[House Report 111-313]
[From the U.S. Government Publishing Office]
111th Congress Report
HOUSE OF REPRESENTATIVES
1st Session 111-313
======================================================================
DRINKING WATER SYSTEM SECURITY ACT OF 2009
_______
October 23, 2009.--Committed to the Committee of the Whole House on the
State of the Union and ordered to be printed
_______
Mr. Waxman, from the Committee on Energy and Commerce, submitted the
following
R E P O R T
together with
DISSENTING VIEWS
[To accompany H.R. 3258]
[Including cost estimate of the Congressional Budget Office]
The Committee on Energy and Commerce, to whom was referred
the bill (H.R. 3258) to amend the Safe Drinking Water Act to
enhance the security of the public water systems of the United
States, having considered the same, report favorably thereon
with an amendment and recommend that the bill as amended do
pass.
CONTENTS
Page
Amendment........................................................ 2
Purpose and Summary.............................................. 11
Background and Need for Legislation.............................. 11
Legislative History.............................................. 12
Committee Consideration.......................................... 12
Committee Votes.................................................. 13
Committee Oversight Findings and Recommendations................. 13
New Budget Authority, Entitlement Authority, and Tax Expenditures 13
Statement of General Performance Goals and Objectives............ 13
Constitutional Authority Statement............................... 14
Earmarks and Tax and Tariff Benefits............................. 14
Advisory Committee Statement..................................... 14
Applicability of Law to Legislative Branch....................... 14
Federal Mandates Statement....................................... 15
Committee Cost Estimate.......................................... 15
Congressional Budget Office Estimate............................. 15
Section-by-Section Analysis of the Legislation................... 18
Changes in Existing Law Made by the Bill, as Reported............ 25
Dissenting Views................................................. 44
Amendment
The amendment is as follows:
Strike all after the enacting clause and insert the
following:
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Drinking Water System Security Act of
2009''.
SEC. 2. INTENTIONAL ACTS AFFECTING THE SECURITY OF COVERED WATER
SYSTEMS.
(a) Amendment of Safe Drinking Water Act.--Section 1433 of the Safe
Drinking Water Act (42 U.S.C. 300i-2) is amended to read as follows:
``SEC. 1433. INTENTIONAL ACTS.
``(a) Risk-Based Performance Standards; Vulnerability Assessments;
Site Security Plans; Emergency Response Plans.--
``(1) In general.--The Administrator shall issue
regulations--
``(A) establishing risk-based performance standards
for the security of covered water systems; and
``(B) establishing requirements and deadlines for
each covered water system--
``(i) to conduct a vulnerability assessment
or, if the system already has a vulnerability
assessment, to revise the assessment to be in
accordance with this section;
``(ii) to update the vulnerability assessment
not less than every 5 years and promptly after
any change at the system that could cause the
reassignment of the system to a different risk-
based tier under subsection (d);
``(iii) to develop, implement, and, as
appropriate, revise a site security plan not
less than every 5 years and promptly after a
revision to the vulnerability assessment;
``(iv) to develop an emergency response plan
(or, if the system has already developed an
emergency response plan, to revise the plan to
be in accordance with this section) and revise
the plan not less than every 5 years
thereafter; and
``(v) to provide annual training to employees
and contractor employees of covered water
systems on implementing site security plans and
emergency response plans.
``(2) Covered water systems.--For purposes of this section,
the term `covered water system' means a public water system
that--
``(A) is a community water system serving a
population greater than 3,300; or
``(B) in the discretion of the Administrator,
presents a security risk making regulation under this
section appropriate.
``(3) Consultation with state authorities.--In developing and
carrying out the regulations under paragraph (1), the
Administrator shall consult with States exercising primary
enforcement responsibility for public water systems.
``(4) Consultation with other persons.--In developing and
carrying out the regulations under paragraph (1), the
Administrator shall consult with the Secretary of Homeland
Security, and, as appropriate, other persons regarding--
``(A) provision of threat-related and other baseline
information to covered water systems;
``(B) designation of substances of concern;
``(C) development of risk-based performance
standards;
``(D) establishment of risk-based tiers and process
for the assignment of covered water systems to risk-
based tiers;
``(E) process for the development and evaluation of
vulnerability assessments, site security plans, and
emergency response plans;
``(F) treatment of protected information;
``(G) security at co-managed drinking water and
wastewater facilities; and
``(H) such other matters as the Administrator
determines necessary.
``(5) Substances of concern.--For purposes of this section,
the Administrator, in consultation with the Secretary of
Homeland Security--
``(A) may designate any chemical substance as a
substance of concern;
``(B) at the time any substance is designated
pursuant to subparagraph (A), shall establish by rule a
threshold quantity for the release or theft of the
substance, taking into account the toxicity,
reactivity, volatility, dispersability, combustibility,
and flammability of the substance and the amount of the
substance that, as a result of a release, is known to
cause or may be reasonably anticipated to cause death,
injury, or serious adverse effects to human health or
the environment; and
``(C) in making such a designation, shall take into
account appendix A to part 27 of title 6, Code of
Federal Regulations (or any successor regulations).
``(6) Baseline information.--The Administrator, after
consultation with appropriate departments and agencies of the
Federal Government and with State, local, and tribal
governments, shall, for purposes of facilitating compliance
with the requirements of this section, promptly after the
effective date of the regulations under subsection (a)(1) and
as appropriate thereafter, provide baseline information to
covered water systems regarding which kinds of intentional acts
are the probable threats to--
``(A) substantially disrupt the ability of the system
to provide a safe and reliable supply of drinking
water;
``(B) cause the release of a substance of concern at
the covered water system; or
``(C) cause the theft, misuse, or misappropriation of
a substance of concern.
``(b) Risk-Based Performance Standards.--The regulations under
subsection (a)(1) shall set forth risk-based performance standards for
site security plans required by this section. The standards shall be
separate and, as appropriate, increasingly stringent based on the level
of risk associated with the covered water system's risk-based tier
assignment under subsection (d). In developing such standards, the
Administrator shall take into account section 27.230 of title 6, Code
of Federal Regulations (or any successor regulations).
