Chemical Security:

Overlapping Programs Could Better Collaborate to Share Information and Identify Potential Security Gaps

GAO-21-12: Published: Jan 21, 2021. Publicly Released: Jan 21, 2021.

Additional Materials:

Contact:

Nathan Anderson
(206) 287-4804
AndersonN@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Thousands of facilities use hazardous chemicals, and hundreds of them are subject to both Department of Homeland Security anti-terrorism standards and other federal chemical safety or security programs.

We reviewed 8 such programs and compared them to DHS's standards. We found some overlap, duplication, and fragmentation. For example, facilities may be developing duplicative information to comply with multiple programs. Even though some facilities may be subject to multiple programs, those not subject to DHS standards—such as water systems—may have gaps in oversight.

We recommended identifying potential security gaps and more.

Chemical Facility Storage Tanks

A series of large, white tanks ringed by walkways, stairs, pipes, and valves.

Additional Materials:

Contact:

Nathan Anderson
(206) 287-4804
AndersonN@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

Eight federal programs addressing chemical safety or security from four departments or agencies that GAO reviewed contain requirements or guidance that generally align with at least half of the Department of Homeland Security's (DHS) 18 Chemical Facility Anti-Terrorism Standards (CFATS) program standards. At least 550 of 3,300 (16 percent) facilities subject to the CFATS program are also subject to other federal programs. Analyses of CFATS and these eight programs indicate that some overlap, duplication, and fragmentation exists, depending on the program or programs to which a facility is subject. For example,

  • six federal programs' requirements or guidance indicate some duplication with CFATS. CFATS program officials acknowledge similarities among these programs' requirements or guidance, some of which are duplicative, and said that the CFATS program allows facilities to meet CFATS program standards by providing information they prepared for other programs.
  • more than 1,600 public water systems or wastewater treatment facilities are excluded under the CFATS statute, leading to fragmentation. While such facilities are subject to other programs, those programs collectively do not contain requirements or guidance that align with four CFATS standards. According to DHS, public water systems and wastewater treatment facilities are frequently subject to safety regulations that may have some security value, but in most cases, these facilities are not required to implement security measures commensurate to their level of security risk, which may lead to potential security gaps.

The departments and agencies responsible for all nine of these chemical safety and security programs—four of which are managed by DHS, three by the Environmental Protection Agency (EPA), and one each managed by the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) and the Department of Transportation (DOT)—have previously worked together to enhance information collection and sharing in response to Executive Order 13650, issued in 2013. This Executive Order directed these programs to take actions related to improving federal agency coordination and information sharing.

However, these programs have not identified which facilities are subject to multiple programs, such that facilities may be unnecessarily developing duplicative information to comply with multiple programs. Although CFATS allows facilities to use information they prepared for other programs, CFATS program guidance does not specify what information facilities can reuse. Finally, DHS and EPA leaders acknowledged that there are differences between CFATS requirements and the security requirements for public water systems and wastewater treatment facilities, but they have not assessed the extent to which potential security gaps may exist. By leveraging collaboration established through the existing Executive Order working group, the CFATS program and chemical safety and security partners would be better positioned to minimize unnecessary duplication between CFATS and other programs and better ensure the security of facilities currently subject to fragmented requirements.

Why GAO Did This Study

Facilities with hazardous chemicals could be targeted by terrorists to inflict mass casualties or damage. Federal regulations applicable to chemical safety and security have evolved over time as authorizing statutes and regulations established programs for different purposes, such as safety versus security, and with different enforcement authorities. GAO has reported that such programs may be able to achieve greater efficiency where overlap exists by reducing duplication and better managing fragmentation.

GAO was asked to review issues related to the effects that overlap, duplication, and fragmentation among the multiple federal programs may have on the security of the chemical sector. This report addresses the extent to which (1) such issues may exist between CFATS and other federal programs, and (2) the CFATS program collaborates with other federal programs. GAO analyzed the most recent available data on facilities subject to nine programs from DHS, EPA, ATF, and DOT; reviewed and analyzed statutes, regulations, and program guidance; and interviewed agency officials.

What GAO Recommends

GAO is making seven recommendations, including that DHS, EPA, ATF, and DOT identify facilities subject to multiple programs; DHS clarify guidance; and DHS and EPA assess security gaps. Agencies generally agreed with six; EPA did not agree with the recommendation on gaps. GAO continues to believe it is valid, as discussed in the report.

For more information, contact Nathan Anderson at (206) 287-4804 or AndersonN@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Secretary of DHS should direct its chemical safety and security programs to collaborate with partners and establish an iterative and ongoing process to identify the extent to which CFATS-regulated facilities are also covered by other programs with requirements or guidance that generally align with some CFATS standards. (Recommendation 1)

    Agency Affected: Department of Homeland Security

  2. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Administrator of the EPA should direct its chemical safety and security programs to collaborate with partners and establish an iterative and ongoing process to identify the extent to which the facilities that it regulates are also covered by the CFATS program. (Recommendation 2)

    Agency Affected: Environmental Protection Agency

  3. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Director of ATF should direct its explosive materials programs to collaborate with chemical safety and security program partners and establish an iterative and ongoing process to identify the extent to which the facilities that it regulates are also covered by the CFATS program. (Recommendation 3)

    Agency Affected: Department of Justice: Bureau of Alcohol, Tobacco, Firearms and Explosives

  4. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Secretary of Transportation should direct its hazardous materials transportation program to collaborate with chemical safety and security partners and establish an iterative and ongoing process to identify the extent to which the facilities that it regulates are also covered by the CFATS program. (Recommendation 4)

    Agency Affected: Department of Transportation

  5. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Director of DHS's Cybersecurity and Infrastructure Security Agency should update CFATS program guidance or fact sheets to include a list of commonly accepted actions facilities may have taken and information they may have prepared pursuant to other federal programs, and disseminate this information. (Recommendation 5)

    Agency Affected: Department of Homeland Security: Cybersecurity and Infrastructure Security Agency

  6. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: DHS's Cybersecurity and Infrastructure Security Agency should collaborate with the EPA to assess the extent to which potential security gaps exist at water and wastewater facilities and, if gaps exist, develop a legislative proposal for how best to address them and submit it to the Secretary of Homeland Security and Administrator of EPA, and Congress, as appropriate. (Recommendation 6)

    Agency Affected: Department of Homeland Security: Cybersecurity and Infrastructure Security Agency

  7. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The EPA should collaborate with the DHS's Cybersecurity and Infrastructure Security Agency to assess the extent to which potential security gaps exist at water and wastewater facilities and, if gaps exist, develop a legislative proposal for how best to address them and submit it to the Secretary of Homeland Security and Administrator of EPA, and Congress, as appropriate. (Recommendation 7)

    Agency Affected: Environmental Protection Agency

 

Explore the full database of GAO's Open Recommendations »

Mar 3, 2021

Mar 1, 2021

Feb 26, 2021

Feb 25, 2021

Feb 23, 2021

Feb 19, 2021

Feb 12, 2021

Feb 3, 2021

Feb 2, 2021

Jan 28, 2021

Looking for more? Browse all our products here