Washington, D.C. — House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA), Committee Ranking Member Frank Pallone, Jr. (D-NJ), Environment, Manufacturing, & Critical Materials Subcommittee Chair Bill Johnson (R-OH), Subcommittee Ranking Member Paul Tonko (D-NY), and Congressman August Pfluger (R-TX) today sent a letter to Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly regarding the status and renewal of the Chemical Facility Anti-Terrorism Standards (CFATS) program.  

This letter comes ahead of CFATS' statutory authority sunset date, which is July 27. CFATS regulates facilities possessing chemicals at or above certain levels determined to present "high levels of security risk" and regularly requires them to assess their vulnerabilities and implement security measures to minimize risks of terrorism.  

Excerpts and highlights below: 

“On October 4, 2006, the legal authority first creating the Chemical Facility Anti-Terrorism Standards (CFATS) program first became effective. CFATS requires certain facilities, whose possession or planned possession of chemicals at or above certain levels determined to present ‘high levels of security risk,’ to assess their vulnerabilities and implement security measures to minimize terrorism risks posed by those vulnerabilities. These facilities can fall under numerous types of industries and sectors, including chemical manufacturing, storage and distribution, energy and utilities, agriculture and food, explosives, mining, electronics, plastics, colleges and universities, laboratories, paint and coatings, and healthcare and pharmaceuticals.   

“On July 27, 2023, the statutory authority undergirding the entire CFATS program is scheduled to sunset. In anticipation of any congressional efforts to extend the CFATS’s program, we would like to understand better the operation of CFATS.” 

Members asked Director Easterly to answer the following questions:  

1. What steps has the Cybersecurity & Infrastructure Security Agency (CISA) taken to improve transparency of and understanding about the high-risk tiering process among regulated stakeholders? If CISA has taken steps to improve transparency, has CISA conducted outreach to stakeholders and others to determine if those steps improved understanding? 
2. What steps, if any, has CISA taken in the last three years to change the way it protects chemical-terrorism vulnerability information (CVI)? Does CISA have plans to change the scope or treatment of CVI? What steps is CISA taking to communicate with other Federal agencies about use of CVI as part of their programs?  
3. There are reports that CISA may soon begin a rulemaking that impacts the CFATS program, including changing the risk methodology, the list of chemicals and their thresholds under Appendix A, and cybersecurity. Please confirm, for each of those three (3) specific areas whether CISA will be proposing a new rule in this area, the need identified and the precise purpose for each of these proposed changes, and the timeline for action on these rules and whether these timelines will be subject to the Administrative Procedures Act or some other legal set of guidelines? 
4. Has CISA remedied all deficiencies identified by passed reports from the Government Accountability Office (GAO)? If not, which ones are still outstanding? Does CISA employ training standards for CFATS inspection and compliance officers, including the use of minimum qualification requirement for inspectors to demonstrate knowledge and understanding of CFATS facilities? 
5. What action(s) does CISA’s main office in Washington, D.C. take to ensure that the regional offices are uniformly implementing CFATS across the country? Is there an accountability process to prevent one region from operating a very different program from another? 
6. The issue of drone activity around CFATS regulated facilities is getting increased attention. What actions has CISA taken and what plans does CISA have to address this matter? 
7. ISA is proposing to reinitiate the statutorily required regulation on the sale of ammonium nitrate (AN). Has CISA taken steps to understand the impact such regulations will have on CFATS-regulated facilities? If so, please detail the efforts CISA has undertaken, including as part of compliance with Executive Orders, to address the burden of these regulations and any overlap that they may engender? How is this effort different than the prior efforts, starting with the first proposed rule in 2011? Has CISA taken steps to understand the impact the absence of such regulation has had on its ability to combat terrorism? 

CLICK HERE to read the full letter.