[House Report 111-313] [From the U.S. Government Publishing Office] 111th Congress Report HOUSE OF REPRESENTATIVES 1st Session 111-313 ====================================================================== DRINKING WATER SYSTEM SECURITY ACT OF 2009 _______ October 23, 2009.--Committed to the Committee of the Whole House on the State of the Union and ordered to be printed _______ Mr. Waxman, from the Committee on Energy and Commerce, submitted the following R E P O R T together with DISSENTING VIEWS [To accompany H.R. 3258] [Including cost estimate of the Congressional Budget Office] The Committee on Energy and Commerce, to whom was referred the bill (H.R. 3258) to amend the Safe Drinking Water Act to enhance the security of the public water systems of the United States, having considered the same, report favorably thereon with an amendment and recommend that the bill as amended do pass. CONTENTS Page Amendment........................................................ 2 Purpose and Summary.............................................. 11 Background and Need for Legislation.............................. 11 Legislative History.............................................. 12 Committee Consideration.......................................... 12 Committee Votes.................................................. 13 Committee Oversight Findings and Recommendations................. 13 New Budget Authority, Entitlement Authority, and Tax Expenditures 13 Statement of General Performance Goals and Objectives............ 13 Constitutional Authority Statement............................... 14 Earmarks and Tax and Tariff Benefits............................. 14 Advisory Committee Statement..................................... 14 Applicability of Law to Legislative Branch....................... 14 Federal Mandates Statement....................................... 15 Committee Cost Estimate.......................................... 15 Congressional Budget Office Estimate............................. 15 Section-by-Section Analysis of the Legislation................... 18 Changes in Existing Law Made by the Bill, as Reported............ 25 Dissenting Views................................................. 44 Amendment The amendment is as follows: Strike all after the enacting clause and insert the following: SECTION 1. SHORT TITLE. This Act may be cited as the ``Drinking Water System Security Act of 2009''. SEC. 2. INTENTIONAL ACTS AFFECTING THE SECURITY OF COVERED WATER SYSTEMS. (a) Amendment of Safe Drinking Water Act.--Section 1433 of the Safe Drinking Water Act (42 U.S.C. 300i-2) is amended to read as follows: ``SEC. 1433. INTENTIONAL ACTS. ``(a) Risk-Based Performance Standards; Vulnerability Assessments; Site Security Plans; Emergency Response Plans.-- ``(1) In general.--The Administrator shall issue regulations-- ``(A) establishing risk-based performance standards for the security of covered water systems; and ``(B) establishing requirements and deadlines for each covered water system-- ``(i) to conduct a vulnerability assessment or, if the system already has a vulnerability assessment, to revise the assessment to be in accordance with this section; ``(ii) to update the vulnerability assessment not less than every 5 years and promptly after any change at the system that could cause the reassignment of the system to a different risk- based tier under subsection (d); ``(iii) to develop, implement, and, as appropriate, revise a site security plan not less than every 5 years and promptly after a revision to the vulnerability assessment; ``(iv) to develop an emergency response plan (or, if the system has already developed an emergency response plan, to revise the plan to be in accordance with this section) and revise the plan not less than every 5 years thereafter; and ``(v) to provide annual training to employees and contractor employees of covered water systems on implementing site security plans and emergency response plans. ``(2) Covered water systems.--For purposes of this section, the term `covered water system' means a public water system that-- ``(A) is a community water system serving a population greater than 3,300; or ``(B) in the discretion of the Administrator, presents a security risk making regulation under this section appropriate. ``(3) Consultation with state authorities.--In developing and carrying out the regulations under paragraph (1), the Administrator shall consult with States exercising primary enforcement responsibility for public water systems. ``(4) Consultation with other persons.--In developing and carrying out the regulations under paragraph (1), the Administrator shall consult with the Secretary of Homeland Security, and, as appropriate, other persons regarding-- ``(A) provision of threat-related and other baseline information to covered water systems; ``(B) designation of substances of concern; ``(C) development of risk-based performance standards; ``(D) establishment of risk-based tiers and process for the assignment of covered water systems to risk- based tiers; ``(E) process for the development and evaluation of vulnerability assessments, site security plans, and emergency response plans; ``(F) treatment of protected information; ``(G) security at co-managed drinking water and wastewater facilities; and ``(H) such other matters as the Administrator determines necessary. ``(5) Substances of concern.--For purposes of this section, the Administrator, in consultation with the Secretary of Homeland Security-- ``(A) may designate any chemical substance as a substance of concern; ``(B) at the time any substance is designated pursuant to subparagraph (A), shall establish by rule a threshold quantity for the release or theft of the substance, taking into account the toxicity, reactivity, volatility, dispersability, combustibility, and flammability of the substance and the amount of the substance that, as a result of a release, is known to cause or may be reasonably anticipated to cause death, injury, or serious adverse effects to human health or the environment; and ``(C) in making such a designation, shall take into account appendix A to part 27 of title 6, Code of Federal Regulations (or any successor regulations). ``(6) Baseline information.--The Administrator, after consultation with appropriate departments and agencies of the Federal Government and with State, local, and tribal governments, shall, for purposes of facilitating compliance with the requirements of this section, promptly after the effective date of the regulations under subsection (a)(1) and as appropriate thereafter, provide baseline information to covered water systems regarding which kinds of intentional acts are the probable threats to-- ``(A) substantially disrupt the ability of the system to provide a safe and reliable supply of drinking water; ``(B) cause the release of a substance of concern at the covered water system; or ``(C) cause the theft, misuse, or misappropriation of a substance of concern. ``(b) Risk-Based Performance Standards.--The regulations under subsection (a)(1) shall set forth risk-based performance standards for site security plans required by this section. The standards shall be separate and, as appropriate, increasingly stringent based on the level of risk associated with the covered water system's risk-based tier assignment under subsection (d). In developing such standards, the Administrator shall take into account section 27.230 of title 6, Code of Federal Regulations (or any successor regulations). ``(c) Vulnerability Assessment.--The regulations under subsection (a)(1) shall require each covered water system to assess the system's vulnerability to a range of intentional acts, including an intentional act that results in a release of a substance of concern that is known to cause or may be reasonably anticipated to cause death, injury, or serious adverse effects to human health or the environment. At a minimum, the vulnerability assessment shall include a review of-- ``(1) pipes and constructed conveyances; ``(2) physical barriers; ``(3) water collection, pretreatment, treatment, storage, and distribution facilities, including fire hydrants; ``(4) electronic, computer, and other automated systems that are used by the covered water system; ``(5) the use, storage, or handling of various chemicals, including substances of concern; ``(6) the operation and maintenance of the covered water system; and ``(7) the covered water system's resiliency and ability to ensure continuity of operations in the event of a disruption caused by an intentional act. ``(d) Risk-Based Tiers.--The regulations under subsection (a)(1) shall provide for 4 risk-based tiers applicable to covered water systems, with tier one representing the highest degree of security risk. ``(1) Assignment of risk-based tiers.-- ``(A) Submission of information.--The Administrator may require a covered water system to submit information in order to determine the appropriate risk- based tier for the covered water system. ``(B) Factors to consider.--The Administrator shall assign (and reassign when appropriate) each covered water system to one of the risk-based tiers established pursuant to this subsection. In assigning a covered water system to a risk-based tier, the Administrator shall consider the potential consequences (such as death, injury, or serious adverse effects to human health, the environment, critical infrastructure, national security, and the national economy) from-- ``(i) an intentional act to cause a release, including a worst-case release, of a substance of concern at the covered water system; ``(ii) an intentional act to introduce a contaminant into the drinking water supply or disrupt the safe and reliable supply of drinking water; and ``(iii) an intentional act to steal, misappropriate, or misuse substances of concern. ``(2) Explanation for risk-based tier assignment.--The Administrator shall provide each covered water system assigned to a risk-based tier with the reasons for the tier assignment and whether such system is required to submit an assessment under subsection (g)(2). ``(e) Development and Implementation of Site Security Plans.--The regulations under subsection (a)(1) shall permit each covered water system, in developing and implementing its site security plan required by this section, to select layered security and preparedness measures that, in combination, appropriately-- ``(1) address the security risks identified in its vulnerability assessment; and ``(2) comply with the applicable risk-based performance standards required under this section. ``(f) Role of Employees.-- ``(1) Description of role.--Site security plans and emergency response plans required under this section shall describe the appropriate roles or responsibilities that employees and contractor employees are expected to perform to deter or respond to the intentional acts described in subsection (d)(1)(B). ``(2) Training for employees.--Each covered water system shall annually provide employees and contractor employees with roles or responsibilities described in paragraph (1) with a minimum of 8 hours of training on carrying out those roles or responsibilities. ``(3) Employee participation.--In developing, revising, or updating a vulnerability assessment, site security plan, and emergency response plan required under this section, a covered water system shall include-- ``(A) at least one supervisory and at least one non- supervisory employee of the covered water system; and ``(B) at least one representative of each certified or recognized bargaining agent representing facility employees or contractor employees with roles or responsibilities described in paragraph (1), if any, in a collective bargaining relationship with the private or public owner or operator of the system or with a contractor to that system. ``(g) Methods To Reduce the Consequences of a Chemical Release From an Intentional Act.-- ``(1) Definition.--In this section, the term `method to reduce the consequences of a chemical release from an intentional act' means a measure at a covered water system that reduces or eliminates the potential consequences of a release of a substance of concern from an intentional act such as-- ``(A) the elimination or reduction in the amount of a substance of concern possessed or planned to be possessed by a covered water system through the use of alternate substances, formulations, or processes; ``(B) the modification of pressures, temperatures, or concentrations of a substance of concern; and ``(C) the reduction or elimination of onsite handling of a substance of concern through improvement of inventory control or chemical use efficiency. ``(2) Assessment.--For each covered water system that possesses or plans to possess a substance of concern in excess of the release threshold quantity set by the Administrator under subsection (a)(5), the regulations under subsection (a)(1) shall require the covered water system to include in its site security plan an assessment of methods to reduce the consequences of a chemical release from an intentional act at the covered water system. The covered water system shall provide such assessment to the Administrator and the State exercising primary enforcement responsibility for the covered water system, if any. The regulations under subsection (a)(1) shall require the system, in preparing the assessment, to consider factors appropriate to the system's security, public health, or environmental mission, and include-- ``(A) a description of the methods to reduce the consequences of a chemical release from an intentional act; ``(B) how each described method to reduce the consequences of a chemical release from an intentional act could, if applied, reduce the potential extent of death, injury, or serious adverse effects to human health resulting from a chemical release; ``(C) how each described method to reduce the consequences of a chemical release from an intentional act could, if applied, affect the presence of contaminants in treated water, human health, or the environment; ``(D) whether each described method to reduce the consequences of a chemical release from an intentional act at the covered water system is feasible, as defined in section 1412(b)(4)(D), but not including cost calculations under subparagraph (E); ``(E) the costs (including capital and operational costs) and avoided costs (including savings and liabilities) associated with applying each described method to reduce the consequences of a chemical release from an intentional act at the covered water system; ``(F) any other relevant information that the covered water system relied on in conducting the assessment; and ``(G) a statement of whether the covered water system has implemented or plans to implement one or more methods to reduce the consequences of a chemical release from an intentional act, a description of any such methods, and, in the case of a covered water system described in paragraph (3)(A), an explanation of the reasons for any decision not to implement any such methods. ``(3) Required methods.-- ``(A) Application.--This paragraph applies to a covered water system-- ``(i) that is assigned to one of the two highest risk-based tiers under subsection (d); and ``(ii) that possesses or plans to possess a substance of concern in excess of the release threshold quantity set by the Administrator under subsection (a)(5). ``(B) Highest-risk systems.--If, on the basis of its assessment under paragraph (2), a covered water system described in subparagraph (A) decides not to implement methods to reduce the consequences of a chemical release from an intentional act, the State exercising primary enforcement responsibility for the covered water system, if the system is located in such a State, or the Administrator, if the covered water system is not located in such a State, shall, in accordance with a timeline set by the Administrator-- ``(i) determine whether to require the covered water system to implement the methods; and ``(ii) for States exercising primary enforcement responsibility, report such determination to the Administrator. ``(C) State or administrator's considerations.-- Before requiring, pursuant to subparagraph (B), the implementation of a method to reduce the consequences of a chemical release from an intentional act, the State exercising primary enforcement responsibility for the covered water system, if the system is located in such a State, or the Administrator, if the covered water system is not located in such a State, shall consider factors appropriate to the security, public health, and environmental missions of covered water systems, including an examination of whether the method-- ``(i) would significantly reduce the risk of death, injury, or serious adverse effects to human health resulting directly from a chemical release from an intentional act at the covered water system; ``(ii) would not increase the interim storage of a substance of concern by the covered water system; ``(iii) would not render the covered water system unable to comply with other requirements of this Act or drinking water standards established by the State or political subdivision in which the system is located; and ``(iv) is feasible, as defined in section 1412(b)(4)(D), to be incorporated into the operation of the covered water system. ``(D) Appeal.--Before requiring, pursuant to subparagraph (B), the implementation of a method to reduce the consequences of a chemical release from an intentional act, the State exercising primary enforcement responsibility for the covered water system, if the system is located in such a State, or the Administrator, if the covered water system is not located in such a State, shall provide such covered water system an opportunity to appeal the determination to require such implementation made pursuant to subparagraph (B) by such State or the Administrator. ``(4) Incomplete or late assessments.-- ``(A) Incomplete assessments.--If the Administrator finds that the covered water system, in conducting its assessment under paragraph (2), did not meet the requirements of paragraph (2) and the applicable regulations, the Administrator shall, after notifying the covered water system and the State exercising primary enforcement responsibility for that system, if any, require the covered water system to submit a revised assessment not later than 60 days after the Administrator notifies such system. The Administrator may require such additional revisions as are necessary to ensure that the system meets the requirements of paragraph (2) and the applicable regulations. ``(B) Late assessments.