``(c) Vulnerability Assessment.--The regulations under subsection
(a)(1) shall require each covered water system to assess the system's
vulnerability to a range of intentional acts, including an intentional
act that results in a release of a substance of concern that is known
to cause or may be reasonably anticipated to cause death, injury, or
serious adverse effects to human health or the environment. At a
minimum, the vulnerability assessment shall include a review of--
``(1) pipes and constructed conveyances;
``(2) physical barriers;
``(3) water collection, pretreatment, treatment, storage, and
distribution facilities, including fire hydrants;
``(4) electronic, computer, and other automated systems that
are used by the covered water system;
``(5) the use, storage, or handling of various chemicals,
including substances of concern;
``(6) the operation and maintenance of the covered water
system; and
``(7) the covered water system's resiliency and ability to
ensure continuity of operations in the event of a disruption
caused by an intentional act.
``(d) Risk-Based Tiers.--The regulations under subsection (a)(1)
shall provide for 4 risk-based tiers applicable to covered water
systems, with tier one representing the highest degree of security
risk.
``(1) Assignment of risk-based tiers.--
``(A) Submission of information.--The Administrator
may require a covered water system to submit
information in order to determine the appropriate risk-
based tier for the covered water system.
``(B) Factors to consider.--The Administrator shall
assign (and reassign when appropriate) each covered
water system to one of the risk-based tiers established
pursuant to this subsection. In assigning a covered
water system to a risk-based tier, the Administrator
shall consider the potential consequences (such as
death, injury, or serious adverse effects to human
health, the environment, critical infrastructure,
national security, and the national economy) from--
``(i) an intentional act to cause a release,
including a worst-case release, of a substance
of concern at the covered water system;
``(ii) an intentional act to introduce a
contaminant into the drinking water supply or
disrupt the safe and reliable supply of
drinking water; and
``(iii) an intentional act to steal,
misappropriate, or misuse substances of
concern.
``(2) Explanation for risk-based tier assignment.--The
Administrator shall provide each covered water system assigned
to a risk-based tier with the reasons for the tier assignment
and whether such system is required to submit an assessment
under subsection (g)(2).
``(e) Development and Implementation of Site Security Plans.--The
regulations under subsection (a)(1) shall permit each covered water
system, in developing and implementing its site security plan required
by this section, to select layered security and preparedness measures
that, in combination, appropriately--
``(1) address the security risks identified in its
vulnerability assessment; and
``(2) comply with the applicable risk-based performance
standards required under this section.
``(f) Role of Employees.--
``(1) Description of role.--Site security plans and emergency
response plans required under this section shall describe the
appropriate roles or responsibilities that employees and
contractor employees are expected to perform to deter or
respond to the intentional acts described in subsection
(d)(1)(B).
``(2) Training for employees.--Each covered water system
shall annually provide employees and contractor employees with
roles or responsibilities described in paragraph (1) with a
minimum of 8 hours of training on carrying out those roles or
responsibilities.
``(3) Employee participation.--In developing, revising, or
updating a vulnerability assessment, site security plan, and
emergency response plan required under this section, a covered
water system shall include--
``(A) at least one supervisory and at least one non-
supervisory employee of the covered water system; and
``(B) at least one representative of each certified
or recognized bargaining agent representing facility
employees or contractor employees with roles or
responsibilities described in paragraph (1), if any, in
a collective bargaining relationship with the private
or public owner or operator of the system or with a
contractor to that system.
``(g) Methods To Reduce the Consequences of a Chemical Release From
an Intentional Act.--
``(1) Definition.--In this section, the term `method to
reduce the consequences of a chemical release from an
intentional act' means a measure at a covered water system that
reduces or eliminates the potential consequences of a release
of a substance of concern from an intentional act such as--
``(A) the elimination or reduction in the amount of a
substance of concern possessed or planned to be
possessed by a covered water system through the use of
alternate substances, formulations, or processes;
``(B) the modification of pressures, temperatures, or
concentrations of a substance of concern; and
``(C) the reduction or elimination of onsite handling
of a substance of concern through improvement of
inventory control or chemical use efficiency.
``(2) Assessment.--For each covered water system that
possesses or plans to possess a substance of concern in excess
of the release threshold quantity set by the Administrator
under subsection (a)(5), the regulations under subsection
(a)(1) shall require the covered water system to include in its
site security plan an assessment of methods to reduce the
consequences of a chemical release from an intentional act at
the covered water system. The covered water system shall
provide such assessment to the Administrator and the State
exercising primary enforcement responsibility for the covered
water system, if any. The regulations under subsection (a)(1)
shall require the system, in preparing the assessment, to
consider factors appropriate to the system's security, public
health, or environmental mission, and include--
``(A) a description of the methods to reduce the
consequences of a chemical release from an intentional
act;
``(B) how each described method to reduce the
consequences of a chemical release from an intentional
act could, if applied, reduce the potential extent of
death, injury, or serious adverse effects to human
health resulting from a chemical release;
``(C) how each described method to reduce the
consequences of a chemical release from an intentional
act could, if applied, affect the presence of
contaminants in treated water, human health, or the
environment;
``(D) whether each described method to reduce the
consequences of a chemical release from an intentional
act at the covered water system is feasible, as defined
in section 1412(b)(4)(D), but not including cost
calculations under subparagraph (E);
``(E) the costs (including capital and operational
costs) and avoided costs (including savings and
liabilities) associated with applying each described
method to reduce the consequences of a chemical release
from an intentional act at the covered water system;
``(F) any other relevant information that the covered
water system relied on in conducting the assessment;
and
``(G) a statement of whether the covered water system
has implemented or plans to implement one or more
methods to reduce the consequences of a chemical
release from an intentional act, a description of any
such methods, and, in the case of a covered water
system described in paragraph (3)(A), an explanation of
the reasons for any decision not to implement any such
methods.
