that] DHS is concerned with an

[[Page 497]]

intentional attack on an explosives facility.'' \18\ For these reasons, 
CFATS listed Division 1.1 explosives as presenting both Release-
Explosive \19\ and Theft/diversion-EXP/IEDP \20\ security issues.
---------------------------------------------------------------------------

    \18\ 72 FR 65396, 65403 (emphasis added).
    \19\ Release-Explosive chemicals have potential to affect 
populations within and beyond the facility if intentionally 
denotated. 72 FR 65396, 65397 (Nov. 20, 2007).
    \20\ Theft/Diversion-Explosives EXP/IEDP chemicals could be 
stolen or diverted and used in explosives or IEDs. Id. at 65397.
---------------------------------------------------------------------------

    However, since implementation of the CFATS program, CISA has found 
that, for many facilities, possession of Division 1.1 explosives at the 
quantity triggering reporting for the Release-Explosive security issue 
under CFATS (i.e., 5,000 pounds or more) would not result in the risk 
of a large number of fatalities if attacked. Thus, CISA does not 
currently regulate any facilities for possession of Division 1.1 
explosives for the Release-Explosive security concern. This is because 
facilities that possess Division 1.1 explosives are required to comply 
with ATF's table of distances for storage of explosive materials (i.e. 
standoff distances) at 27 CFR 555.218-224. The enhanced CFATS risk-
tiering methodology implemented beginning in October 2016 accounts for 
the increased security resulting from ATF's table-of-distance 
regulations, which protects against offsite impacts of an explosive 
release, whether accidental or intentional.
    We note that while ATF's and CISA's regulations differ 
substantially, other agencies have deferred to ATF's explosives 
expertise when considering regulation of explosives facilities. In 
1998, while developing the Risk Management Plan regulations, the EPA 
issued a final rule removing Division 1.1 explosives from its list of 
regulated substances for accidental release prevention.\21\ In removing 
Division 1.1 explosives from regulation, the EPA concluded that the ``. 
. . current [ATF and other] regulations and current and contemplated 
industry practices promote safety and accident prevention in storage, 
handling, transportation, and use of explosives,'' making them adequate 
for EPA's purposes.\22\ While the ATF regulates explosives materials 
and the CFATS regulates the chemical facilities possessing explosive 
materials, CISA notes that ATF's current regulations address a number 
of the same safety and security precautions as the CFATS regulations 
for Division 1.1 explosives.
---------------------------------------------------------------------------

    \21\ List of Regulated Substances and Thresholds for Accidental 
Release Prevention; Amendments, 63 FR 640, 641 (Jan. 6, 1998) 
(announcing effective date of final rule amending 40 CFR part 68).
    \22\ Id.
---------------------------------------------------------------------------

    Other facilities that possess Division 1.1 explosives are 
considered high-risk under CFATS under the Theft/diversion-EXP/IEDP 
security issue, in part because of the concerns presented by the 
prospect of physical or cyber-focused security breaches. CISA currently 
regulates 85 facilities that possess Division 1.1 explosive COI under 
the Theft/diversion-EXP/IEDP security issue. Many of these facilities 
possess other COI regulated by CFATS that are not Division 1.1 
explosives. If Division 1.1 explosives were removed from Appendix A, 
CISA estimates that 24 facilities would no longer be regulated as high-
risk under CFATS.
    Though CFATS includes cybersecurity and some other requirements 
such as security plans, security equipment, training, or recording/
reporting of threats that are not accounted for in ATF's framework, ATF 
regulations include some important theft-prevention and inventory-
tracking standards \23\ and adherence with ATF requirements is verified 
through periodic regulatory inspections of ATF's construction and 
locking requirements for magazines as well as reporting of theft/
loss.\24\ For these reasons, it may be appropriate to rely solely on 
ATF's standards to address the threat that Division 1.1 explosives 
could be diverted. Further supporting this argument is the fact that 
ATF's secure-storage and related requirements appear to have 
successfully driven down the number of thefts of commercial explosives 
nationwide--with only three such thefts having been reported during the 
2019 calendar year.\25\ However, there has been a slight increase in 
the number of reported losses.\26\ ATF's standards are applied across 
the explosives industry, covering thousands of entities that 
manufacture, distribute, receive, ship, and/or import explosives, while 
DHS' standards are applied only to a small number of the highest-risk 
facilities (85 chemical facilities). Given the wide application of ATF 
regulations across the explosives industry and their success in 
limiting thefts of commercial explosives, we believe there may be value 
in uniform application of security measures for these materials.
---------------------------------------------------------------------------