--If the Administrator finds that a covered water system, in conducting its assessment pursuant to paragraph (2), did not complete such assessment in accordance with the deadline set by the Administrator, the Administrator may, after notifying the covered water system and the State exercising primary enforcement responsibility for that system, if any, take appropriate enforcement action under subsection (o). ``(C) Review.--The State exercising primary enforcement responsibility for the covered water system, if the system is located in such a State, or the Administrator, if the system is not located in such a State, shall review a revised assessment that meets the requirements of paragraph (2) and applicable regulations to determine whether the covered water system will be required to implement methods to reduce the consequences of an intentional act pursuant to paragraph (3). ``(5) Enforcement.-- ``(A) Failure by state to make determination.-- Whenever the Administrator finds that a State exercising primary enforcement responsibility for a covered water system has failed to determine whether to require the covered water system to implement methods to reduce the consequences of a chemical release from an intentional act, as required by paragraph (3)(B), the Administrator shall so notify the State and covered water system. If, beyond the thirtieth day after the Administrator's notification under the preceding sentence, the State has failed to make the determination described in such sentence, the Administrator shall so notify the State and covered water system and shall determine whether to require the covered water system to implement methods to reduce the consequences of a chemical release from an intentional act based on the factors described in paragraph (3)(C). ``(B) Failure by state to bring enforcement action.-- If the Administrator finds, with respect to a period in which a State has primary enforcement responsibility for a covered water system, that the system has failed to implement methods to reduce the consequences of a chemical release from an intentional act (as required by the State or the Administrator under paragraph (3)(B) or the Administrator under subparagraph (A)), the Administrator shall so notify the State and the covered water system. If, beyond the thirtieth day after the Administrator's notification under the preceding sentence, the State has not commenced appropriate enforcement action, the Administrator shall so notify the State and may commence an enforcement action against the system, including by seeking or imposing civil penalties under subsection (o), to require implementation of such methods. ``(C) Consideration of continued primary enforcement responsibility.--For a State with primary enforcement responsibility for a covered water system, the Administrator may consider the failure of such State to make a determination as described under subparagraph (A) or to bring enforcement action as described under subparagraph (B) when determining whether a State may retain primary enforcement responsibility under this Act. ``(6) Guidance for covered water systems assigned to tier 3 and tier 4.--For covered water systems required to conduct an assessment under paragraph (2) and assigned by the Administrator to tier 3 or tier 4 under subsection (d), the Administrator shall issue guidance and, as appropriate, provide or recommend tools, methodologies, or computer software, to assist such covered water systems in complying with the requirements of this section. ``(h) Review by Administrator.-- ``(1) In general.--The regulations under subsection (a)(1) shall require each covered water system to submit its vulnerability assessment and site security plan to the Administrator for review according to deadlines set by the Administrator. The Administrator shall review each vulnerability assessment and site security plan submitted under this section and-- ``(A) if the assessment or plan has any significant deficiency described in paragraph (2), require the covered water system to correct the deficiency; or ``(B) approve such assessment or plan. ``(2) Significant deficiencies.--A vulnerability assessment or site security plan of a covered water system has a significant deficiency under this subsection if the Administrator, in consultation, as appropriate, with the State exercising primary enforcement responsibility for such system, if any, determines that-- ``(A) such assessment does not comply with the regulations established under section (a)(1); or ``(B) such plan-- ``(i) fails to address vulnerabilities identified in a vulnerability assessment; or ``(ii) fails to meet applicable risk-based performance standards. ``(3) State, regional, or local governmental entities.--No covered water system shall be required under State, local, or tribal law to provide a vulnerability assessment or site security plan described in this section to any State, regional, local, or tribal governmental entity solely by reason of the requirement set forth in paragraph (1) that the system submit such an assessment and plan to the Administrator. ``(i) Emergency Response Plan.-- ``(1) In general.--Each covered water system shall prepare or revise, as appropriate, an emergency response plan that incorporates the results of the system's most current vulnerability assessment and site security plan. ``(2) Certification.--Each covered water system shall certify to the Administrator that the system has completed an emergency response plan. The system shall submit such certification to the Administrator not later than 6 months after the system's first completion or revision of a vulnerability assessment under this section and shall submit an additional certification following any update of the emergency response plan. ``(3) Contents.--A covered water system's emergency response plan shall include-- ``(A) plans, procedures, and identification of equipment that can be implemented or used in the event of an intentional act at the covered water system; and ``(B) actions, procedures, and identification of equipment that can obviate or significantly lessen the impact of intentional acts on public health and the safety and supply of drinking water provided to communities and individuals. ``(4) Coordination.--As part of its emergency response plan, each covered water system shall provide appropriate information to any local emergency planning committee, local law enforcement officials, and local emergency response providers to ensure an effective, collective response. ``(j) Maintenance of Records.--Each covered water system shall maintain an updated copy of its vulnerability assessment, site security plan, and emergency response plan. ``(k) Audit; Inspection.-- ``(1) In general.--Notwithstanding section 1445(b)(2), the Administrator, or duly designated representatives of the Administrator, shall audit and inspect covered water systems, as necessary, for purposes of determining compliance with this section. ``(2) Access.--In conducting an audit or inspection of a covered water system, the Administrator or duly designated representatives of the Administrator, as appropriate, shall have access to the owners, operators, employees and contractor employees, and employee representatives, if any, of such covered water system. ``(3) Confidential communication of information; aiding inspections.--The Administrator, or a duly designated representative of the Administrator, shall offer non- supervisory employees of a covered water system the opportunity confidentially to communicate information relevant to the employer's compliance or noncompliance with this section, including compliance or noncompliance with any regulation or requirement adopted by the Administrator in furtherance of the purposes of this section. A representative of each certified or recognized bargaining agent described in subsection (f)(3)(B), if any, or, if none, a non-supervisory employee, shall be given an opportunity to accompany the Administrator, or the duly designated representative of the Administrator, during the physical inspection of any covered water system for the purpose of aiding such inspection, if representatives of the covered water system will also be accompanying the Administrator or the duly designated representative of the Administrator on such inspection. ``(l) Protection of Information.-- ``(1) Prohibition of public disclosure of protected information.--Protected information shall-- ``(A) be exempt from disclosure under section 552 of title 5, United States Code; and ``(B) not be made available pursuant to any State, local, or tribal law requiring disclosure of information or records. ``(2) Information sharing.-- ``(A) In general.--The Administrator shall prescribe such regulations, and may issue such orders, as necessary to prohibit the unauthorized disclosure of protected information, as described in paragraph (7). ``(B) Sharing of protected information.--The regulations under subparagraph (A) shall provide standards for and facilitate the appropriate sharing of protected information with and between Federal, State, local, and tribal authorities, first responders, law enforcement officials, designated supervisory and non- supervisory covered water system personnel with security, operational, or fiduciary responsibility for the system, and designated facility employee representatives, if any. Such standards shall include procedures for the sharing of all portions of a covered water system's vulnerability assessment and site security plan relating to the roles and responsibilities of system employees or contractor employees under subsection (f)(1) with a representative of each certified or recognized bargaining agent representing such employees, if any, or, if none, with at least one supervisory and at least one non- supervisory employee with roles and responsibilities under subsection (f)(1). ``(C) Penalties.--Protected information, as described in paragraph (7), shall not be shared except in accordance with the standards provided by the regulations under subparagraph (A). Any person who purposefully publishes, divulges, discloses, or makes known protected information in any manner or to any extent not authorized by the standards provided by the regulations under subparagraph (A), shall, upon conviction, be imprisoned for not more than one year or fined in accordance with the provisions of chapter 227 of title 18, United States Code, applicable to class A misdemeanors, or both, and, in the case of Federal employees or officeholders, shall be removed from Federal office or employment. ``(3) Treatment of information in adjudicative proceedings.-- In any judicial or administrative proceeding, protected information, as described in paragraph (7), shall be treated in a manner consistent with the treatment of Sensitive Security Information under section 525 of the Department of Homeland Security Appropriations Act, 2007 (Public Law 109-295; 120 Stat. 1381). ``(4) Other obligations unaffected.--Except as provided in subsection (h)(3), nothing in this section amends or affects an obligation of a covered water system-- ``(A) to submit or make available information to system employees, employee organizations, or a Federal, State, tribal, or local government agency under any other law; or ``(B) to comply with any other law. ``(5) Congressional oversight.--Nothing in this section permits or authorizes the withholding of information from Congress or any committee or subcommittee thereof. ``(6) Disclosure of independently furnished information.-- Nothing in this section amends or affects any authority or obligation of a Federal, State, local, or tribal agency to protect or disclose any record or information that the Federal, State, local, or tribal agency obtains from a covered water system or the Administrator under any other law. ``(7) Protected information.-- ``(A) In general.--For purposes of this section, protected information is any of the following: ``(i) Vulnerability assessments and site security plans under this section, including any assessment developed pursuant to subsection (g)(2). ``(ii) Documents directly related to the Administrator's review of assessments and plans described in clause (i) and, as applicable, the State's review of an assessment prepared under subsection (g)(2). ``(iii) Documents directly related to inspections and audits under this section. ``(iv) Orders, notices, or letters regarding the compliance of a covered water system with the requirements of this section. ``(v) Information required to be provided to, or documents and records created by, the Administrator under subsection (d). ``(vi) Documents directly related to security drills and training exercises, security threats and breaches of security, and maintenance, calibration, and testing of security equipment. ``(vii) Other information, documents, and records developed exclusively for the purposes of this section that the Administrator determines would be detrimental to the security of one or more covered water systems if disclosed. ``(B) Detriment requirement.--For purposes of clauses (ii), (iii), (iv), (v), and (vi) of subparagraph (A), the only portions of documents, records, orders, notices, and letters that shall be considered protected information are those portions that-- ``(i) would be detrimental to the security of one or more covered water systems if disclosed; and ``(ii) are developed by the Administrator, the State, or the covered water system for the purposes of this section. ``(C) Exclusions.--For purposes of this section, protected information does not include-- ``(i) information that is otherwise publicly available, including information that is required to be made publicly available under any law; ``(ii) information that a covered water system has lawfully disclosed other than in accordance with this section; and ``(iii) information that, if disclosed, would not be detrimental to the security of one or more covered water systems, including aggregate regulatory data that the Administrator determines appropriate to describe system compliance with the requirements of this section and the Administrator's implementation of such requirements. ``(m) Relation to Chemical Facility Security Requirements.--The following provisions (and any regulations promulgated thereunder) shall not apply to any public water system subject to this Act: ``(1) Title XXI of the Homeland Security Act of 2002 (as proposed to be added by H.R. 2868, the Chemical Facility Anti- Terrorism Act of 2009). ``(2) Section 550 of the Department of Homeland Security Appropriations Act, 2007 (Public Law 109-295). ``(3) The Chemical Facility Anti-Terrorism Act of 2009. ``(n) Preemption.--This section does not preclude or deny the right of any State or political subdivision thereof to adopt or enforce any regulation, requirement, or standard of performance with respect to a covered water system that is more stringent than a regulation, requirement, or standard of performance under this section. ``(o) Violations.-- ``(1) In general.--A covered water system that violates any requirement of this section, including by not implementing all or part of its site security plan by such date as the Administrator requires, shall be liable for a civil penalty of not more than $25,000 for each day on which the violation occurs. ``(2) Procedure.--When the Administrator determines that a covered water system is subject to a civil penalty under paragraph (1), the Administrator, after consultation with the State, for covered water systems located in a State exercising primary responsibility for the covered water system, and, after considering the severity of the violation or deficiency and the record of the covered water system in carrying out the requirements of this section, may-- ``(A) after notice and an opportunity for the covered water system to be heard, issue an order assessing a civil penalty under such paragraph for any past or current violation, requiring compliance immediately or within a specified time period; or ``(B) commence a civil action in the United States district court in the district in which the violation occurred for appropriate relief, including temporary or permanent injunction. ``(3) Methods to reduce the consequences of a chemical release from an intentional act.--Except as provided in subsections (g)(4) and (g)(5), if a covered water system is located in a State exercising primary enforcement responsibility for the system, the Administrator may not issue an order or commence a civil action under this section for any deficiency in the content or implementation of the portion of the system's site security plan relating to methods to reduce the consequences of a chemical release from an intentional act (as defined in subsection (g)(1)). ``(p) Report to Congress.-- ``(1) Periodic report.--Not later than 3 years after the effective date of the regulations under subsection (a)(1), and every 3 years thereafter, the Administrator shall transmit to the Committee on Energy and Commerce of the House of Representatives and the Committee on Environment and Public Works of the Senate a report on progress in achieving compliance with this section. Each such report shall include, at a minimum, the following: ``(A) A generalized summary of measures implemented by covered water systems in order to meet each risk- based performance standard established by this section. ``(B) A summary of how the covered water systems, differentiated by risk-based tier assignment, are complying with the requirements of this section during the period covered by the report and how the Administrator is implementing and enforcing such requirements during such period including-- ``(i) the number of public water systems that provided the Administrator with information pursuant to subsection (d)(1); ``(ii) the number of covered water systems assigned to each risk-based tier; ``(iii) the number of vulnerability assessments and site security plans submitted by covered water systems; ``(iv) the number of vulnerability assessments and site security plans approved and disapproved by the Administrator; ``(v) the number of covered water systems without approved vulnerability assessments or site security plans; ``(vi) the number of covered water systems that have been assigned to a different risk- based tier due to implementation of a method to reduce the consequences of a chemical release from an intentional act and a description of the types of such implemented methods; ``(vii) the number of audits and inspections conducted by the Administrator or duly designated representatives of the Administrator; ``(viii) the number of orders for compliance issued by the Administrator; ``(ix) the administrative penalties assessed by the Administrator for non-compliance with the requirements of this section; ``(x) the civil penalties assessed by courts for non-compliance with the requirements of this section; and ``(xi) any other regulatory data the Administrator determines appropriate to describe covered water system compliance with the requirements of this section and the Administrator's implementation of such requirements. ``(2) Public availability.