``(3) Required methods.--
``(A) Application.--This paragraph applies to a
covered water system--
``(i) that is assigned to one of the two
highest risk-based tiers under subsection (d);
and
``(ii) that possesses or plans to possess a
substance of concern in excess of the release
threshold quantity set by the Administrator
under subsection (a)(5).
``(B) Highest-risk systems.--If, on the basis of its
assessment under paragraph (2), a covered water system
described in subparagraph (A) decides not to implement
methods to reduce the consequences of a chemical
release from an intentional act, the State exercising
primary enforcement responsibility for the covered
water system, if the system is located in such a State,
or the Administrator, if the covered water system is
not located in such a State, shall, in accordance with
a timeline set by the Administrator--
``(i) determine whether to require the
covered water system to implement the methods;
and
``(ii) for States exercising primary
enforcement responsibility, report such
determination to the Administrator.
``(C) State or administrator's considerations.--
Before requiring, pursuant to subparagraph (B), the
implementation of a method to reduce the consequences
of a chemical release from an intentional act, the
State exercising primary enforcement responsibility for
the covered water system, if the system is located in
such a State, or the Administrator, if the covered
water system is not located in such a State, shall
consider factors appropriate to the security, public
health, and environmental missions of covered water
systems, including an examination of whether the
method--
``(i) would significantly reduce the risk of
death, injury, or serious adverse effects to
human health resulting directly from a chemical
release from an intentional act at the covered
water system;
``(ii) would not increase the interim storage
of a substance of concern by the covered water
system;
``(iii) would not render the covered water
system unable to comply with other requirements
of this Act or drinking water standards
established by the State or political
subdivision in which the system is located; and
``(iv) is feasible, as defined in section
1412(b)(4)(D), to be incorporated into the
operation of the covered water system.
``(D) Appeal.--Before requiring, pursuant to
subparagraph (B), the implementation of a method to
reduce the consequences of a chemical release from an
intentional act, the State exercising primary
enforcement responsibility for the covered water
system, if the system is located in such a State, or
the Administrator, if the covered water system is not
located in such a State, shall provide such covered
water system an opportunity to appeal the determination
to require such implementation made pursuant to
subparagraph (B) by such State or the Administrator.
``(4) Incomplete or late assessments.--
``(A) Incomplete assessments.--If the Administrator
finds that the covered water system, in conducting its
assessment under paragraph (2), did not meet the
requirements of paragraph (2) and the applicable
regulations, the Administrator shall, after notifying
the covered water system and the State exercising
primary enforcement responsibility for that system, if
any, require the covered water system to submit a
revised assessment not later than 60 days after the
Administrator notifies such system. The Administrator
may require such additional revisions as are necessary
to ensure that the system meets the requirements of
paragraph (2) and the applicable regulations.
``(B) Late assessments.--If the Administrator finds
that a covered water system, in conducting its
assessment pursuant to paragraph (2), did not complete
such assessment in accordance with the deadline set by
the Administrator, the Administrator may, after
notifying the covered water system and the State
exercising primary enforcement responsibility for that
system, if any, take appropriate enforcement action
under subsection (o).
``(C) Review.--The State exercising primary
enforcement responsibility for the covered water
system, if the system is located in such a State, or
the Administrator, if the system is not located in such
a State, shall review a revised assessment that meets
the requirements of paragraph (2) and applicable
regulations to determine whether the covered water
system will be required to implement methods to reduce
the consequences of an intentional act pursuant to
paragraph (3).
``(5) Enforcement.--
``(A) Failure by state to make determination.--
Whenever the Administrator finds that a State
exercising primary enforcement responsibility for a
covered water system has failed to determine whether to
require the covered water system to implement methods
to reduce the consequences of a chemical release from
an intentional act, as required by paragraph (3)(B),
the Administrator shall so notify the State and covered
water system. If, beyond the thirtieth day after the
Administrator's notification under the preceding
sentence, the State has failed to make the
determination described in such sentence, the
Administrator shall so notify the State and covered
water system and shall determine whether to require the
covered water system to implement methods to reduce the
consequences of a chemical release from an intentional
act based on the factors described in paragraph (3)(C).
``(B) Failure by state to bring enforcement action.--
If the Administrator finds, with respect to a period in
which a State has primary enforcement responsibility
for a covered water system, that the system has failed
to implement methods to reduce the consequences of a
chemical release from an intentional act (as required
by the State or the Administrator under paragraph
(3)(B) or the Administrator under subparagraph (A)),
the Administrator shall so notify the State and the
covered water system. If, beyond the thirtieth day
after the Administrator's notification under the
preceding sentence, the State has not commenced
appropriate enforcement action, the Administrator shall
so notify the State and may commence an enforcement
action against the system, including by seeking or
imposing civil penalties under subsection (o), to
require implementation of such methods.
``(C) Consideration of continued primary enforcement
responsibility.--For a State with primary enforcement
responsibility for a covered water system, the
Administrator may consider the failure of such State to
make a determination as described under subparagraph
(A) or to bring enforcement action as described under
subparagraph (B) when determining whether a State may
retain primary enforcement responsibility under this
Act.
``(6) Guidance for covered water systems assigned to tier 3
and tier 4.--For covered water systems required to conduct an
assessment under paragraph (2) and assigned by the
Administrator to tier 3 or tier 4 under subsection (d), the
Administrator shall issue guidance and, as appropriate, provide
or recommend tools, methodologies, or computer software, to
assist such covered water systems in complying with the
requirements of this section.
``(h) Review by Administrator.--
``(1) In general.--The regulations under subsection (a)(1)
shall require each covered water system to submit its
vulnerability assessment and site security plan to the
Administrator for review according to deadlines set by the
Administrator. The Administrator shall review each
vulnerability assessment and site security plan submitted under
this section and--
``(A) if the assessment or plan has any significant
deficiency described in paragraph (2), require the
covered water system to correct the deficiency; or
``(B) approve such assessment or plan.
