The following is part of a series of thought pieces authored by members and friends of the START Consortium. These editorial columns reflect the opinions of the author(s), and not necessarily the opinions of the START Consortium. This series is penned by scholars who have grappled with complicated and often politicized topics, and our hope is that they will foster thoughtful reflection and discussion by professionals and students alike.
At the end of July this year, the office of Tom Coburn, ranking member of the Senate Homeland Security and Government Affairs Committee, released a report assessing efforts to secure America’s chemical facilities from terrorist threats. For those who pay attention to the security of the nation’s critical infrastructure, the report held many disconcerting findings. Not the least of which was that – after eight years and $595 million dollars spent on a government program to secure chemical facilities – there have been only 39 compliance inspections of 4,011 covered facilities, a grand total of less than one tenth of one percent of facilities. Even worse, the existing security regime only applies to a portion of U.S. entities that produce, store or transport dangerously toxic chemicals. Simply put, the chemical industry in the United States may not be well-secured, a state of affairs that could be exploited by suitably motivated terrorists. More troubling, it is far from apparent that the government, or the chemical industry itself, has a clear idea of the extent to which facilities are, or are not, secure.
The technical and organizational requirements to use a chemical facility as a weapon are much lower than those associated with the development or production of traditional chemical weapons and are well within the reach of the majority of terrorist groups. Although basic security measures such as fences and security guards might be effective in deterring casual criminality, they are unlikely to constitute a significant deterrent to determined terrorist attackers. As was illustrated by a recently completed START study, there are numerous terrorist groups that are actively interested in employing chemical weapons against civilian populations to inflict large numbers of casualties. These include international jihadists such as al-Qa’ida and its derivative organizations, apocalyptic millenarian cults, and domestic right wing extremists. Actors within these movements have demonstrated a willingness and capacity to inflict mass-casualties, and have used or sought chemical agents in the past. Although there have to date been few terrorist attacks or plots entailing the use of chemical facilities in attacks, this does not mean that the threat is purely notional. START’s Chemical and Biological Non-State Adversaries Database (CABNSAD) includes two particularly troubling planned facility attacks in the United States that were interdicted by authorities before they could be carried out.
The first was in 1997, the so-called ‘Sour-Gas Plot,’ in which a group affiliated with the Ku Klux Klan intended to detonate explosives at a natural-gas processing facility in Texas in order to release large quantities of hydrogen-sulfide gas from on-site storage tanks. Their expectation was that the release would attract first-responders to the site which would allow them to rob an armored car in a nearby town without interference. The second incident was a planned bomb attack at a bulk propane storage facility in Elk Grove, California, intended to capitalize on public concerns related to the end of the millennium and undermine confidence in government. The plotters, a pair of extreme-right militia members, were arrested in December 2000 before they could carry out their plans. Although both of these plots involved facilities that can be classed as petrochemical in nature, there is no reason to think that a potential perpetrator would limit itself to this particular type of facility.
Beyond foiled plots, the potential for chemical facilities to cause great harm has been demonstrated on a number of occasions, most notably in the Indian city of Bhopal in 1984, where the release of a large quantity of methyl-isocyanate killed or seriously injured over 10,000 people. More recently, the West, Texas ammonia plant explosion in 2013 that caused more than 200 casualties and considerable destruction in the local community, demonstrated the substantial potential risks posed by chemical plants in the United States. In addition to the physical harm done in both of these incidents, they are significant for demonstrating that using such facilities to do harm is neither impossible, nor impractical. Irrespective of whether Bhopal was the result of deliberate action by a disgruntled employee – as many believe – or some other cause, it demonstrated clearly that under the right conditions chemical plants have the potential to release large clouds of toxic substances.