--A report submitted under this section shall be made publicly available. ``(q) Grant Programs.-- ``(1) Implementation grants to states.--The Administrator may award grants to, or enter into cooperative agreements with, States, based on an allocation formula established by the Administrator, to assist the States in implementing this section. ``(2) Research, training, and technical assistance grants.-- The Administrator may award grants to, or enter into cooperative agreements with, non-profit organizations to provide research, training, and technical assistance to covered water systems to assist them in carrying out their responsibilities under this section. ``(3) Preparation grants.-- ``(A) Grants.--The Administrator may award grants to, or enter into cooperative agreements with, covered water systems to assist such systems in-- ``(i) preparing and updating vulnerability assessments, site security plans, and emergency response plans; ``(ii) assessing and implementing methods to reduce the consequences of a release of a substance of concern from an intentional act; and ``(iii) implementing any other security reviews and enhancements necessary to comply with this section. ``(B) Priority.-- ``(i) Need.--The Administrator, in awarding grants or entering into cooperative agreements for purposes described in subparagraph (A)(i), shall give priority to covered water systems that have the greatest need. ``(ii) Security risk.--The Administrator, in awarding grants or entering into cooperative agreements for purposes described in subparagraph (A)(ii), shall give priority to covered water systems that pose the greatest security risk. ``(4) Worker training grants program authority.-- ``(A) In general.--The Administrator shall establish a grant program to award grants to eligible entities to provide for training and education of employees and contractor employees with roles or responsibilities described in subsection (f)(1) and first responders and emergency response providers who would respond to an intentional act at a covered water system. ``(B) Administration.--The Administrator shall enter into an agreement with the National Institute of Environmental Health Sciences to make and administer grants under this paragraph. ``(C) Use of funds.--The recipient of a grant under this paragraph shall use the grant to provide for-- ``(i) training and education of employees and contractor employees with roles or responsibilities described in subsection (f)(1), including the annual mandatory training specified in subsection (f)(2) or training for first responders in protecting nearby persons, property, or the environment from the effects of a release of a substance of concern at the covered water system, with priority given to covered water systems assigned to tier one or tier two under subsection (d); and ``(ii) appropriate training for first responders and emergency response providers who would respond to an intentional act at a covered water system. ``(D) Eligible entities.--For purposes of this paragraph, an eligible entity is a nonprofit organization with demonstrated experience in implementing and operating successful worker or first responder health and safety or security training programs. ``(r) Authorization of Appropriations.-- ``(1) In general.--To carry out this section, there are authorized to be appropriated-- ``(A) $315,000,000 for fiscal year 2011, of which up to-- ``(i) $30,000,000 may be used for administrative costs incurred by the Administrator or the States, as appropriate; and ``(ii) $125,000,000 may be used to implement methods to reduce the consequences of a chemical release from an intentional act at covered water systems with priority given to covered water systems assigned to tier one or tier two under subsection (d); and ``(B) such sums as may be necessary for fiscal years 2012 through 2015. ``(2) Security enhancements.--Funding under this subsection for basic security enhancements shall not include expenditures for personnel costs or monitoring, operation, or maintenance of facilities, equipment, or systems.''. (b) Regulations; Transition.-- (1) Regulations.--Not later than 2 years after the date of the enactment of this Act, the Administrator of the Environmental Protection Agency shall promulgate final regulations to carry out section 1433 of the Safe Drinking Water Act, as amended by subsection (a). (2) Effective date.--Until the effective date of the regulations promulgated under paragraph (1), section 1433 of the Safe Drinking Water Act, as in effect on the day before the date of the enactment of this title, shall continue to apply. (3) Savings provision.--Nothing in this section or the amendment made by this section shall affect the application of section 1433 of the Safe Drinking Water Act, as in effect before the effective date of the regulations promulgated under paragraph (1), to any violation of such section 1433 occurring before such effective date, and the requirements of such section 1433 shall remain in force and effect with respect to such violation until the violation has been corrected or enforcement proceedings completed, whichever is later. SEC. 3. STUDY TO ASSESS THE THREAT OF CONTAMINATION OF DRINKING WATER DISTRIBUTION SYSTEMS. Not later than 180 days after the date of the enactment of this Act, the Administrator of the Environmental Protection Agency, in consultation with the Secretary of Homeland Security, shall-- (1) conduct a study to assess the threat of contamination of drinking water being distributed through public water systems, including fire main systems; and (2) submit a report to the Congress on the results of such study. Purpose and Summary H.R. 3258 is a bill to amend the Safe Drinking Water Act to enhance the security of the public water systems of the United States. Background and Need for Legislation In June 2002, Congress passed legislation to address security issues at community drinking water systems. The Public Health Security and Bioterrorism Preparedness and Response Act of 2002 added section 1433 to the Safe Drinking Water Act, which required community water systems serving more than 3,300 individuals to conduct an assessment of their vulnerability to terrorist attack or other intentional acts to disrupt a safe and reliable drinking water supply. Both President Clinton and President Bush issued directives on critical infrastructure protection relating to the water sector. In 1998, President Clinton issued Presidential Decision Directive 63, which designated the U.S. Environmental Protection Agency (EPA) as the lead federal agency for the water supply sector. In 2003, President Bush issued Homeland Security Presidential Directive 7, which affirmed EPA as the lead federal agency for coordinating protection of the nation's critical infrastructure for the water sector. This authority was later reaffirmed and expanded in Homeland Security Directive 9 on January 30, 2004. EPA established a Water Security Division within the Office of Ground Water and Drinking Water to carry out its water sector security responsibilities. In the fall of 2006, as part of the Homeland Security Appropriations bill, Congress authorized the Department of Homeland Security (DHS) to establish risk-based security performance standards for protecting certain chemical facilities. In April 2007, DHS finalized the Chemical Facility Anti-Terrorism Standards (CFATS). The authorizing statute and regulations exempted drinking water and wastewater facilities from the program, resulting in what DHS and EPA have called a ``critical security gap.'' On July 20, 2009, Chairman Waxman and Subcommittee on Energy and Environment Chairman Markey, joined by Reps. Capps, Pallone, Sarbanes, and Schakowsky, introduced the Drinking Water System Security Act of 2009 (H.R. 3258) to address security at drinking water facilities and close part of the security gap. Legislative History H.R. 3258 was introduced on July 20, 2009, by Chairman Waxman, Subcommittee on Energy and Environment Chairman Markey, and Reps. Pallone, Capps, Sarbanes, and Schakowsky. The Subcommittee on Energy and Environment held a legislative hearing on October 1, 2009, on two bills: H.R. 3258, the Drinking Water System Security Act of 2009, and H.R. 2868, the Chemical Facility Anti-Terrorism Act of 2009. The Subcommittee received testimony from two panels of witnesses. The witnesses on the first panel were the Hon. Peter Silva, Assistant Administrator, Office of Water, U.S. Environmental Protection Agency, and the Hon. Rand Beers, Under Secretary, National Protection and Programs Directorate, U.S. Department of Homeland Security. Panel 2 was comprised of four witnesses: Mr. Brian Ramaley, Director, Newport News Waterworks (Virginia) and President of the Board of Directors of the Association of Metropolitan Water Agencies; Mr. Marty Durbin, Vice President, Federal Affairs, American Chemical Council; Dr. Darius Sivin, Legislative Representative of the CWA-UAW Legislative Alliance; and Mr. Stephen Poorman, International EHS Manager, Fujifilm Imaging Colorants Chair, Safety and Security Committee, Society of Chemical Manufacturers and Affiliates. Committee Consideration On Wednesday, October 14, 2009, the Subcommittee on Energy and Environment considered H.R. 3258 in open markup session and favorably forwarded the bill to the full Committee by a voice vote. The Committee on Energy and Commerce met in open markup session on Wednesday, October 21, 2009, to consider H.R. 3258 as approved by the Subcommittee on Energy and Environment. Subsequently, the Committee ordered H.R. 3258 favorably reported to the House, amended, by a voice vote. Committee Votes Clause 3(b) of rule XIII of the Rules of the House of Representatives requires the Committee to list the recorded votes on the motion to report legislation and amendments thereto. The Committee agreed to a motion by Mr. Waxman to order H.R. 3258 favorably reported to the House, amended, by a voice vote. During the Committee's consideration of H.R. 3258, there were no recorded votes taken on amendments offered to the bill or the motion to report H.R. 3258 to the House. Committee Oversight Findings and Recommendations In compliance with clause 3(c)(1) of rule XIII of the Rules of the House of Representatives, the findings and recommendations of the Committee are reflected in the descriptive portions of this report. New Budget Authority, Entitlement Authority, and Tax Expenditures Regarding compliance with clause 3(c)(2) of rule XIII of the Rules of the House of Representatives, the Committee adopts as its own the estimate of budget authority and revenues regarding H.R. 3258 prepared by the Director of the Congressional Budget Office pursuant to section 402 of the Congressional Budget Act of 1974. The Committee finds that H.R. 3258 would result in no new or increased entitlement authority or tax expenditures. Statement of General Performance Goals and Objectives The purpose of H.R. 3258 is to strengthen security at drinking water facilities in order to prevent a terrorist attack that causes a chemical release, contaminates the water supply, or otherwise disrupts the ability of a water system to provide a safe and reliable supply of drinking water. Specific objectives include:Authorizing the Administrator of the U.S. Environmental Protection Agency to designate any chemical substance as a substance of concern; Requiring the Administrator to establish risk-based performance standards for community water systems serving more than 3,300 people and for other public water systems that the Administrator determines pose a security risk; Requiring the Administrator to consult with the Secretary of the Department of Homeland Security and state drinking water agencies when developing the drinking water security program; Requiring covered water systems to identify vulnerabilities through a security vulnerability assessment, develop a site security plan that addresses those vulnerabilities, and develop an emergency response plan; Allowing each covered water system to select layered security measures for their site security plans to meet risk-based performance standards, which vary by tier; Requiring covered water systems to include employees and their representatives in the development of vulnerability assessments and site security plans; Requiring the Administrator to review each vulnerability assessment and site security plan and authorizing the Administrator to require each system to correct significant deficiencies, if any, in its assessment or plan; Requiring all covered water systems with dangerous chemicals in amounts exceeding release thresholds that will be set by the Administrator to assess whether they can switch to safer chemicals or processes; Authorizing state drinking water agencies (and EPA for non-primacy states) to require a system in one of the two highest-risk tiers to switch to safer chemicals or processes if it is technologically and economically feasible and if doing so will not prevent the system from meeting its obligation to provide safe drinking water; Requiring state drinking water agencies (and EPA for non-primacy states) to provide an opportunity for a covered water system to appeal a determination if the water system disagrees with an order to switch to safer chemicals or processes; Requiring the Administrator to provide standards for the appropriate sharing of security information and to protect this information when disclosure would be harmful to the security of a covered water system; Setting criminal penalties for the purposeful, unlawful disclosure of this protected information; Authorizing the Administrator or his or her duly designated representative to audit and inspect covered water systems to determine compliance with this section; and Exempting public water systems from the requirements of the Department of Homeland Security's Chemical Facility Anti-Terrorism Standards. Constitutional Authority Statement Pursuant to clause 3(d)(1) of rule XIII of the Rules of the House of Representatives, the Committee finds that the constitutional authority for H.R. 3258 is provided in Article I, section 8, clauses 1, 3, and 18. Earmarks and Tax and Tariff Benefits H.R. 3258 does not contain any congressional earmarks, limited tax benefits, or limited tariff benefits as defined in clause 9 of rule XXI of the Rules of the House of Representatives. Advisory Committee Statement No advisory committees were created by H.R. 3258 within the meaning of section 5 U.S.C. App., 5(b) of the Federal Advisory Committee Act. Applicability of Law to the Legislative Branch The Committee finds that H.R. 3258 does not relate to the terms and conditions of employment or access to public services or accommodations within the meaning of section 102(b)(3) of the Congressional Accountability Act of 1985. Federal Mandates Statement The Committee adopts as its own the estimates of federal mandates prepared by the Director of the Congressional Budget Office pursuant to section 423 of the Unfunded Mandate Reform Act. Committee Cost Estimate Pursuant to clause 3(d) of rule XIII of the Rules of the House of Representatives, the Committee adopts as its own the cost estimate on H.R. 3258 prepared by the Director of the Congressional Budget Office pursuant to section 402 of the Congressional Budget Act. Congressional Budget Office Estimate Pursuant to clause 3(c)(3) of rule XIII of the Rules of the House of Representatives, the following is the cost estimate on H.R. 3258 provided by the Congressional Budget Office pursuant to section 402 of the Congressional Budget Act of 1974: October 23, 2009. Hon. Henry A. Waxman, Chairman, Committee on Energy and Commerce, House of Representatives, Washington, DC. Dear Mr. Chairman: The Congressional Budget Office has prepared the enclosed cost estimate for H.R. 3258, the Drinking Water System Security Act of 2009. If you wish further details on this estimate, we will be pleased to provide them. The CBO staff contact is Susanne S. Mehlman. Sincerely, Douglas W. Elmendorf. Enclosure. H.R. 3258--Drinking Water System Security Act of 2009 Summary: H.R. 3258 would authorize the Environmental Protection Agency (EPA) to regulate the security of community water systems serving more than 3,300 people and other public water systems that EPA determines present a security risk. Under the bill, EPA would develop regulations to require the covered water systems to perform vulnerability assessments and to establish site security plans and emergency response plans. In addition, EPA would provide grants to or enter into cooperative agreements with states, nonprofit organizations, or covered water systems to support research and training related to the security of such facilities, and for the preparation of assessments and plans related to security. The grants also could be used to implement security measures. CBO estimates that implementing H.R. 3258 would cost about $1 billion over the 2010-2014 period, assuming appropriation of the necessary amounts. Enacting H.R. 3258 could affect direct spending and receipts because the bill would establish new criminal and civil penalties against owners and operators of covered water systems and others who fail to comply with the bill's requirements. However, CBO estimates that any collections from such penalties would not be significant. H.R. 3258 contains intergovernmental and private-sector mandates as defined in the Unfunded Mandates Reform Act (UMRA) because it would impose new security requirements on owners and operators of drinking water systems. Because the costs of the mandates on state, local, and tribal governments would depend on future regulations, CBO cannot determine whether the aggregate costs of the mandates would exceed the annual threshold established in UMRA for intergovernmental entities ($69 million in 2009, adjusted annually for inflation). CBO estimates that the costs of the mandates to private-sector entities would probably fall below the annual threshold established in UMRA ($139 million in 2009, adjusted annually for inflation) because the number of privately owned systems is small. Estimated cost to the Federal Government: The estimated budgetary impact of H.R. 3258 is shown in the following table. The costs of this legislation fall within budget function 300 (natural resources and environment). ---------------------------------------------------------------------------------------------------------------- By fiscal year, in millions of dollars-- ------------------------------------------------------- 2010 2011 2012 2013 2014 2010-2014 ---------------------------------------------------------------------------------------------------------------- CHANGES IN SPENDING SUBJECT TO APPROPRIATION Estimated Authorization Level........................... 