``(2) Significant deficiencies.--A vulnerability assessment
or site security plan of a covered water system has a
significant deficiency under this subsection if the
Administrator, in consultation, as appropriate, with the State
exercising primary enforcement responsibility for such system,
if any, determines that--
``(A) such assessment does not comply with the
regulations established under section (a)(1); or
``(B) such plan--
``(i) fails to address vulnerabilities
identified in a vulnerability assessment; or
``(ii) fails to meet applicable risk-based
performance standards.
``(3) State, regional, or local governmental entities.--No
covered water system shall be required under State, local, or
tribal law to provide a vulnerability assessment or site
security plan described in this section to any State, regional,
local, or tribal governmental entity solely by reason of the
requirement set forth in paragraph (1) that the system submit
such an assessment and plan to the Administrator.
``(i) Emergency Response Plan.--
``(1) In general.--Each covered water system shall prepare or
revise, as appropriate, an emergency response plan that
incorporates the results of the system's most current
vulnerability assessment and site security plan.
``(2) Certification.--Each covered water system shall certify
to the Administrator that the system has completed an emergency
response plan. The system shall submit such certification to
the Administrator not later than 6 months after the system's
first completion or revision of a vulnerability assessment
under this section and shall submit an additional certification
following any update of the emergency response plan.
``(3) Contents.--A covered water system's emergency response
plan shall include--
``(A) plans, procedures, and identification of
equipment that can be implemented or used in the event
of an intentional act at the covered water system; and
``(B) actions, procedures, and identification of
equipment that can obviate or significantly lessen the
impact of intentional acts on public health and the
safety and supply of drinking water provided to
communities and individuals.
``(4) Coordination.--As part of its emergency response plan,
each covered water system shall provide appropriate information
to any local emergency planning committee, local law
enforcement officials, and local emergency response providers
to ensure an effective, collective response.
``(j) Maintenance of Records.--Each covered water system shall
maintain an updated copy of its vulnerability assessment, site security
plan, and emergency response plan.
``(k) Audit; Inspection.--
``(1) In general.--Notwithstanding section 1445(b)(2), the
Administrator, or duly designated representatives of the
Administrator, shall audit and inspect covered water systems,
as necessary, for purposes of determining compliance with this
section.
``(2) Access.--In conducting an audit or inspection of a
covered water system, the Administrator or duly designated
representatives of the Administrator, as appropriate, shall
have access to the owners, operators, employees and contractor
employees, and employee representatives, if any, of such
covered water system.
``(3) Confidential communication of information; aiding
inspections.--The Administrator, or a duly designated
representative of the Administrator, shall offer non-
supervisory employees of a covered water system the opportunity
confidentially to communicate information relevant to the
employer's compliance or noncompliance with this section,
including compliance or noncompliance with any regulation or
requirement adopted by the Administrator in furtherance of the
purposes of this section. A representative of each certified or
recognized bargaining agent described in subsection (f)(3)(B),
if any, or, if none, a non-supervisory employee, shall be given
an opportunity to accompany the Administrator, or the duly
designated representative of the Administrator, during the
physical inspection of any covered water system for the purpose
of aiding such inspection, if representatives of the covered
water system will also be accompanying the Administrator or the
duly designated representative of the Administrator on such
inspection.
``(l) Protection of Information.--
``(1) Prohibition of public disclosure of protected
information.--Protected information shall--
``(A) be exempt from disclosure under section 552 of
title 5, United States Code; and
``(B) not be made available pursuant to any State,
local, or tribal law requiring disclosure of
information or records.
``(2) Information sharing.--
``(A) In general.--The Administrator shall prescribe
such regulations, and may issue such orders, as
necessary to prohibit the unauthorized disclosure of
protected information, as described in paragraph (7).
``(B) Sharing of protected information.--The
regulations under subparagraph (A) shall provide
standards for and facilitate the appropriate sharing of
protected information with and between Federal, State,
local, and tribal authorities, first responders, law
enforcement officials, designated supervisory and non-
supervisory covered water system personnel with
security, operational, or fiduciary responsibility for
the system, and designated facility employee
representatives, if any. Such standards shall include
procedures for the sharing of all portions of a covered
water system's vulnerability assessment and site
security plan relating to the roles and
responsibilities of system employees or contractor
employees under subsection (f)(1) with a representative
of each certified or recognized bargaining agent
representing such employees, if any, or, if none, with
at least one supervisory and at least one non-
supervisory employee with roles and responsibilities
under subsection (f)(1).
``(C) Penalties.--Protected information, as described
in paragraph (7), shall not be shared except in
accordance with the standards provided by the
regulations under subparagraph (A). Any person who
purposefully publishes, divulges, discloses, or makes
known protected information in any manner or to any
extent not authorized by the standards provided by the
regulations under subparagraph (A), shall, upon
conviction, be imprisoned for not more than one year or
fined in accordance with the provisions of chapter 227
of title 18, United States Code, applicable to class A
misdemeanors, or both, and, in the case of Federal
employees or officeholders, shall be removed from
Federal office or employment.
``(3) Treatment of information in adjudicative proceedings.--
In any judicial or administrative proceeding, protected
information, as described in paragraph (7), shall be treated in
a manner consistent with the treatment of Sensitive Security
Information under section 525 of the Department of Homeland
Security Appropriations Act, 2007 (Public Law 109-295; 120
Stat. 1381).
``(4) Other obligations unaffected.--Except as provided in
subsection (h)(3), nothing in this section amends or affects an
obligation of a covered water system--
``(A) to submit or make available information to
system employees, employee organizations, or a Federal,
State, tribal, or local government agency under any
other law; or
``(B) to comply with any other law.
``(5) Congressional oversight.--Nothing in this section
permits or authorizes the withholding of information from
Congress or any committee or subcommittee thereof.