The explosion at the West Fertilizer Plant is significant not only as an example of the harm potential of chemical facilities, but also as a useful illustration of the implications of inadequate security and lax adherence to safety and security regulations. The local sheriff’s department noted that the “perimeter was not fenced, and the facility had no burglar alarms or security guards.” This was despite a well-publicized industrywide problem of anhydrous ammonia thefts for the illegal production of methamphetamine. There were 11 reports of burglaries and five separate ammonia leaks associated with thefts at the West plant over the period 2000 to 2012. A further concern associated with the West facility is the presence, at the time of the explosion, of several hundred thousand pounds of ammonium nitrate – in breach of state and federal regulations. Federal laws passed in the wake of the 1995 Oklahoma City bombing require facilities storing large amounts of ammonium nitrate to report their holdings to Federal agencies and adopt appropriate security measures. Not only did the operators of the West Fertilizer Plant not report their ammonium nitrate stockpile, it appears this significant breach went undetected by DHS until after the tragic explosion.
This brings us to how chemical facility security is regulated in the U.S. Historically, the EPA has played a role in mitigating the hazard posed by releases from chemical facilities, by requiring risk management plans from plant owners and monitoring the use of extremely dangerous chemicals. But these measures were generally established with accidents in mind. In 2007, however, Congress acknowledged the singular threat posed by intentional attacks on inadequately secured chemical facilities, introducing the Chemical Facility Anti-Terrorism Standards (CFATS) program. Implemented by the Office of Infrastructure Protection (OIP) in the National Protection and Programs Directorate of DHS, CFATS operates in conjunction with a list of Chemicals of Interest (COIs) and associated threshold quantities.
CFATS employs a multi-step, arguably inefficient, process to assess and regulate chemical facilities, initiated through a facility’s self-reported inventory (Top Screen) of the quantity of any COIs they possess. Those facilities considered risky enough to warrant CFATS regulation subsequently submit a secondary assessment, a site plan, and are subject to a number of inspections, with complex and lengthy approval or authorization processes accompanying each step. If a facility’s submission or inspection does not meet CFATS’ standards, its owners are required to re-submit plans or be conditionally denied authorization or approval, slowing down the process. This would be laudable if it was really reflecting a facility’s vulnerability, but industry experts have testified that CFATS standards are far from clearly enunciated, which itself might be a major source of the need for resubmission and hence the major backlog in approvals..
CFATS also faces issues with facilities outside the program’s jurisdiction – for example, water treatment plants are exempted – and has been accused of shifting the inherent risk of working with hazardous chemicals to other parts of the industry. One illustratively glaring loophole is that, since chemical transport does not fall under CFATS, companies can simply park railway cars filled with toxic chemicals just outside their facilities so that the quantities of chemicals inside the facilities fall below CFATS thresholds, resulting in a degraded rather than upgraded security situation. Moreover, CFATS has trouble ensuring that it identifies all potential hazardous facilities due to its reliance on what is essentially a voluntary reporting process (though CFATS is authorized to request a Top Screen report from facilities – as long as it knows about them). Thus, although the regulations set out by the CFATS program were designed to mitigate the threat posed by terrorist attacks involving chemical facilities in the U.S., major gaps in its coverage remain.
Given that almost no stakeholders reject the threat outright, why has it proven so difficult to adequately secure our nation’s chemical facilities? The answer lies in a trifecta of failure. The first offender has been the shortsightedness of the chemical industry itself. While begrudgingly acknowledging that there is a place for regulation in ensuring the security of chemical facilities from attack, the chemical industry – often through associations like the American Chemistry Council and the Society of Chemical Manufacturers and Affiliates – has fallen into the well-worn pattern of using its influence to water down any mandates and create loopholes in the relevant legislation, instead arguing that voluntary efforts adopted by the industry are sufficient. They seem to forget that while Dow Chemical, 3M and similar large, multinational enterprises have indeed established commendable facility security programs, this does not necessarily extend to the thousands of smaller companies whose chemical stores might be just as attractive to terrorists. The chemical industry has been especially resistant to efforts to oblige companies to, where possible, substitute less toxic chemicals in their processes through the adoption of so-called inherently safer technology (IST), which would make the facilities less dangerous in terms of both accidental and intentional release and is viewed as a key element in making the nation safer from chemical threats. Industry representatives have consistently opposed all attempts in this regard, starting as soon as then-Senator John Corzine proposed such measures in the aftermath of 9/11.