0 315 322 329 338 1,304 Estimated Outlays....................................... 0 126 271 324 332 1,053 ---------------------------------------------------------------------------------------------------------------- Basis of estimate: For this estimate, CBO assumes that H.R. 3258 will be enacted during fiscal year 2010, the amounts necessary to implement the bill will be appropriated each year, and that outlays will follow historical spending patterns for similar programs. This legislation would authorize the appropriation of $315 million for fiscal year 2011. Of that amount, $30 million would be used by EPA for administrative expenses, $125 million would be used to assist covered water systems use safer chemicals or reduce the amount of dangerous chemicals stored onsite, and $160 million would be used to fund grants. Grants could be used by states or nonprofit organizations to support training, prepare vulnerability assessments and security plans, and implement security enhancements, which would include, for example, the installation of surveillance equipment. For fiscal years 2012 through 2015, this legislation would authorize the appropriation of such sums as necessary. For each year after 2011, CBO estimates that EPA would require the same level of funding as in 2011, with annual adjustments for anticipated inflation, to support the requirements under the bill and the grants. In total, CBO estimates that enacting this legislation would cost about $1 billion over the 2011-2014 period. Intergovernmental and private-sector impact: H.R. 3258 contains intergovernmental and private-sector mandates as defined in UMRA because it would impose new security requirements on owners and operators of drinking water systems. Because the costs of the mandates on state, local, and tribal governments would depend on future regulations, CBO cannot determine whether the aggregate costs of the mandates would exceed the annual threshold established in UMRA for intergovernmental entities ($69 million in 2009, adjusted annually for inflation). CBO estimates that the costs of the mandates to private-sector entities would probably fall below the annual threshold established in UMRA ($139 million in 2009, adjusted annually for inflation) because the number of privately owned systems is small. Mandates that apply to public and private entities The bill would impose several new requirements on owners and operators of covered drinking water systems (those serving populations of over 3,300 people). The bill would require those facilities to comply with performance standards to be issued by EPA for facility security. Such standards could include infrastructure upgrades and changes to security procedures. The bill also would require owners and operators of covered water systems that possess chemicals in excess of a threshold set by EPA to assess and potentially implement alternative measures for increasing security at their facilities if such facilities are designated as high risk by EPA. Such measures include the use of alternative chemicals to process drinking water and modifications to chemical storage practices. The bill also would require owners and operators of covered water systems to update vulnerability assessments and emergency response plans, and to prepare and implement site security plans. Further, the bill would require owners and operators of covered water systems to maintain copies of planning documents, provide access for audits and inspections, and provide employees with training annually. Depending on future regulations governing performance standards, chemical thresholds, the number of covered water systems designated as high risk, and the implementation schedule for vulnerability assessments and site security plans, the costs to covered water systems could be significant. Those costs could result from new procedural requirements or, in some cases, capital improvements. At the same time, many water systems may already have security systems and procedures in place that would meet the new requirements. Because of uncertainty about the scope and implementation timeline of the bill's requirements, CBO has no basis for determining annual costs of the mandates on publicly owned systems. However, because the number of privately owned systems that would be affected is small, CBO estimates that the cost of the mandates to private-sector entities would fall below the annual threshold established in UMRA. Mandates that apply to public entities only H.R. 3258 would preempt state and local laws that provide public access to information and require covered water systems to submit security plans. The bill also would preempt any state or local regulation that would conflict with the security activities authorized by the bill. Further, the bill would require state, local, and tribal authorities, such as law enforcement officials, to share information. CBO estimates that the costs of those mandates would be small. Other impacts H.R. 3258 would authorize $125 million for fiscal year 2011 for grants to covered water systems to increase security at their facilities. The bill also would authorize such sums as necessary for fiscal years 2012 through 2015 for such activities. Estimate prepared by: Federal Costs: Susanne S. Mehlman; Impact on State, Local, and Tribal Governments: Ryan Miller; Impact on the Private Sector: Amy Petz. Estimate approved by: Peter H. Fontaine; Assistant Director for Budget Analysis. Section-by-Section Analysis of the Legislation Section 1. Short title This Act may be cited as the ``Drinking Water System Security Act of 2009.'' Section 2. Intentional acts affecting the security of covered water systems The Drinking Water System Security Act of 2009 replaces Section 1433 of the Safe Drinking Water Act (SDWA) as follows: Subsection (a). Risk-based performance standards; vulnerability assessments; site security plans; emergency response plans This subsection requires the Administrator of the Environmental Protection Agency (hereafter the ``Administrator'' and ``EPA'') to issue regulations establishing risk-based performance standards for covered drinking water systems. The Administrator also must establish deadlines and requirements for developing and updating vulnerability assessments, site security plans, and emergency response plans and providing training to employees of covered water systems. Covered water systems, by definition, include community water systems serving more than 3,300 people and other public water systems that the Administrator, in her discretion, determines present a security risk. The Committee intends for the Administrator to use this discretion to ensure that non- community water systems that serve many people, such as the water system at Walt Disney World, or systems that serve security-sensitive areas or facilities, such as Camp David, are sufficiently protected against intentional acts. It is not the Committee's intent for the Administrator to use this authority to regulate all community water systems that serve fewer than 3,300 people. In developing and implementing the regulations under this section, the Administrator must consult with states exercising primary enforcement responsibility for public water systems (hereafter ``states with primacy'') and other persons, including the Secretary of the Department of Homeland Security (hereafter the ``Secretary'' and ``DHS''). The Committee expects that EPA would utilize, with modifications as necessary to address the uniqueness of the sector, DHS's existing risk assessment tools and performance standards for chemical facilities. To ensure consistency of tiering determinations across industry sectors, EPA should apply DHS's tiering methodology, with modifications as necessary to reflect any differences in statutory requirements. The Administrator may designate any chemical as a ``substance of concern'' for the purposes of this section. When the Administrator designates a substance of concern, she must establish for each substance a threshold quantity for the release or theft of the substance. In making this designation, the Administrator must take into account Appendix A of the Chemical Facility Anti-Terrorism Standards (CFATS), which lists DHS's ``chemicals of interest.'' This subsection requires the Administrator to provide covered water systems with baseline information about probable threats to disrupt the safe and reliable supply of water, cause a release of a substance of concern at the covered water system, or steal, misuse, or misappropriate a substance of concern. Subsection (b). Risk-based performance standards This subsection requires the Administrator to develop risk- based performance standards for covered water systems to use in developing their site security plans. The standards should be more stringent for systems in higher-risk tiers. In developing these standards, the Administrator must take into account the risk-based performance standards in the CFATS program. Subsection (c). Vulnerability assessment This subsection requires each covered water system to assess the system's vulnerability to a range of intentional acts, including a release of a substance of concern that causes death or injury or other adverse effects. As part of its vulnerability assessment, the covered water system must review its pipes, physical barriers, water distribution facilities, computer systems, storage of substances of concern, and other factors. If a water system has completed a vulnerability assessment under the Public Health Security and Bioterrorism Preparedness and Response Act of 2002, the covered water system may update that assessment to comply with this subsection rather than compiling an entirely new assessment. Subsection (d). Risk-based tiers The Administrator must establish four risk-based tiers for covered water systems, with tier 1 representing the highest- risk tier. The Administrator may require each covered water system to submit information in order to assign (or reassign) the system to one of the risk-based tiers. In assigning a covered water system to a tier, the Administrator must consider the potential consequences of an intentional act to cause a release of a substance of concern at the covered water system, to introduce a contaminant into or otherwise disrupt the drinking water supply, and to steal, misuse, or misappropriate substances of concern. This subsection requires the Administrator to provide to each covered water system her reasons for assigning the system to a particular tier and advise the system whether it is required to assess the potential for implementing methods to reduce the consequences of a chemical release from an intentional act under subsection (g). Subsection (e). Development and implementation of site security plans This subsection allows each covered water system to select layered security measures that address the security risks identified in the vulnerability assessment and meet the applicable risk-based performance standards. Subsection (f). Role of employees In the site security plan and emergency response plan, each covered water system must describe the roles and responsibilities of system employees (including contractor employees) in deterring or responding to an intentional act at that system. This subsection requires each covered water system to provide at least eight hours of security-related training each year to employees with roles and responsibilities in deterring or responding to an intentional act. This subsection also requires each covered water system to include employees and appropriate employee representatives when developing, revising, or updating the vulnerability assessment, site security plan, and emergency response plan. Subsection (g). Methods to reduce the consequences of a chemical release from an intentional act The term ``methods to reduce the consequences of a chemical release from an intentional act'' means a measure at a covered water system that reduces or eliminates the potential consequences of a release of a substance of concern due to an intentional act. Such measures include using alternate substances, formulations, or processes to reduce the amount of a substance of concern on-site; modifying pressures, temperatures, or concentrations of a substance of concern; and improving inventory control or chemical use efficiency to reduce on-site handling of a substance of concern. The Committee does not intend the term ``method to reduce the consequences of a chemical release from an intentional act'' to include the mitigation, control, containment, or recovery of a substance of concern in the event of an intentional act. This subsection requires any covered water system that uses or stores a substance of concern in excess of the release threshold to complete an assessment of whether it can implement ``methods to reduce'' and include this assessment as part of its site security plan. The covered water system must provide this assessment to EPA and the state with primacy, if any, for that system. In preparing the assessment, the system must describe the methods it considered; the degree to which each method, if implemented, could reduce the consequences of an intentional act; whether each method, if implemented, could affect the quality of drinking water, human health or the environment; whether each method, if implemented, is feasible (not including the cost considerations typically used to determine ``feasibility'' as defined in SDWA); the costs (and avoided costs) associated with implementing each method; and, based on these factors, whether the system plans to implement any such methods. A covered water system that does not use or store a release threshold quantity of a substance of concern does not have to complete an assessment. The Committee intends for the Administrator to require each covered water system to conduct a cost analysis associated with each method considered, including an assessment of the operational costs and savings, if applicable. The Administrator or covered water system may want to consider any relevant costs, such as capital costs, cost savings due to physical security or other processes (i.e. mitigation technologies) that would no longer be needed, any reduction in terrorism-related insurance costs, and other avoided costs (i.e. a reduction in costs due to regulatory compliance measures, inspections, materials, permits or fees, other operating costs, contingency planning and response, or personnel protective gear that are no longer needed). EPA must provide guidance, computer software and other tools to covered water systems assigned to tiers 3 and 4 in order to streamline the assessment process for these systems. If the Administrator finds that the covered water system did not submit a complete or thorough assessment, the Administrator must inform the system and state with primacy for that system and require the system to submit a revised assessment. If the covered water system fails to complete such assessment in accordance with the deadline set by the Administrator, the Administrator may take appropriate enforcement action. With respect to a covered water system that has a release threshold quantity of a substance of concern and is assigned to one of the two highest risk-based tiers, the state with primacy for this covered water system must determine, based on an evaluation of the system's assessment, whether to require such system to implement the methods to reduce and report this determination to the Administrator. For covered water systems in states without primacy, the Administrator must make this determination. A covered water system that does not use or store a release threshold quantity of a substance of concern and is not in one of the two highest risk-based tiers will not be subject to any requirement to implement the methods to reduce. Before requiring a covered water system in one of the highest two risk-based tiers to implement methods to reduce, the state with primacy (or the Administrator for covered water systems in states without primacy) must examine whether implementing these methods would significantly reduce the consequences of a release of a substance of concern; would not increase the interim storage of a substance of concern by the covered water system; would not put the water system out of compliance with SDWA and state or local drinking water standards; and is feasible for the water system. The Committee intends that the state with primacy (or the Administrator for covered water systems in states without primacy) should make each determination under this subsection on a system-by-system basis and should not seek to impose wholesale, sector-wide process or chemical changes. The state with primacy or the Administrator (for non- primacy states) must provide a covered water system with an opportunity for appeal if the covered water system disagrees with a