``(6) Disclosure of independently furnished information.--
Nothing in this section amends or affects any authority or
obligation of a Federal, State, local, or tribal agency to
protect or disclose any record or information that the Federal,
State, local, or tribal agency obtains from a covered water
system or the Administrator under any other law.
``(7) Protected information.--
``(A) In general.--For purposes of this section,
protected information is any of the following:
``(i) Vulnerability assessments and site
security plans under this section, including
any assessment developed pursuant to subsection
(g)(2).
``(ii) Documents directly related to the
Administrator's review of assessments and plans
described in clause (i) and, as applicable, the
State's review of an assessment prepared under
subsection (g)(2).
``(iii) Documents directly related to
inspections and audits under this section.
``(iv) Orders, notices, or letters regarding
the compliance of a covered water system with
the requirements of this section.
``(v) Information required to be provided to,
or documents and records created by, the
Administrator under subsection (d).
``(vi) Documents directly related to security
drills and training exercises, security threats
and breaches of security, and maintenance,
calibration, and testing of security equipment.
``(vii) Other information, documents, and
records developed exclusively for the purposes
of this section that the Administrator
determines would be detrimental to the security
of one or more covered water systems if
disclosed.
``(B) Detriment requirement.--For purposes of clauses
(ii), (iii), (iv), (v), and (vi) of subparagraph (A),
the only portions of documents, records, orders,
notices, and letters that shall be considered protected
information are those portions that--
``(i) would be detrimental to the security of
one or more covered water systems if disclosed;
and
``(ii) are developed by the Administrator,
the State, or the covered water system for the
purposes of this section.
``(C) Exclusions.--For purposes of this section,
protected information does not include--
``(i) information that is otherwise publicly
available, including information that is
required to be made publicly available under
any law;
``(ii) information that a covered water
system has lawfully disclosed other than in
accordance with this section; and
``(iii) information that, if disclosed, would
not be detrimental to the security of one or
more covered water systems, including aggregate
regulatory data that the Administrator
determines appropriate to describe system
compliance with the requirements of this
section and the Administrator's implementation
of such requirements.
``(m) Relation to Chemical Facility Security Requirements.--The
following provisions (and any regulations promulgated thereunder) shall
not apply to any public water system subject to this Act:
``(1) Title XXI of the Homeland Security Act of 2002 (as
proposed to be added by H.R. 2868, the Chemical Facility Anti-
Terrorism Act of 2009).
``(2) Section 550 of the Department of Homeland Security
Appropriations Act, 2007 (Public Law 109-295).
``(3) The Chemical Facility Anti-Terrorism Act of 2009.
``(n) Preemption.--This section does not preclude or deny the right
of any State or political subdivision thereof to adopt or enforce any
regulation, requirement, or standard of performance with respect to a
covered water system that is more stringent than a regulation,
requirement, or standard of performance under this section.
``(o) Violations.--
``(1) In general.--A covered water system that violates any
requirement of this section, including by not implementing all
or part of its site security plan by such date as the
Administrator requires, shall be liable for a civil penalty of
not more than $25,000 for each day on which the violation
occurs.
``(2) Procedure.--When the Administrator determines that a
covered water system is subject to a civil penalty under
paragraph (1), the Administrator, after consultation with the
State, for covered water systems located in a State exercising
primary responsibility for the covered water system, and, after
considering the severity of the violation or deficiency and the
record of the covered water system in carrying out the
requirements of this section, may--
``(A) after notice and an opportunity for the covered
water system to be heard, issue an order assessing a
civil penalty under such paragraph for any past or
current violation, requiring compliance immediately or
within a specified time period; or
``(B) commence a civil action in the United States
district court in the district in which the violation
occurred for appropriate relief, including temporary or
permanent injunction.
``(3) Methods to reduce the consequences of a chemical
release from an intentional act.--Except as provided in
subsections (g)(4) and (g)(5), if a covered water system is
located in a State exercising primary enforcement
responsibility for the system, the Administrator may not issue
an order or commence a civil action under this section for any
deficiency in the content or implementation of the portion of
the system's site security plan relating to methods to reduce
the consequences of a chemical release from an intentional act
(as defined in subsection (g)(1)).
``(p) Report to Congress.--
``(1) Periodic report.--Not later than 3 years after the
effective date of the regulations under subsection (a)(1), and
every 3 years thereafter, the Administrator shall transmit to
the Committee on Energy and Commerce of the House of
Representatives and the Committee on Environment and Public
Works of the Senate a report on progress in achieving
compliance with this section. Each such report shall include,
at a minimum, the following:
``(A) A generalized summary of measures implemented
by covered water systems in order to meet each risk-
based performance standard established by this section.
``(B) A summary of how the covered water systems,
differentiated by risk-based tier assignment, are
complying with the requirements of this section during
the period covered by the report and how the
Administrator is implementing and enforcing such
requirements during such period including--
``(i) the number of public water systems that
provided the Administrator with information
pursuant to subsection (d)(1);
``(ii) the number of covered water systems
assigned to each risk-based tier;
``(iii) the number of vulnerability
assessments and site security plans submitted
by covered water systems;
``(iv) the number of vulnerability
assessments and site security plans approved
and disapproved by the Administrator;
``(v) the number of covered water systems
without approved vulnerability assessments or
site security plans;
``(vi) the number of covered water systems
that have been assigned to a different risk-
based tier due to implementation of a method to
reduce the consequences of a chemical release
from an intentional act and a description of
the types of such implemented methods;
``(vii) the number of audits and inspections
conducted by the Administrator or duly
designated representatives of the
Administrator;
``(viii) the number of orders for compliance
issued by the Administrator;
``(ix) the administrative penalties assessed
by the Administrator for non-compliance with
the requirements of this section;
``(x) the civil penalties assessed by courts
for non-compliance with the requirements of
this section; and
``(xi) any other regulatory data the
Administrator determines appropriate to
describe covered water system compliance with
the requirements of this section and the
Administrator's implementation of such
requirements.
``(2) Public availability.--A report submitted under this
section shall be made publicly available.