The U.S. Congress, tasked with providing the legislative framework for securing the nation, has often fallen short of its duty as well. Even after hearing from all quarters after 9/11 that threats against chemical facilities posed a significant danger to large numbers of American citizens, it took Congress a full six years to address the issue in the 2007 Homeland Security Appropriations Act, which established the CFATS system. Even then, as we have seen, the solution was only a partial one at best. What is perhaps more disconcerting is that what should have been a clear bipartisan issue has become the exact opposite, with any attempts in the legislature to bolster the security of chemical facilities being approached along strict party lines. This continues up to the present – note that it was the minority staff alone who published the recent scathing “Chemical Insecurity” report.
It is the Department of Homeland Security – and in particular its Office of Infrastructure Protection – however, that must shoulder much of the blame for the continued systemic uncertainties in chemical facility security. After finally being given at least some authority to regulate chemical security in 2007, its performance in implementing the CFATS program has been dismal at best. Several official reports, of which the Coburn Report is merely the latest, have revealed a litany of missteps and mismanagement, including: flaws in the risk assessment methodology employed leading to inaccuracies and misclassifications of facilities; the implementing unit (the Infrastructure Security Compliance Division)’s poor training, oversight and morale; the imposition of onerous yet often superfluous reporting burdens (even relatively small facilities have had to submit up to 2,000 pages of forms); and an ostensibly adversarial attitude to regulated companies – not to mention the glacially slow implementation of the CFATS process noted above. In that regard, while CFATS has improved its operational output in recent years, the most generous estimates still predict it will be three to four years before the highest-risk sites in the US are all compliant with CFATS regulation – and even then there are concerns that thoroughness could be sacrificed for rapidity, creating a false sense of security.
Ineffective implementation and the lack of tangible results ultimately led to the Coburn report quite plainly stating that “CFATS is not reducing our nation’s risk of a terrorist attack on domestic chemical infrastructure.” Indeed, the unsatisfactory implementation of the overall chemical security mission by DHS has arguably soured any enthusiasm that once may have existed within industry for enhancing security, thus fueling a vicious cycle in which necessary enhancements in chemical security face even more obdurate opposition and partisan wrangling in Congress.
What, then, can be done to remedy the situation? Starting with Congress, there has been some forward momentum on the issue – given that the existing CFATS legislation will expire in October 2014, the House passed H.R. 4007 in July, which renews the program on a permanent basis and fixes some (but by no means all) of the original legislation’s shortcomings. For example, it provides for the sharing of relevant information with first responders and allows for third-party inspections to speed up the process, but still excludes facilities like wastewater treatment plants and does not mention IST. Nonetheless, we cannot throw the baby out with the bathwater and the Senate should take up and pass the House Bill without delay, since the alternative would be the dissolution in October of any federal scheme, leaving an uneven patchwork of state regulations. Foregoing a baseline federal facility security regime is far from adequate when one considers that terrorists will always tend towards exploiting the weakest link in any security system. Under the current legislation, states would still be able to augment federal regulations and they would do well to emulate states like New Jersey, which has mandated certain best practices and required many plants to assess the feasibility of ISTs.
On the implementation side, the Office of Infrastructure Protection at DHS needs to capitalize on the funding and regulatory opportunities provided by H.R. 4007 by finally engaging in competent implementation of CFATS. This includes clear, concise guidelines for industry reporting, more robust and transparent risk assessment methodologies, and a far more collaborative (although not hostage) relationship with industry, as envisioned in the legislation. For industry’s part, it needs to take advantage of the improvements in H.R. 4007 and meet DHS halfway by, for example, helping DHS identify facilities (like the West Fertilizer Plant) that fail to send in Top Screens. It can also drop its reticence to the inclusion of water treatment plants in CFATS and work with government to introduce carrots (e.g. tax-breaks) and sticks (e.g. exclusion from industry safety/security certification) to incentivize the more widespread adoption of IST. This might even create a virtuous cycle, since fewer facilities with the most toxic chemicals would lower the number of CFATS covered facilities and thus decrease the burden on DHS.