determination that it must implement methods to reduce the consequences of an intentional act. The Committee does not intend to give the Administrator the authority to overrule the determination of a state with primacy under this subsection. This subsection outlines the parameters of the Administrator's authority with regard to methods to reduce the consequences of an intentional act. If a state with primacy fails to determine whether to require a covered high- risk water system to implement one or more methods to reduce within a timeline set by the Administrator, the Administrator can step in and make the determination. If the Administrator finds that a state with primacy has not enforced the state's own determination that a covered high-risk water system implement one or more methods to reduce, the Administrator can step in and enforce the determination. The Administrator may consider the failure of a state to make or enforce a determination when examining whether a state should retain primary enforcement responsibility under SDWA. This section also gives the Administrator authority to provide or recommend tools, methodologies and software created by the water sector and others. The Administrator may create such tools, methodologies or computer software, if the Administrator believes that such tools, methodologies or computer software could assist such covered water systems in complying with the requirements of this section, and the Administrator may also recommend such tools, methodologies or computer software that have been developed by other entities if the Administrator believes that such tools, methodologies or computer software could assist such covered water systems in complying with the requirements of this section. Subsection (h). Review by administrator This subsection requires the covered water system to submit its vulnerability assessment and site security plan to the Administrator for review. The Administrator must review each vulnerability assessment and site security plan and, in consultation with the states with primacy, as appropriate, determine whether each vulnerability assessment complies with the regulations and whether each site security plan addresses the system's vulnerabilities and meets the risk-based performance standards. The Administrator also must require each system to correct significant deficiencies, if any, in its vulnerability assessment or site security plan. This subsection also states that a covered water system does not have to provide state and local governments with copies of its vulnerability assessment and site security plan just by virtue of a state or local law requiring that a system turn over to the state or local government all documents that it provides to EPA. Subsection (i). Emergency response plan This subsection requires each covered water system to prepare or revise an emergency response plan and certify completion to the Administrator. This plan must include plans and procedures for responding to an intentional act at the covered water system and mitigating the impact of intentional acts on public health and safety. The covered water system must provide appropriate information to local first responders and law enforcement officials to ensure an effective response in the event of an emergency. If a water system completed an emergency response plan under the Public Health Security and Bioterrorism Preparedness and Response Act of 2002, the covered water system may update that plan to comply with this subsection rather than compiling an entirely new plan. Subsection (j). Maintenance of records This subsection requires each covered water system to maintain an updated copy of its vulnerability assessment, site security plan, and emergency response plan. Subsection (k). Audit; inspection This subsection requires the Administrator, or a duly designated representative of the Administrator, to audit and inspect covered water systems to determine compliance with this section of the Act. The Administrator or the Administrator's duly designated representative must have access to the system operators, employees and employee representatives during the audit or inspection. During inspections, the Administrator or the duly- designated representative must offer non-supervisory employees the opportunity to share, confidentially, information about the covered water system's compliance or non-compliance. An employee representative, if any, also must have the opportunity to accompany the Administrator or the Administrator's duly- designated representative during inspections if the owner or operator is accompanying the Administrator or the duly- designated representative. If the covered water system does not have an employee representative, a non-supervisory employee also must have the opportunity to accompany the Administrator or the Administrator's duly-designated representative during inspections if a representative from the covered water system is accompanying the Administrator or the Administrator's duly- designated representative. The Committee believes that the Administrator or the Administrator's duly-designated representative should be free to conduct parts of the inspections unaccompanied, if desired. Subsection (l). Protection of information ``Protected information'' includes vulnerability assessments and site security plans and portions of other security-related documents, records, orders, notices, and letters that would be detrimental to the security of one or more covered water systems if disclosed and are developed for the purposes of this section. Protected information does not include information that is required to be made publicly available under any other law; information that a covered water system has lawfully disclosed elsewhere; and other information that, if disclosed, would not be detrimental to the security of one or more covered water systems. This subsection exempts protected information from disclosure under the Freedom of Information Act and state, local and tribal information disclosure laws. The Committee intends for the exemption under state, local and tribal information disclosure laws to be equivalent to the exemption from the federal Freedom of Information Act, despite differences in drafting. This subsection also requires the Administrator to promulgate by regulation standards for sharing protected information with and between state and local governments, first responders, employees, employee representatives, and others with security responsibilities at the covered water system. These standards also must include procedures for sharing with employees and their representatives, if any, those portions of a covered water system's vulnerability assessment and site security plan that relate to the roles and responsibilities of those employees. The Committee intends for this to include the assessment conducted under subsection (g). Protected information cannot be shared except in accordance with these standards. Any person who purposefully publishes, divulges, discloses, or makes known protected information in any manner or to any extent not authorized by these standards can face criminal penalties and, in the case of federal employees, may face loss of employment. In judicial or administrative proceedings, protected information will be treated similarly to Sensitive Security Information to protect it from public disclosure. Nothing in this section relieves a covered water system from complying with other laws, including laws requiring disclosure of information to federal, state, or local governments or other persons, except as stated in subsection (h). Nothing in this section may prevent a federal, state, or local government from protecting and disclosing information that it obtains from a covered water system as authorized by another law. Nothing in this section authorizes the withholding of information from Congress. The Committee intends for EPA to provide members of Congress with protected information, upon request. The Committee observes that on May 27, 2009, the President issued the Memorandum for the Heads of Executive Departments and Agencies on Classified Information and Controlled Unclassified Information (CUI), which creates an interagency task force on CUI. This task force is in the process of developing a framework for the sharing of CUI, taking into consideration the value of standardizing the procedures for designating, marking, and handling all sensitive but unclassified information; a presumption in favor of openness; and the need to prevent the public disclosure of information where disclosure would compromise privacy, security or other legitimate interests. The Committee does not intend for this section to obstruct the President's efforts to develop a CUI information sharing environment or to preclude the President from incorporating EPA's information protection regime into this CUI framework at a future date. Subsection (m). Relation to chemical security requirements Public water systems are exempt from regulation under the Department of Homeland Security Chemical Facility Anti- Terrorism Standards (CFATS). Subsection (n). Preemption States and political subdivisions thereof can enact security standards for drinking water systems that are more stringent than provided in this section. Subsection (o). Violations For a covered water system that violates any requirement of this section, the Administrator can issue an order assessing an administrative penalty or commence a civil action in district court. Civil penalties cannot exceed $25,000 per day. With regard to ``methods to reduce,'' EPA's enforcement authority is limited to the terms detailed in subsection (g). Subsection (p). Report to congress The Administrator must produce a report to Congress no later than 3 years after the effective date of the regulations promulgated under this section and every 3 years thereafter. The report will be publicly available. Subsection (q). Grant programs This subsection requires the Administrator to award grants to, or enter into cooperative agreements with, states to assist these states in implementing this section; to award grants to, or enter into cooperative agreements with, non-profit organizations to provide research, training, and technical assistance to covered water systems; and to award grants to, or enter into cooperative agreements with, covered water systems to assist these systems in preparing and implementing assessments and plans and implementing methods to reduce the consequences of an intentional act. This subsection also requires the Administrator to establish a grants program to award grants for the training of employees and first responders. The Administrator, when awarding grants or entering into cooperative agreements to assist systems in assessing and implementing methods to reduce the consequences of an intentional act, must give priority to covered water systems that pose the greatest security risk. The Administrator, when awarding grants or entering into cooperative agreements to assist systems in preparing and updating vulnerability assessments, site security plans and emergency response plans, must give priority to covered water systems that have the greatest need. Subsection (r). Authorization of appropriations This subsection authorizes $315 million for FY2011, including $30 million for administrative costs incurred by the Administrator or states and $125 million for implementation of methods to reduce. This subsection authorizes such sums as may be necessary for FY2012 through FY2015. Funding for security enhancements shall not be used for expenditures for personnel costs, or monitoring, operation, or maintenance of facilities, equipment, or systems. Section (b). Regulations; transition This section requires the Administrator to promulgate regulations within 2 years after the enactment of this bill. The bill also ensures that the current section 1433 of SDWA and its accompanying regulations apply until the effective date of the new regulations. Nothing in this section affects the authority of the Administrator to initiate or complete enforcement action for violations of the current section 1433 of SDWA occurring before such effective date. Changes in Existing Law Made by the Bill, as Reported In compliance with clause 3(e) of rule XIII of the Rules of the House of Representatives, changes in existing law made by the bill, as reported, are shown as follows (existing law proposed to be omitted is enclosed in black brackets, new matter is printed in italic, existing law in which no change is proposed is shown in roman): SAFE DRINKING WATER ACT TITLE XIV--SAFETY OF PUBLIC WATER SYSTEMS SHORT TITLE Sec. 1400. This title may be cited as the ``Safe Drinking Water Act''. * * * * * * * Part D--Emergency Powers * * * * * * * [SEC. 1433. TERRORIST AND OTHER INTENTIONAL ACTS. [(a) Vulnerability Assessments.--(1) Each community water system serving a population of greater than 3,300 persons shall conduct an assessment of the vulnerability of its system to a terrorist attack or other intentional acts intended to substantially disrupt the ability of the system to provide a safe and reliable supply of drinking water. The vulnerability assessment shall include, but not be limited to, a review of pipes and constructed conveyances, physical barriers, water collection, pretreatment, treatment, storage and distribution facilities, electronic, computer or other automated systems which are utilized by the public water system, the use, storage, or handling of various chemicals, and the operation and maintenance of such system. The Administrator, not later than August 1, 2002, after consultation with appropriate departments and agencies of the Federal Government and with State and local governments, shall provide baseline information to community water systems required to conduct vulnerability assessments regarding which kinds of terrorist attacks or other intentional acts are the probable threats to-- [(A) substantially disrupt the ability of the system to provide a safe and reliable supply of drinking water; or [(B) otherwise present significant public health concerns. [(2) Each community water system referred to in paragraph (1) shall certify to the Administrator that the system has conducted an assessment complying with paragraph (1) and shall submit to the Administrator a written copy of the assessment. Such certification and submission shall be made prior to: [(A) March 31, 2003, in the case of systems serving a population of 100,000 or more. [(B) December 31, 2003, in the case of systems serving a population of 50,000 or more but less than 100,000. [(C) June 30, 2004, in the case of systems serving a population greater than 3,300 but less than 50,000. [(3) Except for information contained in a certification under this subsection identifying the system submitting the certification and the date of the certification, all information provided to the Administrator under this subsection and all information derived therefrom shall be exempt from disclosure under section 552 of title 5 of the United States Code. [(4) No community water system shall be required under State or local law to provide an assessment described in this section to any State, regional, or local governmental entity solely by reason of the requirement set forth in paragraph (2) that the system submit such assessment to the Administrator. [(5) Not later than November 30, 2002, the Administrator, in consultation with appropriate Federal law enforcement and intelligence officials, shall develop such protocols as may be necessary to protect the copies of the assessments required to be submitted under this subsection (and the information contained therein) from unauthorized disclosure. Such protocols shall ensure that-- [(A) each copy of such assessment, and all information contained in or derived from the assessment, is kept in a secure location; [(B) only individuals designated by the Administrator may have access to the copies of the assessments; and [(C) no copy of an assessment, or part of an assessment, or information contained in or derived from an assessment shall be available to anyone other than an individual designated by the Administrator. At the earliest possible time prior to November 30, 2002, the Administrator shall complete the development of such protocols for the purpose of having them in place prior to receiving any vulnerability assessments from community water systems under this subsection. [(6)(A) Except as provided in subparagraph (B), any individual referred to in paragraph (5)(B) who acquires the assessment submitted under paragraph (2), or any reproduction of such assessment, or any information derived from such assessment, and who knowingly or recklessly reveals such assessment, reproduction, or information other than-- [(i) to an individual designated by the Administrator under paragraph (5), [(ii) for purposes of section 1445 or for actions under section 1431, or [(iii) for use in any administrative or judicial proceeding to impose a penalty for failure to comply with this section, shall upon conviction be imprisoned for not more than one year or fined in accordance with the provisions of chapter 227 of title 18, United States Code, applicable to class A misdemeanors, or both, and shall be removed from Federal office or employment. [(B) Notwithstanding subparagraph (A), an individual referred to in paragraph (5)(B) who is an officer or employee of the United States may discuss the contents of a vulnerability assessment submitted under this section with a State or local official. [(7) Nothing in this section authorizes any person to withhold any information from Congress or from any committee or subcommittee of Congress. [(b) Emergency Response Plan.