``(q) Grant Programs.--
``(1) Implementation grants to states.--The Administrator may
award grants to, or enter into cooperative agreements with,
States, based on an allocation formula established by the
Administrator, to assist the States in implementing this
section.
``(2) Research, training, and technical assistance grants.--
The Administrator may award grants to, or enter into
cooperative agreements with, non-profit organizations to
provide research, training, and technical assistance to covered
water systems to assist them in carrying out their
responsibilities under this section.
``(3) Preparation grants.--
``(A) Grants.--The Administrator may award grants to,
or enter into cooperative agreements with, covered
water systems to assist such systems in--
``(i) preparing and updating vulnerability
assessments, site security plans, and emergency
response plans;
``(ii) assessing and implementing methods to
reduce the consequences of a release of a
substance of concern from an intentional act;
and
``(iii) implementing any other security
reviews and enhancements necessary to comply
with this section.
``(B) Priority.--
``(i) Need.--The Administrator, in awarding
grants or entering into cooperative agreements
for purposes described in subparagraph (A)(i),
shall give priority to covered water systems
that have the greatest need.
``(ii) Security risk.--The Administrator, in
awarding grants or entering into cooperative
agreements for purposes described in
subparagraph (A)(ii), shall give priority to
covered water systems that pose the greatest
security risk.
``(4) Worker training grants program authority.--
``(A) In general.--The Administrator shall establish
a grant program to award grants to eligible entities to
provide for training and education of employees and
contractor employees with roles or responsibilities
described in subsection (f)(1) and first responders and
emergency response providers who would respond to an
intentional act at a covered water system.
``(B) Administration.--The Administrator shall enter
into an agreement with the National Institute of
Environmental Health Sciences to make and administer
grants under this paragraph.
``(C) Use of funds.--The recipient of a grant under
this paragraph shall use the grant to provide for--
``(i) training and education of employees and
contractor employees with roles or
responsibilities described in subsection
(f)(1), including the annual mandatory training
specified in subsection (f)(2) or training for
first responders in protecting nearby persons,
property, or the environment from the effects
of a release of a substance of concern at the
covered water system, with priority given to
covered water systems assigned to tier one or
tier two under subsection (d); and
``(ii) appropriate training for first
responders and emergency response providers who
would respond to an intentional act at a
covered water system.
``(D) Eligible entities.--For purposes of this
paragraph, an eligible entity is a nonprofit
organization with demonstrated experience in
implementing and operating successful worker or first
responder health and safety or security training
programs.
``(r) Authorization of Appropriations.--
``(1) In general.--To carry out this section, there are
authorized to be appropriated--
``(A) $315,000,000 for fiscal year 2011, of which up
to--
``(i) $30,000,000 may be used for
administrative costs incurred by the
Administrator or the States, as appropriate;
and
``(ii) $125,000,000 may be used to implement
methods to reduce the consequences of a
chemical release from an intentional act at
covered water systems with priority given to
covered water systems assigned to tier one or
tier two under subsection (d); and
``(B) such sums as may be necessary for fiscal years
2012 through 2015.
``(2) Security enhancements.--Funding under this subsection
for basic security enhancements shall not include expenditures
for personnel costs or monitoring, operation, or maintenance of
facilities, equipment, or systems.''.
(b) Regulations; Transition.--
(1) Regulations.--Not later than 2 years after the date of
the enactment of this Act, the Administrator of the
Environmental Protection Agency shall promulgate final
regulations to carry out section 1433 of the Safe Drinking
Water Act, as amended by subsection (a).
(2) Effective date.--Until the effective date of the
regulations promulgated under paragraph (1), section 1433 of
the Safe Drinking Water Act, as in effect on the day before the
date of the enactment of this title, shall continue to apply.
(3) Savings provision.--Nothing in this section or the
amendment made by this section shall affect the application of
section 1433 of the Safe Drinking Water Act, as in effect
before the effective date of the regulations promulgated under
paragraph (1), to any violation of such section 1433 occurring
before such effective date, and the requirements of such
section 1433 shall remain in force and effect with respect to
such violation until the violation has been corrected or
enforcement proceedings completed, whichever is later.
SEC. 3. STUDY TO ASSESS THE THREAT OF CONTAMINATION OF DRINKING WATER
DISTRIBUTION SYSTEMS.
Not later than 180 days after the date of the enactment of this Act,
the Administrator of the Environmental Protection Agency, in
consultation with the Secretary of Homeland Security, shall--
(1) conduct a study to assess the threat of contamination of
drinking water being distributed through public water systems,
including fire main systems; and
(2) submit a report to the Congress on the results of such
study.
Purpose and Summary
H.R. 3258 is a bill to amend the Safe Drinking Water Act to
enhance the security of the public water systems of the United
States.
Background and Need for Legislation
In June 2002, Congress passed legislation to address
security issues at community drinking water systems. The Public
Health Security and Bioterrorism Preparedness and Response Act
of 2002 added section 1433 to the Safe Drinking Water Act,
which required community water systems serving more than 3,300
individuals to conduct an assessment of their vulnerability to
terrorist attack or other intentional acts to disrupt a safe
and reliable drinking water supply.
Both President Clinton and President Bush issued directives
on critical infrastructure protection relating to the water
sector. In 1998, President Clinton issued Presidential Decision
Directive 63, which designated the U.S. Environmental
Protection Agency (EPA) as the lead federal agency for the
water supply sector. In 2003, President Bush issued Homeland
Security Presidential Directive 7, which affirmed EPA as the
lead federal agency for coordinating protection of the nation's
critical infrastructure for the water sector. This authority
was later reaffirmed and expanded in Homeland Security
Directive 9 on January 30, 2004. EPA established a Water
Security Division within the Office of Ground Water and
Drinking Water to carry out its water sector security
responsibilities.