    \23\ See 27 CFR part 555.
    \24\ See 27 CFR 555.207-211 and 555.30.
    \25\ United States Bomb Data Center, 2019 Explosives Incident 
Report, 15 (2019), https://www.atf.gov/file/143481/download.
    \26\ Id. at 16. The number of reported losses at commercial 
facilities nationwide has increased somewhat in the past five years, 
from 95 in 2015 to 113 in 2019.
---------------------------------------------------------------------------

IV. Request for Comments

    Prior to implementing the enhanced tiering methodology in October 
of 2016, DHS published a CFATS ANPRM on August 18, 2014, to seek public 
comment on ways in which the CFATS regulation and program might be 
improved.\27\ The ANPRM solicited public comments on any and all 
aspects of 6 CFR part 27, including Appendix A. The Department also 
conducted seven listening sessions for the ANPRM. In addition, the 
Department published a notice on October 16, 2015 in the Federal 
Register soliciting additional public comments through November 30, 
2015 about Appendix A to the CFATS regulation and conducted a 
roundtable discussion and public listening session on October 27, 
2015.\28\
---------------------------------------------------------------------------

    \27\ CFATS Advance Notice of Proposed Rulemaking, 79 FR 48693 
(Aug. 18, 2014).
    \28\ CFATS Appendix A, Notice of Public Meeting, 80 FR 62504 
(Oct. 16, 2015).
---------------------------------------------------------------------------

    In response to the 2014 CFATS ANPRM, the Department received 
several detailed comments relevant to the coverage of Division 1.1 
explosives under CFATS generally encouraging the Department to remove 
Division 1.1 explosives for both release-explosive and theft/diversion-
EXP/IEDP security issues.\29\ Commenters also generally suggested that 
ATF's regulations governing commerce in explosives located at 27 CFR 
part 555 are sufficient and that the security obligations imposed by 
CFATS under 6 CFR part 27 are unnecessary. CISA also published a 
retrospective economic analysis of the CFATS program and received one 
responsive comment about facilities that are regulated by CFATS and the 
ATF.\30\
---------------------------------------------------------------------------

    \29\ The public comments provided in response to the August 2014 
ANPRM are posted on www.regulations.gov under docket number DHS-
2014-0016.
    \30\ Retrospective Analysis of the Chemical Facility Anti-
Terrorism Standards, 85 FR 37393 (Jun. 22, 2020).
---------------------------------------------------------------------------

    In light of the time that has passed since 2015, and the changes to 
the tiering methodology made since then, CISA is soliciting comments 
from stakeholders on the current coverage of release-explosive and 
theft/diversion-EXP/IEDP COI under CFATS and on the proposed 
elimination of these COI from Appendix A. Specifically:
    (1) Should CISA remove Division 1.1 explosives for consideration as 
a release-explosive security concern? Why or why not?
    (2) Should CISA remove Division 1.1 explosives for consideration as 
a theft/diversion-EXP/IEDP security concern? Why or why not?

[[Page 498]]

    (3) How would the removal of Division 1.1 explosives impact the 
security posture of chemical facilities?
    (4) Would the removal of Division 1.1 explosives impact the 
regulatory burden of CFATS on chemical facilities? If so, in what ways 
and to what extent?

V. Signature

    The Acting Secretary of Homeland Security, Chad F. Wolf, having 
reviewed and approved this document, has delegated the authority to 
electronically sign this document to Chad R. Mizelle, who is the Senior 
Official Performing the Duties of the General Counsel for DHS, for 
purposes of publication in the Federal Register.

Chad R. Mizelle,
Senior Official Performing the Duties of the General Counsel Department 
of Homeland Security.
[FR Doc. 2020-27768 Filed 1-5-21; 8:45 am]
BILLING CODE 4410-10-P