--Each community water system serving a population greater than 3,300 shall prepare or revise, where necessary, an emergency response plan that incorporates the results of vulnerability assessments that have been completed. Each such community water system shall certify to the Administrator, as soon as reasonably possible after the enactment of this section, but not later than 6 months after the completion of the vulnerability assessment under subsection (a), that the system has completed such plan. The emergency response plan shall include, but not be limited to, plans, procedures, and identification of equipment that can be implemented or utilized in the event of a terrorist or other intentional attack on the public water system. The emergency response plan shall also include actions, procedures, and identification of equipment which can obviate or significantly lessen the impact of terrorist attacks or other intentional actions on the public health and the safety and supply of drinking water provided to communities and individuals. Community water systems shall, to the extent possible, coordinate with existing Local Emergency Planning Committees established under the Emergency Planning and Community Right- to-Know Act (42 U.S.C. 11001 et seq.) when preparing or revising an emergency response plan under this subsection. [(c) Record Maintenance.--Each community water system shall maintain a copy of the emergency response plan completed pursuant to subsection (b) for 5 years after such plan has been certified to the Administrator under this section. [(d) Guidance to Small Public Water Systems.--The Administrator shall provide guidance to community water systems serving a population of less than 3,300 persons on how to conduct vulnerability assessments, prepare emergency response plans, and address threats from terrorist attacks or other intentional actions designed to disrupt the provision of safe drinking water or significantly affect the public health or significantly affect the safety or supply of drinking water provided to communities and individuals. [(e) Funding.--(1) There are authorized to be appropriated to carry out this section not more than $160,000,000 for the fiscal year 2002 and such sums as may be necessary for the fiscal years 2003 through 2005. [(2) The Administrator, in coordination with State and local governments, may use funds made available under paragraph (1) to provide financial assistance to community water systems for purposes of compliance with the requirements of subsections (a) and (b) and to community water systems for expenses and contracts designed to address basic security enhancements of critical importance and significant threats to public health and the supply of drinking water as determined by a vulnerability assessment conducted under subsection (a). Such basic security enhancements may include, but shall not be limited to the following: [(A) the purchase and installation of equipment for detection of intruders; [(B) the purchase and installation of fencing, gating, lighting, or security cameras; [(C) the tamper-proofing of manhole covers, fire hydrants, and valve boxes; [(D) the rekeying of doors and locks; [(E) improvements to electronic, computer, or other automated systems and remote security systems; [(F) participation in training programs, and the purchase of training manuals and guidance materials, relating to security against terrorist attacks; [(G) improvements in the use, storage, or handling of various chemicals; and [(H) security screening of employees or contractor support services. Funding under this subsection for basic security enhancements shall not include expenditures for personnel costs, or monitoring, operation, or maintenance of facilities, equipment, or systems. [(3) The Administrator may use not more than $5,000,000 from the funds made available under paragraph (1) to make grants to community water systems to assist in responding to and alleviating any vulnerability to a terrorist attack or other intentional acts intended to substantially disrupt the ability of the system to provide a safe and reliable supply of drinking water (including sources of water for such systems) which the Administrator determines to present an immediate and urgent security need. [(4) The Administrator may use not more than $5,000,000 from the funds made available under paragraph (1) to make grants to community water systems serving a population of less than 3,300 persons for activities and projects undertaken in accordance with the guidance provided to such systems under subsection (d).] SEC. 1433. INTENTIONAL ACTS. (a) Risk-Based Performance Standards; Vulnerability Assessments; Site Security Plans; Emergency Response Plans.-- (1) In general.--The Administrator shall issue regulations-- (A) establishing risk-based performance standards for the security of covered water systems; and (B) establishing requirements and deadlines for each covered water system-- (i) to conduct a vulnerability assessment or, if the system already has a vulnerability assessment, to revise the assessment to be in accordance with this section; (ii) to update the vulnerability assessment not less than every 5 years and promptly after any change at the system that could cause the reassignment of the system to a different risk-based tier under subsection (d); (iii) to develop, implement, and, as appropriate, revise a site security plan not less than every 5 years and promptly after a revision to the vulnerability assessment; (iv) to develop an emergency response plan (or, if the system has already developed an emergency response plan, to revise the plan to be in accordance with this section) and revise the plan not less than every 5 years thereafter; and (v) to provide annual training to employees and contractor employees of covered water systems on implementing site security plans and emergency response plans. (2) Covered water systems.--For purposes of this section, the term ``covered water system'' means a public water system that-- (A) is a community water system serving a population greater than 3,300; or (B) in the discretion of the Administrator, presents a security risk making regulation under this section appropriate. (3) Consultation with state authorities.--In developing and carrying out the regulations under paragraph (1), the Administrator shall consult with States exercising primary enforcement responsibility for public water systems. (4) Consultation with other persons.--In developing and carrying out the regulations under paragraph (1), the Administrator shall consult with the Secretary of Homeland Security, and, as appropriate, other persons regarding-- (A) provision of threat-related and other baseline information to covered water systems; (B) designation of substances of concern; (C) development of risk-based performance standards; (D) establishment of risk-based tiers and process for the assignment of covered water systems to risk-based tiers; (E) process for the development and evaluation of vulnerability assessments, site security plans, and emergency response plans; (F) treatment of protected information; (G) security at co-managed drinking water and wastewater facilities; and (H) such other matters as the Administrator determines necessary. (5) Substances of concern.--For purposes of this section, the Administrator, in consultation with the Secretary of Homeland Security-- (A) may designate any chemical substance as a substance of concern; (B) at the time any substance is designated pursuant to subparagraph (A), shall establish by rule a threshold quantity for the release or theft of the substance, taking into account the toxicity, reactivity, volatility, dispersability, combustibility, and flammability of the substance and the amount of the substance that, as a result of a release, is known to cause or may be reasonably anticipated to cause death, injury, or serious adverse effects to human health or the environment; and (C) in making such a designation, shall take into account appendix A to part 27 of title 6, Code of Federal Regulations (or any successor regulations). (6) Baseline information.--The Administrator, after consultation with appropriate departments and agencies of the Federal Government and with State, local, and tribal governments, shall, for purposes of facilitating compliance with the requirements of this section, promptly after the effective date of the regulations under subsection (a)(1) and as appropriate thereafter, provide baseline information to covered water systems regarding which kinds of intentional acts are the probable threats to-- (A) substantially disrupt the ability of the system to provide a safe and reliable supply of drinking water; (B) cause the release of a substance of concern at the covered water system; or (C) cause the theft, misuse, or misappropriation of a substance of concern. (b) Risk-Based Performance Standards.--The regulations under subsection (a)(1) shall set forth risk-based performance standards for site security plans required by this section. The standards shall be separate and, as appropriate, increasingly stringent based on the level of risk associated with the covered water system's risk-based tier assignment under subsection (d). In developing such standards, the Administrator shall take into account section 27.230 of title 6, Code of Federal Regulations (or any successor regulations). (c) Vulnerability Assessment.--The regulations under subsection (a)(1) shall require each covered water system to assess the system's vulnerability to a range of intentional acts, including an intentional act that results in a release of a substance of concern that is known to cause or may be reasonably anticipated to cause death, injury, or serious adverse effects to human health or the environment. At a minimum, the vulnerability assessment shall include a review of-- (1) pipes and constructed conveyances; (2) physical barriers; (3) water collection, pretreatment, treatment, storage, and distribution facilities, including fire hydrants; (4) electronic, computer, and other automated systems that are used by the covered water system; (5) the use, storage, or handling of various chemicals, including substances of concern; (6) the operation and maintenance of the covered water system; and (7) the covered water system's resiliency and ability to ensure continuity of operations in the event of a disruption caused by an intentional act. (d) Risk-Based Tiers.--The regulations under subsection (a)(1) shall provide for 4 risk-based tiers applicable to covered water systems, with tier one representing the highest degree of security risk. (1) Assignment of risk-based tiers.-- (A) Submission of information.--The Administrator may require a covered water system to submit information in order to determine the appropriate risk-based tier for the covered water system. (B) Factors to consider.--The Administrator shall assign (and reassign when appropriate) each covered water system to one of the risk- based tiers established pursuant to this subsection. In assigning a covered water system to a risk-based tier, the Administrator shall consider the potential consequences (such as death, injury, or serious adverse effects to human health, the environment, critical infrastructure, national security, and the national economy) from-- (i) an intentional act to cause a release, including a worst-case release, of a substance of concern at the covered water system; (ii) an intentional act to introduce a contaminant into the drinking water supply or disrupt the safe and reliable supply of drinking water; and (iii) an intentional act to steal, misappropriate, or misuse substances of concern. (2) Explanation for risk-based tier assignment.--The Administrator shall provide each covered water system assigned to a risk-based tier with the reasons for the tier assignment and whether such system is required to submit an assessment under subsection (g)(2). (e) Development and Implementation of Site Security Plans.-- The regulations under subsection (a)(1) shall permit each covered water system, in developing and implementing its site security plan required by this section, to select layered security and preparedness measures that, in combination, appropriately-- (1) address the security risks identified in its vulnerability assessment; and (2) comply with the applicable risk-based performance standards required under this section. (f) Role of Employees.-- (1) Description of role.--Site security plans and emergency response plans required under this section shall describe the appropriate roles or responsibilities that employees and contractor employees are expected to perform to deter or respond to the intentional acts described in subsection (d)(1)(B). (2) Training for employees.--Each covered water system shall annually provide employees and contractor employees with roles or responsibilities described in paragraph (1) with a minimum of 8 hours of training on carrying out those roles or responsibilities. (3) Employee participation.--In developing, revising, or updating a vulnerability assessment, site security plan, and emergency response plan required under this section, a covered water system shall include-- (A) at least one supervisory and at least one non-supervisory employee of the covered water system; and (B) at least one representative of each certified or recognized bargaining agent representing facility employees or contractor employees with roles or responsibilities described in paragraph (1), if any, in a collective bargaining relationship with the private or public owner or operator of the system or with a contractor to that system. (g) Methods To Reduce the Consequences of a Chemical Release From an Intentional Act.-- (1) Definition.--In this section, the term ``method to reduce the consequences of a chemical release from an intentional act'' means a measure at a covered water system that reduces or eliminates the potential consequences of a release of a substance of concern from an intentional act such as-- (A) the elimination or reduction in the amount of a substance of concern possessed or planned to be possessed by a covered water system through the use of alternate substances, formulations, or processes; (B) the modification of pressures, temperatures, or concentrations of a substance of concern; and (C) the reduction or elimination of onsite handling of a substance of concern through improvement of inventory control or chemical use efficiency. (2) Assessment.--For each covered water system that possesses or plans to possess a substance of concern in excess of the release threshold quantity set by the Administrator under subsection (a)(5), the regulations under subsection (a)(1) shall require the covered water system to include in its site security plan an assessment of methods to reduce the consequences of a chemical release from an intentional act at the covered water system. The covered water system shall provide such assessment to the Administrator and the State exercising primary enforcement responsibility for the covered water system, if any. The regulations under subsection (a)(1) shall require the system, in preparing the assessment, to consider factors appropriate to the system's security, public health, or environmental mission, and include-- (A) a description of the methods to reduce the consequences of a chemical release from an intentional act; (B) how each described method to reduce the consequences of a chemical release from an intentional act could, if applied, reduce the potential extent of death, injury, or serious adverse effects to human health resulting from a chemical release; (C) how each described method to reduce the consequences of a chemical release from an intentional act could, if applied, affect the presence of contaminants in treated water, human health, or the environment; (D) whether each described method to reduce the consequences of a chemical release from an intentional act at the covered water system is feasible, as defined in section 1412(b)(4)(D), but not including cost calculations under subparagraph (E); (E) the costs (including capital and operational costs) and avoided costs (including savings and liabilities) associated with applying each described method to reduce the consequences of a chemical release from an intentional act at the covered water system; (F) any other relevant information that the covered water system relied on in conducting the assessment; and (G) a statement of whether the covered water system has implemented or plans to implement one or more methods to reduce the consequences of a chemical release from an intentional act, a description of any such methods, and, in the case of a covered water system described in paragraph (3)(A), an explanation of the reasons for any decision not to implement any such methods. (3) Required methods.-- (A) Application.--This paragraph applies to a covered water system-- (i) that is assigned to one of the two highest risk-based tiers under subsection (d); and (ii) that possesses or plans to possess a substance of concern in excess of the release threshold quantity set by the Administrator under subsection (a)(5). (B) Highest-risk systems.--If, on the basis of its assessment under paragraph (2), a covered water system described in subparagraph (A) decides not to implement methods to reduce the consequences of a chemical release from an intentional act, the State exercising primary enforcement responsibility for the covered water system, if the system is located in such a State, or the Administrator, if the covered water system is not located in such a State, shall, in accordance with a timeline set by the Administrator-- (i) determine whether to require the covered water system to implement the methods; and (ii) for States exercising primary enforcement responsibility, report such determination to the Administrator. (C) State or administrator's considerations.--Before requiring, pursuant to subparagraph (B), the implementation of a method to reduce the consequences of a chemical release from an intentional act, the State exercising primary enforcement responsibility for the covered water system, if the system is located in such a State, or the Administrator, if the covered water system is not located in such a State, shall consider factors appropriate to the security, public health, and environmental missions of covered water systems, including an examination of whether the method-- (i) would significantly reduce the risk of death, injury, or serious adverse effects to human health resulting directly from a chemical release from an intentional act at the covered water system; (ii) would not increase the interim storage of a substance of concern by the covered water system; (iii) would not render the covered water system unable to comply with other requirements of this Act or drinking water standards established by the State or political subdivision in which the system is located; and (iv) is feasible, as defined in section 1412(b)(4)(D), to be incorporated into the operation of the covered water system. (D) Appeal.