In the fall of 2006, as part of the Homeland Security
Appropriations bill, Congress authorized the Department of
Homeland Security (DHS) to establish risk-based security
performance standards for protecting certain chemical
facilities. In April 2007, DHS finalized the Chemical Facility
Anti-Terrorism Standards (CFATS). The authorizing statute and
regulations exempted drinking water and wastewater facilities
from the program, resulting in what DHS and EPA have called a
``critical security gap.''
On July 20, 2009, Chairman Waxman and Subcommittee on
Energy and Environment Chairman Markey, joined by Reps. Capps,
Pallone, Sarbanes, and Schakowsky, introduced the Drinking
Water System Security Act of 2009 (H.R. 3258) to address
security at drinking water facilities and close part of the
security gap.
Legislative History
H.R. 3258 was introduced on July 20, 2009, by Chairman
Waxman, Subcommittee on Energy and Environment Chairman Markey,
and Reps. Pallone, Capps, Sarbanes, and Schakowsky.
The Subcommittee on Energy and Environment held a
legislative hearing on October 1, 2009, on two bills: H.R.
3258, the Drinking Water System Security Act of 2009, and H.R.
2868, the Chemical Facility Anti-Terrorism Act of 2009. The
Subcommittee received testimony from two panels of witnesses.
The witnesses on the first panel were the Hon. Peter Silva,
Assistant Administrator, Office of Water, U.S. Environmental
Protection Agency, and the Hon. Rand Beers, Under Secretary,
National Protection and Programs Directorate, U.S. Department
of Homeland Security. Panel 2 was comprised of four witnesses:
Mr. Brian Ramaley, Director, Newport News Waterworks (Virginia)
and President of the Board of Directors of the Association of
Metropolitan Water Agencies; Mr. Marty Durbin, Vice President,
Federal Affairs, American Chemical Council; Dr. Darius Sivin,
Legislative Representative of the CWA-UAW Legislative Alliance;
and Mr. Stephen Poorman, International EHS Manager, Fujifilm
Imaging Colorants Chair, Safety and Security Committee, Society
of Chemical Manufacturers and Affiliates.
Committee Consideration
On Wednesday, October 14, 2009, the Subcommittee on Energy
and Environment considered H.R. 3258 in open markup session and
favorably forwarded the bill to the full Committee by a voice
vote. The Committee on Energy and Commerce met in open markup
session on Wednesday, October 21, 2009, to consider H.R. 3258
as approved by the Subcommittee on Energy and Environment.
Subsequently, the Committee ordered H.R. 3258 favorably
reported to the House, amended, by a voice vote.
Committee Votes
Clause 3(b) of rule XIII of the Rules of the House of
Representatives requires the Committee to list the recorded
votes on the motion to report legislation and amendments
thereto. The Committee agreed to a motion by Mr. Waxman to
order H.R. 3258 favorably reported to the House, amended, by a
voice vote. During the Committee's consideration of H.R. 3258,
there were no recorded votes taken on amendments offered to the
bill or the motion to report H.R. 3258 to the House.
Committee Oversight Findings and Recommendations
In compliance with clause 3(c)(1) of rule XIII of the Rules
of the House of Representatives, the findings and
recommendations of the Committee are reflected in the
descriptive portions of this report.
New Budget Authority, Entitlement Authority, and Tax Expenditures
Regarding compliance with clause 3(c)(2) of rule XIII of
the Rules of the House of Representatives, the Committee adopts
as its own the estimate of budget authority and revenues
regarding H.R. 3258 prepared by the Director of the
Congressional Budget Office pursuant to section 402 of the
Congressional Budget Act of 1974. The Committee finds that H.R.
3258 would result in no new or increased entitlement authority
or tax expenditures.
Statement of General Performance Goals and Objectives
The purpose of H.R. 3258 is to strengthen security at
drinking water facilities in order to prevent a terrorist
attack that causes a chemical release, contaminates the water
supply, or otherwise disrupts the ability of a water system to
provide a safe and reliable supply of drinking water.
Specific objectives include:
Authorizing the Administrator of the U.S.
Environmental Protection Agency to designate any
chemical substance as a substance of concern;
Requiring the Administrator to establish
risk-based performance standards for community water
systems serving more than 3,300 people and for other
public water systems that the Administrator determines
pose a security risk;
Requiring the Administrator to consult with
the Secretary of the Department of Homeland Security
and state drinking water agencies when developing the
drinking water security program;
Requiring covered water systems to identify
vulnerabilities through a security vulnerability
assessment, develop a site security plan that addresses
those vulnerabilities, and develop an emergency
response plan;
Allowing each covered water system to select
layered security measures for their site security plans
to meet risk-based performance standards, which vary by
tier;
Requiring covered water systems to include
employees and their representatives in the development
of vulnerability assessments and site security plans;
Requiring the Administrator to review each
vulnerability assessment and site security plan and
authorizing the Administrator to require each system to
correct significant deficiencies, if any, in its
assessment or plan;
Requiring all covered water systems with
dangerous chemicals in amounts exceeding release
thresholds that will be set by the Administrator to
assess whether they can switch to safer chemicals or
processes;
Authorizing state drinking water agencies
(and EPA for non-primacy states) to require a system in
one of the two highest-risk tiers to switch to safer
chemicals or processes if it is technologically and
economically feasible and if doing so will not prevent
the system from meeting its obligation to provide safe
drinking water;
Requiring state drinking water agencies (and
EPA for non-primacy states) to provide an opportunity
for a covered water system to appeal a determination if
the water system disagrees with an order to switch to
safer chemicals or processes;
Requiring the Administrator to provide
standards for the appropriate sharing of security
information and to protect this information when
disclosure would be harmful to the security of a
covered water system;
Setting criminal penalties for the
purposeful, unlawful disclosure of this protected
information;
Authorizing the Administrator or his or her
duly designated representative to audit and inspect
covered water systems to determine compliance with this
section; and
Exempting public water systems from the
requirements of the Department of Homeland Security's
Chemical Facility Anti-Terrorism Standards.