As Skip Elliott, director of hazardous materials for CSX Corp. railroads (a major transporter of chemicals) argued as far back as 1999, in the context of potential terrorist attacks, “You can't stop evil people from doing evil things.” But what we can do is stop them from turning our own infrastructure against us to cause mass casualties. Just as the failure of the current chemical security regime had its roots in the actions or inaction of Congress, DHS, and private industry working against each other, the solution lies in all three parties working together. While far from perfect, all parties should grab fast to the lifeline offered by H.R. 4007 and use it as a foundation for the long-overdue task of genuinely and collaboratively securing the nation’s chemical infrastructure.
 Tom Coburn, “Chemical Insecurity: An Assessment of Efforts to Secure the Nation’s Chemical Facilities from Terrorist Threats,” U.S. Senate Homeland Security & Governmental Affairs Committee (July 29th, 2014): 18.
 Gary A. Ackerman et al., Anatomizing Chemical and Biological Non-State Adversaries: Identifying the Adversary. Report prepared for the Project on Advanced Systems and Concepts for Countering WMD (PASCC), Center on Contemporary Conflict, Naval Postgraduate School (College Park, MD.: National Consortium for the Study of Terrorism and Responses to Terrorism, 2014).
 Chemical and Biological Non-State Adversaries Database (CABNSAD), (College Park, MD.: National Consortium for the Study of Terrorism and Responses to Terrorism, 2014).
 Selam Gebrekidan and Joshua Schneyer, “Texas fertilizer plant had a history of theft, tampering,” Milwaukee Wisconsin Journal Sentinel, May 4, 2013, http://www.jsonline.com/news/usandworld/at-texas-fertilizer-plant-a-history-of-theft-tampering-ar9qv80-206104341.html
 “Learn about the Toxics Release Inventory,” United States Environmental Protection Agency, last updated July 24, 2014, http://www2.epa.gov/toxics-release-inventory-tri-program/learn-about-toxics-release-inventory.
 Office of the Inspector General, “Effectiveness of the Infrastructure Security Compliance Division's Management Practices to Implement the Chemical Facility Anti-Terrorism Standards Program,” Department of Homeland Security (March, 2013): 13.
 The Chemical Facility Anti-Terrorism Standards Program: A Progress Report: Hearing Before the Subcommittee on the Environment and the Economy of the Committee on Energy and Commerce of the House of Representatives, 112th Congress, 2nd Session (September 11, 2012): 65.
 Tom Coburn, “Chemical Insecurity: An Assessment of Efforts to Secure the Nation’s Chemical Facilities from Terrorist Threats,” U.S. Senate Homeland Security & Governmental Affairs Committee (July 29th, 2014): 6.
 Margaret E. Kosal, Chemical Terrorism: US Policies to Reduce The Chemical Terror Threat, Partnership for a Secure America: Washington, D.C. (September 2008), p. 23. For a more general discussion of the threat, see: Margaret E. Kosal, “Terrorism Targeting Industrial Chemical Facilities: Strategic Motivations and the Implications for U.S. Security,” Studies in Conflict & Terrorism, Volume 29, Issue 7 (2006).
 See also: Stephen S. Caldwell, “Observations on DHS Efforts to Identify, Prioritize, Assess, and Inspect Chemical Facilities,” United States Government Accountability Office (February 27, 2014); Office of the Inspector General, “Effectiveness of the Infrastructure Security Compliance Division's Management Practices to Implement the Chemical Facility Anti-Terrorism Standards Program,” Department of Homeland Security (March, 2013); Homeland Security Studies and Analysis Institute, CFATS Tiering Methodology Peer Review (For Official Use Only) (Falls Church, Virginia: October 2013); and Dana A. Shea, “Implementation of Chemical Facility Anti-Terrorism Standards (CFATS): Issues for Congress,” Congressional Research Service (April 2, 2014).
 Tom Coburn, “Chemical Insecurity: An Assessment of Efforts to Secure the Nation’s Chemical Facilities from Terrorist Threats,” U.S. Senate Homeland Security & Governmental Affairs Committee (July 29th, 2014): ii.
 Ibid., at 19.
 Ibid., at 26.
 Stephen C. Fehr, “Some Localities Ill Prepared for a Spill,” Washington Post, October 10, 1999,