--Before requiring, pursuant to subparagraph (B), the implementation of a method to reduce the consequences of a chemical release from an intentional act, the State exercising primary enforcement responsibility for the covered water system, if the system is located in such a State, or the Administrator, if the covered water system is not located in such a State, shall provide such covered water system an opportunity to appeal the determination to require such implementation made pursuant to subparagraph (B) by such State or the Administrator. (4) Incomplete or late assessments.-- (A) Incomplete assessments.--If the Administrator finds that the covered water system, in conducting its assessment under paragraph (2), did not meet the requirements of paragraph (2) and the applicable regulations, the Administrator shall, after notifying the covered water system and the State exercising primary enforcement responsibility for that system, if any, require the covered water system to submit a revised assessment not later than 60 days after the Administrator notifies such system. The Administrator may require such additional revisions as are necessary to ensure that the system meets the requirements of paragraph (2) and the applicable regulations. (B) Late assessments.--If the Administrator finds that a covered water system, in conducting its assessment pursuant to paragraph (2), did not complete such assessment in accordance with the deadline set by the Administrator, the Administrator may, after notifying the covered water system and the State exercising primary enforcement responsibility for that system, if any, take appropriate enforcement action under subsection (o). (C) Review.--The State exercising primary enforcement responsibility for the covered water system, if the system is located in such a State, or the Administrator, if the system is not located in such a State, shall review a revised assessment that meets the requirements of paragraph (2) and applicable regulations to determine whether the covered water system will be required to implement methods to reduce the consequences of an intentional act pursuant to paragraph (3). (5) Enforcement.-- (A) Failure by state to make determination.-- Whenever the Administrator finds that a State exercising primary enforcement responsibility for a covered water system has failed to determine whether to require the covered water system to implement methods to reduce the consequences of a chemical release from an intentional act, as required by paragraph (3)(B), the Administrator shall so notify the State and covered water system. If, beyond the thirtieth day after the Administrator's notification under the preceding sentence, the State has failed to make the determination described in such sentence, the Administrator shall so notify the State and covered water system and shall determine whether to require the covered water system to implement methods to reduce the consequences of a chemical release from an intentional act based on the factors described in paragraph (3)(C). (B) Failure by state to bring enforcement action.--If the Administrator finds, with respect to a period in which a State has primary enforcement responsibility for a covered water system, that the system has failed to implement methods to reduce the consequences of a chemical release from an intentional act (as required by the State or the Administrator under paragraph (3)(B) or the Administrator under subparagraph (A)), the Administrator shall so notify the State and the covered water system. If, beyond the thirtieth day after the Administrator's notification under the preceding sentence, the State has not commenced appropriate enforcement action, the Administrator shall so notify the State and may commence an enforcement action against the system, including by seeking or imposing civil penalties under subsection (o), to require implementation of such methods. (C) Consideration of continued primary enforcement responsibility.--For a State with primary enforcement responsibility for a covered water system, the Administrator may consider the failure of such State to make a determination as described under subparagraph (A) or to bring enforcement action as described under subparagraph (B) when determining whether a State may retain primary enforcement responsibility under this Act. (6) Guidance for covered water systems assigned to tier 3 and tier 4.--For covered water systems required to conduct an assessment under paragraph (2) and assigned by the Administrator to tier 3 or tier 4 under subsection (d), the Administrator shall issue guidance and, as appropriate, provide or recommend tools, methodologies, or computer software, to assist such covered water systems in complying with the requirements of this section. (h) Review by Administrator.-- (1) In general.--The regulations under subsection (a)(1) shall require each covered water system to submit its vulnerability assessment and site security plan to the Administrator for review according to deadlines set by the Administrator. The Administrator shall review each vulnerability assessment and site security plan submitted under this section and-- (A) if the assessment or plan has any significant deficiency described in paragraph (2), require the covered water system to correct the deficiency; or (B) approve such assessment or plan. (2) Significant deficiencies.--A vulnerability assessment or site security plan of a covered water system has a significant deficiency under this subsection if the Administrator, in consultation, as appropriate, with the State exercising primary enforcement responsibility for such system, if any, determines that-- (A) such assessment does not comply with the regulations established under section (a)(1); or (B) such plan-- (i) fails to address vulnerabilities identified in a vulnerability assessment; or (ii) fails to meet applicable risk- based performance standards. (3) State, regional, or local governmental entities.--No covered water system shall be required under State, local, or tribal law to provide a vulnerability assessment or site security plan described in this section to any State, regional, local, or tribal governmental entity solely by reason of the requirement set forth in paragraph (1) that the system submit such an assessment and plan to the Administrator. (i) Emergency Response Plan.-- (1) In general.--Each covered water system shall prepare or revise, as appropriate, an emergency response plan that incorporates the results of the system's most current vulnerability assessment and site security plan. (2) Certification.--Each covered water system shall certify to the Administrator that the system has completed an emergency response plan. The system shall submit such certification to the Administrator not later than 6 months after the system's first completion or revision of a vulnerability assessment under this section and shall submit an additional certification following any update of the emergency response plan. (3) Contents.--A covered water system's emergency response plan shall include-- (A) plans, procedures, and identification of equipment that can be implemented or used in the event of an intentional act at the covered water system; and (B) actions, procedures, and identification of equipment that can obviate or significantly lessen the impact of intentional acts on public health and the safety and supply of drinking water provided to communities and individuals. (4) Coordination.--As part of its emergency response plan, each covered water system shall provide appropriate information to any local emergency planning committee, local law enforcement officials, and local emergency response providers to ensure an effective, collective response. (j) Maintenance of Records.--Each covered water system shall maintain an updated copy of its vulnerability assessment, site security plan, and emergency response plan. (k) Audit; Inspection.-- (1) In general.--Notwithstanding section 1445(b)(2), the Administrator, or duly designated representatives of the Administrator, shall audit and inspect covered water systems, as necessary, for purposes of determining compliance with this section. (2) Access.--In conducting an audit or inspection of a covered water system, the Administrator or duly designated representatives of the Administrator, as appropriate, shall have access to the owners, operators, employees and contractor employees, and employee representatives, if any, of such covered water system. (3) Confidential communication of information; aiding inspections.--The Administrator, or a duly designated representative of the Administrator, shall offer non- supervisory employees of a covered water system the opportunity confidentially to communicate information relevant to the employer's compliance or noncompliance with this section, including compliance or noncompliance with any regulation or requirement adopted by the Administrator in furtherance of the purposes of this section. A representative of each certified or recognized bargaining agent described in subsection (f)(3)(B), if any, or, if none, a non- supervisory employee, shall be given an opportunity to accompany the Administrator, or the duly designated representative of the Administrator, during the physical inspection of any covered water system for the purpose of aiding such inspection, if representatives of the covered water system will also be accompanying the Administrator or the duly designated representative of the Administrator on such inspection. (l) Protection of Information.-- (1) Prohibition of public disclosure of protected information.--Protected information shall-- (A) be exempt from disclosure under section 552 of title 5, United States Code; and (B) not be made available pursuant to any State, local, or tribal law requiring disclosure of information or records. (2) Information sharing.-- (A) In general.--The Administrator shall prescribe such regulations, and may issue such orders, as necessary to prohibit the unauthorized disclosure of protected information, as described in paragraph (7). (B) Sharing of protected information.--The regulations under subparagraph (A) shall provide standards for and facilitate the appropriate sharing of protected information with and between Federal, State, local, and tribal authorities, first responders, law enforcement officials, designated supervisory and non-supervisory covered water system personnel with security, operational, or fiduciary responsibility for the system, and designated facility employee representatives, if any. Such standards shall include procedures for the sharing of all portions of a covered water system's vulnerability assessment and site security plan relating to the roles and responsibilities of system employees or contractor employees under subsection (f)(1) with a representative of each certified or recognized bargaining agent representing such employees, if any, or, if none, with at least one supervisory and at least one non- supervisory employee with roles and responsibilities under subsection (f)(1). (C) Penalties.--Protected information, as described in paragraph (7), shall not be shared except in accordance with the standards provided by the regulations under subparagraph (A). Any person who purposefully publishes, divulges, discloses, or makes known protected information in any manner or to any extent not authorized by the standards provided by the regulations under subparagraph (A), shall, upon conviction, be imprisoned for not more than one year or fined in accordance with the provisions of chapter 227 of title 18, United States Code, applicable to class A misdemeanors, or both, and, in the case of Federal employees or officeholders, shall be removed from Federal office or employment. (3) Treatment of information in adjudicative proceedings.--In any judicial or administrative proceeding, protected information, as described in paragraph (7), shall be treated in a manner consistent with the treatment of Sensitive Security Information under section 525 of the Department of Homeland Security Appropriations Act, 2007 (Public Law 109-295; 120 Stat. 1381). (4) Other obligations unaffected.--Except as provided in subsection (h)(3), nothing in this section amends or affects an obligation of a covered water system-- (A) to submit or make available information to system employees, employee organizations, or a Federal, State, tribal, or local government agency under any other law; or (B) to comply with any other law. (5) Congressional oversight.--Nothing in this section permits or authorizes the withholding of information from Congress or any committee or subcommittee thereof. (6) Disclosure of independently furnished information.--Nothing in this section amends or affects any authority or obligation of a Federal, State, local, or tribal agency to protect or disclose any record or information that the Federal, State, local, or tribal agency obtains from a covered water system or the Administrator under any other law. (7) Protected information.-- (A) In general.--For purposes of this section, protected information is any of the following: (i) Vulnerability assessments and site security plans under this section, including any assessment developed pursuant to subsection (g)(2). (ii) Documents directly related to the Administrator's review of assessments and plans described in clause (i) and, as applicable, the State's review of an assessment prepared under subsection (g)(2). (iii) Documents directly related to inspections and audits under this section. (iv) Orders, notices, or letters regarding the compliance of a covered water system with the requirements of this section. (v) Information required to be provided to, or documents and records created by, the Administrator under subsection (d). (vi) Documents directly related to security drills and training exercises, security threats and breaches of security, and maintenance, calibration, and testing of security equipment. (vii) Other information, documents, and records developed exclusively for the purposes of this section that the Administrator determines would be detrimental to the security of one or more covered water systems if disclosed. (B) Detriment requirement.--For purposes of clauses (ii), (iii), (iv), (v), and (vi) of subparagraph (A), the only portions of documents, records, orders, notices, and letters that shall be considered protected information are those portions that-- (i) would be detrimental to the security of one or more covered water systems if disclosed; and (ii) are developed by the Administrator, the State, or the covered water system for the purposes of this section. (C) Exclusions.--For purposes of this section, protected information does not include-- (i) information that is otherwise publicly available, including information that is required to be made publicly available under any law; (ii) information that a covered water system has lawfully disclosed other than in accordance with this section; and (iii) information that, if disclosed, would not be detrimental to the security of one or more covered water systems, including aggregate regulatory data that the Administrator determines appropriate to describe system compliance with the requirements of this section and the Administrator's implementation of such requirements. (m) Relation to Chemical Facility Security Requirements.--The following provisions (and any regulations promulgated thereunder) shall not apply to any public water system subject to this Act: (1) Title XXI of the Homeland Security Act of 2002 (as proposed to be added by H.R. 2868, the Chemical Facility Anti-Terrorism Act of 2009). (2) Section 550 of the Department of Homeland Security Appropriations Act, 2007 (Public Law 109-295). (3) The Chemical Facility Anti-Terrorism Act of 2009. (n) Preemption.--This section does not preclude or deny the right of any State or political subdivision thereof to adopt or enforce any regulation, requirement, or standard of performance with respect to a covered water system that is more stringent than a regulation, requirement, or standard of performance under this section. (o) Violations.-- (1) In general.--A covered water system that violates any requirement of this section, including by not implementing all or part of its site security plan by such date as the Administrator requires, shall be liable for a civil penalty of not more than $25,000 for each day on which the violation occurs. (2) Procedure.--When the Administrator determines that a covered water system is subject to a civil penalty under paragraph (1), the Administrator, after consultation with the State, for covered water systems located in a State exercising primary responsibility for the covered water system, and, after considering the severity of the violation or deficiency and the record of the covered water system in carrying out the requirements of this section, may-- (A) after notice and an opportunity for the covered water system to be heard, issue an order assessing a civil penalty under such paragraph for any past or current violation, requiring compliance immediately or within a specified time period; or (B) commence a civil action in the United States district court in the district in which the violation occurred for appropriate relief, including temporary or permanent injunction. (3) Methods to reduce the consequences of a chemical release from an intentional act.--Except as provided in subsections (g)(4) and (g)(5), if a covered water system is located in a State exercising primary enforcement responsibility for the system, the Administrator may not issue an order or commence a civil action under this section for any deficiency in the content or implementation of the portion of the system's site security plan relating to methods to reduce the consequences of a chemical release from an intentional act (as defined in subsection (g)(1)). (p) Report to Congress.-- (1) Periodic report.--Not later than 3 years after the effective date of the regulations under subsection (a)(1), and every 3 years thereafter, the Administrator shall transmit to the Committee on Energy and Commerce of the House of Representatives and the Committee on Environment and Public Works of the Senate a report on progress in achieving compliance with this section. Each such report shall include, at a minimum, the following: (A) A generalized summary of measures implemented by covered water systems in order to meet each risk-based performance standard established by this section. (B) A summary of how the covered water systems, differentiated by risk-based tier assignment, are complying with the requirements of this section during the period covered by the report and how the Administrator is implementing and enforcing such requirements during such period including-- (i) the number of public water systems that provided the Administrator with information pursuant to subsection (d)(1); (ii) the number of covered water systems assigned to each risk-based tier; (iii) the number of vulnerability assessments and site security plans submitted by covered water systems; (iv) the number of vulnerability assessments and site security plans approved and disapproved by the Administrator; (v) the number of covered water systems without approved vulnerability assessments or site security plans; (vi) the number of covered water systems that have been assigned to a different risk-based tier due to implementation of a method to reduce the consequences of a chemical release from an intentional act and a description of the types of such implemented methods; (vii) the number of audits and inspections conducted by the Administrator or duly designated representatives of the Administrator; (viii) the number of orders for compliance issued by the Administrator; (ix) the administrative penalties assessed by the Administrator for non- compliance with the requirements of this section; (x) the civil penalties assessed by courts for non-compliance with the requirements of this section; and (xi) any other regulatory data the Administrator determines appropriate to describe covered water system compliance with the requirements of this section and the Administrator's implementation of such requirements. (2) Public availability.--A report submitted under this section shall be made publicly available. (q) Grant Programs.-- (1) Implementation grants to states.--The Administrator may award grants to, or enter into cooperative agreements with, States, based on an allocation formula established by the Administrator, to assist the States in implementing this section. (2) Research, training, and technical assistance grants.--The Administrator may award grants to, or enter into cooperative agreements with, non-profit organizations to provide research, training, and technical assistance to covered water systems to assist them in carrying out their responsibilities under this section. (3) Preparation grants.-- (A) Grants.--The Administrator may award grants to, or enter into cooperative agreements with, covered water systems to assist such systems in-- (i) preparing and updating vulnerability assessments, site security plans, and emergency response plans; (ii) assessing and implementing methods to reduce the consequences of a release of a substance of concern from an intentional act; and (iii) implementing any other security reviews and enhancements necessary to comply with this section. (B) Priority.-- (i) Need.--The Administrator, in awarding grants or entering into cooperative agreements for purposes described in subparagraph (A)(i), shall give priority to covered water systems that have the greatest need. (ii) Security risk.--The Administrator, in awarding grants or entering into cooperative agreements for purposes described in subparagraph (A)(ii), shall give priority to covered water systems that pose the greatest security risk. (4) Worker training grants program authority.-- (A) In general.--The Administrator shall establish a grant program to award grants to eligible entities to provide for training and education of employees and contractor employees with roles or responsibilities described in subsection (f)(1) and first responders and emergency response providers who would respond to an intentional act at a covered water system. (B) Administration.--The Administrator shall enter into an agreement with the National Institute of Environmental Health Sciences to make and administer grants under this paragraph. (C) Use of funds.--The recipient of a grant under this paragraph shall use the grant to provide for-- (i) training and education of employees and contractor employees with roles or responsibilities described in subsection (f)(1), including the annual mandatory training specified in subsection (f)(2) or training for first responders in protecting nearby persons, property, or the environment from the effects of a release of a substance of concern at the covered water system, with priority given to covered water systems assigned to tier one or tier two under subsection (d); and (ii) appropriate training for first responders and emergency response providers who would respond to an intentional act at a covered water system. (D) Eligible entities.--For purposes of this paragraph, an eligible entity is a nonprofit organization with demonstrated experience in implementing and operating successful worker or first responder health and safety or security training programs. (r) Authorization of Appropriations.-- (1) In general.--To carry out this section, there are authorized to be appropriated-- (A) $315,000,000 for fiscal year 2011, of which up to-- (i) $30,000,000 may be used for administrative costs incurred by the Administrator or the States, as appropriate; and (ii) $125,000,000 may be used to implement methods to reduce the consequences of a chemical release from an intentional act at covered water systems with priority given to covered water systems assigned to tier one or tier two under subsection (d); and (B) such sums as may be necessary for fiscal years 2012 through 2015. (2) Security enhancements.--Funding under this subsection for basic security enhancements shall not include expenditures for personnel costs or monitoring, operation, or maintenance of facilities, equipment, or systems. * * * * * * * DISSENTING VIEWS We, the undersigned Members of the Committee on Energy and Commerce oppose the passage of H.R. 3258 and submit the following comments to express our significant concerns with this legislation. In early 2002, Congress enacted the Public Health Security and Bioterrorism Preparedness and Response Act (P.L. 107-188). Title IV of this Act amended the Safe Drinking Water Act to require community water systems serving more than 3,300 people to perform site vulnerability assessments and develop emergency response plans. Under that legislation, vulnerability assessments were required to be conducted and submitted to the U.S. Environmental Protection Agency (EPA) by community (drinking) water systems providing water to more than 3,300 persons; the required emergency response plans did not need to be sent to EPA. In addition, community water facilities were provided some federal funding to aid in assessing and addressing of their critical vulnerabilities. Finally, this law contains very strict information protection requirements which include mandatory loss of employment for federal personnel disclosing sensitive information regarding a water facility's vulnerabilities. Following enactment of Title IV in 2002, drinking water systems across the country took serious steps to prepare against chemical, biological, and radiological threats that would be posed by a terrorist event. The result has been that not a single terrorism event has occurred at a community drinking water system since then. While we think it is reasonable to have updates of the vulnerability assessments, site security plans, and reviews of emergency response plans, we are not reassured that EPA's existing track record of success for this program will be continued or enhanced under the provisions contained in H.R. 3258. We consider protection of drinking water to be of paramount concern. While the effects from an explosion at a facility depend in part on the direction the wind is blowing, the provision of drinking water in a community reflects no such variable. Drinking water is supplied to homes and businesses for health and sanitary purposes. For this reason, we are concerned by efforts that move the drinking water security program at EPA away from the construct established by Title IV--with direct input and flexibility for local experts to adopt feasible solutions--to one that seeks to accomplish the goals of environmental advocacy groups under the guise of homeland security. We are especially concerned that H.R. 3258 turns the focus of Title IV away from chemical, biological, and radiological contaminants and only focuses on chemical ones. In addition, we are extremely concerned about Section 2 (new Section 1433(g)) of H.R. 3258, which requires an evaluation by drinking water facilities of Methods to Reduce the Consequence of a Terrorist Attack. This section forces the highest risk facilities, and others picked by the Administrator of EPA, to justify to EPA or their State drinking water regulator, if that State has primary enforcement of federal drinking water requirements, why they should not be forced to make process, input, or storage changes to their drinking water system. Exacerbating our concerns with these provisions are the remarks at the full committee markup by the Energy and Environment Subcommittee chairman, Mr. Markey, that this subsection was not about bolstering security. Our amendment that would require security to be a consideration when making a local water utility change its disinfection process was rejected by the Majority. If the Committee wanted to investigate drinking water disinfection efforts, that should be another debate on another day. Moreover, at an October 1, 2009, hearing before the Energy and Environment Subcommittee, testimony was received that inherently safer technology (IST)--the forerunner notion enshrined in proposed subsection 1443(g)--is hard to define and that experts have repeatedly testified before Congress that the government should not be in the business of mandating IST because of ``significant technical challenges that requires more research.'' Considering the implications of the requirements, the enforcement authority attendant to the requirements, the universe of unique and diversity facilities-- and their resources--and the public health and welfare issues that would be swept into this requirement, we are very concerned that such a mandate is contained in the bill. For this reason, we attempted to strike proposed subsection 1433(g), but this amendment was rejected by the Majority. Finally, as it relates to our concerns with the provisions of proposed subsection 1433(g), no one should be under the impression that without this bill nothing is being done at these facilities. To the contrary, in addition to required compliance with the EPA's Risk Management program, the U.S. Occupational Safety and Health Administration's Process Safety Management standard, and the Emergency Planning and Community Right to Know Act; many facilities, without the benefit of a federal mandate, have voluntarily reduced their risks. These facilities did so because it made sense for many reasons, and these facilities could do it on their own timeline, minimizing risks to their workers, their plants, and the surrounding community. Further, we are keenly aware that drinking water treatment can be complex and is closely constrained by Safe Drinking Water Act (SDWA) regulations, production demands, and customer affordability. Evaluating changes to water treatment must be thoughtful and consider the effects those changes will have on the quality of water provided to consumers, and the sustainability of the treatment process over time and under adverse conditions. The evaluation must be technically transparent and fully consider all the alternatives available to the water system. An example that illustrates a robust and transparent technical approach is ``Selecting Disinfectants in a Security-Conscious Environment,'' a guide published by the American Water Works Association. This guide outlines a five step process beginning with assessing the current situation and ending in implementation of necessary actions; linkages to routinely used engineering tools, techniques, and references are provided for each step in the process. It also incorporates accepted risk communication principles throughout the evaluation process, and incorporates ties to existing EPA and DHS guidance where relevant. In addition to our objections to the bill described above, H.R. 3258 raises genuine national and homeland security concerns by rejecting security-enhancing provisions in favor of environmental law type standards in other areas, most notably information protection. H.R. 3258 changes existing information protection requirements instituted in Title IV and contained in Section 1433(a) of SDWA. Instead, H.R. 3258 adopts a public ``right-to-know'' view that only documents and information specifically identified in the law should be included as protected, and the bill effectively leaves unprotected materials that may have security implications. We are further concerned that, unlike the chemical facility security legislation considered by our Committee, that proposed subsection 1433(l)(7)(B) allows certain sensitive materials to be released as long as it contains redactions of potentially seriously sensitive information. We question the need to even have amended versions of these items in the public domain. We do not underestimate the potential for such materials to be sought in discovery and compelled in litigation by people who wish us harm. For that reason, we are troubled by the legislation's conscious exclusion of certain materials from protection, allowing them to serve as terror ``blue-prints'' for the able. Most strikingly, H.R. 3258 places an extremely high bar on prosecution of improper disclosures of sensitive, protected information, and requires a showing that such information was divulged ``purposefully'' before penalties would apply. Specifically, H.R. 3258 repeals the ``knowingly or recklessly'' prosecution standard contained in SDWA Section 1433(a) and replaces it with a much higher prosecution standard to meet under the law--``purposefully''--when trying to penalize persons for disclosure of protected, sensitive information--we doubt that there are many scenarios, if any, in which sanctions could be enforced. The ``purposefully'' standard would not allow the United States to prosecute anyone who has been careless, negligent, or reckless with sensitive, protected information. At both subcommittee and full committee we offered to reinsert the well-established standard of ``knowingly or recklessly,'' each time being rejected by arguments that did not reflect an understanding of the provisions of the bill or an appreciation for what was at stake. We believe a deterrent of a strong penalty is only efficacious if it can actually be enforced. We are disappointed that the Majority did not share this paramount concern as well. Additionally, we are opposed to H.R. 3258's silence on citizen suit provisions, allowing any person to sue a drinking water facility under Section 1449 of SDWA and compel sensitive information on these plants through discovery. We do not understand how the Majority would try to make an effort to try and protect individual chemical plants from these suits because of potential problems, but leave drinking water systems exposed to this assault. It is no secret that terrorists hire lawyers, and DHS has testified to Congress that citizen suits may lead to the disclosure of sensitive information in these proceedings. We question why it is needed at all. We are disappointed that the Majority defeated amendments to bar this provision, unsympathetic to the potential unintended consequences it might engender. Finally, on the matter of preemption, proposed subsection 1433(n) allows States and local governments to enact laws that are more ``stringent'' than the federal law. This is a new standard for a security program and one modeled after, but not identical to other provisions in SDWA on drinking water contaminant standards. We believe the EPA program should be a uniform, national standard which States and local governments should not disrupt. This is not a novel approach; it is already the case in nuclear, hazmat transportation, aviation, and port security programs where the federal government is the dominant regulator. Embracing a patchwork approach to national security, however, the Majority on the Committee voted against an amendment offered by the Minority that would have restricted States from enacting laws that pose obstacles to, hinder, or frustrate the purpose of this drinking water safety law. While it may be appropriate in many localized pollution cases to have State and local laws that are more stringent than the relevant federal environmental statutes, we cannot treat homeland security like a local problem relegated to one area or State. There are other provisions in this bill that give us pause, but they are secondary to the larger issues we have mentioned. Ultimately, we had hoped that because this bill relates to homeland security protection, long a bipartisan issue, that it would have been possible to reach a legislative compromise. We believe, however, that partisanship and misdirected ideology have left our committee reporting a bill that naively sacrifices sound, homeland security policy in the name of environmental goals. We will continue to fight the provisions we have identified above because they do not make us safer in defense of the country and people we have taken an oath to protect. Absent significant changes that balance real security with economic freedom; openness with firm, meaningful protections; and local flexibility with a strong, overarching framework; we must oppose this bill, as reported, and urge the Congress to do the same. Joe Barton, Ranking Member. Fred Upton. Greg Walden. Cliff Stearns. John Shimkus. George Radanovich. Ralph M. Hall. Ed Whitfield. Nathan Deal. Roy Blunt. Steve Buyer. Lee Terry. Joseph R. Pitts. Steve Scalise. John Shadegg. John Sullivan. Tim Murphy. Marsha Blackburn. Phil Gingrey. Michael Burgess. Sue Myrick. Mike Rogers. Mary Bono Mack.