Constitutional Authority Statement
Pursuant to clause 3(d)(1) of rule XIII of the Rules of the
House of Representatives, the Committee finds that the
constitutional authority for H.R. 3258 is provided in Article
I, section 8, clauses 1, 3, and 18.
Earmarks and Tax and Tariff Benefits
H.R. 3258 does not contain any congressional earmarks,
limited tax benefits, or limited tariff benefits as defined in
clause 9 of rule XXI of the Rules of the House of
Representatives.
Advisory Committee Statement
No advisory committees were created by H.R. 3258 within the
meaning of section 5 U.S.C. App., 5(b) of the Federal Advisory
Committee Act.
Applicability of Law to the Legislative Branch
The Committee finds that H.R. 3258 does not relate to the
terms and conditions of employment or access to public services
or accommodations within the meaning of section 102(b)(3) of
the Congressional Accountability Act of 1985.
Federal Mandates Statement
The Committee adopts as its own the estimates of federal
mandates prepared by the Director of the Congressional Budget
Office pursuant to section 423 of the Unfunded Mandate Reform
Act.
Committee Cost Estimate
Pursuant to clause 3(d) of rule XIII of the Rules of the
House of Representatives, the Committee adopts as its own the
cost estimate on H.R. 3258 prepared by the Director of the
Congressional Budget Office pursuant to section 402 of the
Congressional Budget Act.
Congressional Budget Office Estimate
Pursuant to clause 3(c)(3) of rule XIII of the Rules of the
House of Representatives, the following is the cost estimate on
H.R. 3258 provided by the Congressional Budget Office pursuant
to section 402 of the Congressional Budget Act of 1974:
October 23, 2009.
Hon. Henry A. Waxman,
Chairman, Committee on Energy and Commerce,
House of Representatives, Washington, DC.
Dear Mr. Chairman: The Congressional Budget Office has
prepared the enclosed cost estimate for H.R. 3258, the Drinking
Water System Security Act of 2009.
If you wish further details on this estimate, we will be
pleased to provide them. The CBO staff contact is Susanne S.
Mehlman.
Sincerely,
Douglas W. Elmendorf.
Enclosure.
H.R. 3258--Drinking Water System Security Act of 2009
Summary: H.R. 3258 would authorize the Environmental
Protection Agency (EPA) to regulate the security of community
water systems serving more than 3,300 people and other public
water systems that EPA determines present a security risk.
Under the bill, EPA would develop regulations to require the
covered water systems to perform vulnerability assessments and
to establish site security plans and emergency response plans.
In addition, EPA would provide grants to or enter into
cooperative agreements with states, nonprofit organizations, or
covered water systems to support research and training related
to the security of such facilities, and for the preparation of
assessments and plans related to security. The grants also
could be used to implement security measures.
CBO estimates that implementing H.R. 3258 would cost about
$1 billion over the 2010-2014 period, assuming appropriation of
the necessary amounts. Enacting H.R. 3258 could affect direct
spending and receipts because the bill would establish new
criminal and civil penalties against owners and operators of
covered water systems and others who fail to comply with the
bill's requirements. However, CBO estimates that any
collections from such penalties would not be significant.
H.R. 3258 contains intergovernmental and private-sector
mandates as defined in the Unfunded Mandates Reform Act (UMRA)
because it would impose new security requirements on owners and
operators of drinking water systems. Because the costs of the
mandates on state, local, and tribal governments would depend
on future regulations, CBO cannot determine whether the
aggregate costs of the mandates would exceed the annual
threshold established in UMRA for intergovernmental entities
($69 million in 2009, adjusted annually for inflation). CBO
estimates that the costs of the mandates to private-sector
entities would probably fall below the annual threshold
established in UMRA ($139 million in 2009, adjusted annually
for inflation) because the number of privately owned systems is
small.
Estimated cost to the Federal Government: The estimated
budgetary impact of H.R. 3258 is shown in the following table.
The costs of this legislation fall within budget function 300
(natural resources and environment).
----------------------------------------------------------------------------------------------------------------
By fiscal year, in millions of dollars--
-------------------------------------------------------
2010 2011 2012 2013 2014 2010-2014
----------------------------------------------------------------------------------------------------------------
CHANGES IN SPENDING SUBJECT TO APPROPRIATION
Estimated Authorization Level........................... 0 315 322 329 338 1,304
Estimated Outlays....................................... 0 126 271 324 332 1,053
----------------------------------------------------------------------------------------------------------------
Basis of estimate: For this estimate, CBO assumes that H.R.
3258 will be enacted during fiscal year 2010, the amounts
necessary to implement the bill will be appropriated each year,
and that outlays will follow historical spending patterns for
similar programs.
This legislation would authorize the appropriation of $315
million for fiscal year 2011. Of that amount, $30 million would
be used by EPA for administrative expenses, $125 million would
be used to assist covered water systems use safer chemicals or
reduce the amount of dangerous chemicals stored onsite, and
$160 million would be used to fund grants. Grants could be used
by states or nonprofit organizations to support training,
prepare vulnerability assessments and security plans, and
implement security enhancements, which would include, for
example, the installation of surveillance equipment.
For fiscal years 2012 through 2015, this legislation would
authorize the appropriation of such sums as necessary. For each
year after 2011, CBO estimates that EPA would require the same
level of funding as in 2011, with annual adjustments for
anticipated inflation, to support the requirements under the
bill and the grants. In total, CBO estimates that enacting this
legislation would cost about $1 billion over the 2011-2014
period.
Intergovernmental and private-sector impact: H.R. 3258
contains intergovernmental and private-sector mandates as
defined in UMRA because it would impose new security
requirements on owners and operators of drinking water systems.
Because the costs of the mandates on state, local, and tribal
governments would depend on future regulations, CBO cannot
determine whether the aggregate costs of the mandates would
exceed the annual threshold established in UMRA for
intergovernmental entities ($69 million in 2009, adjusted
annually for inflation). CBO estimates that the costs of the
mandates to private-sector entities would probably fall below
the annual threshold established in UMRA ($139 million in 2009,
adjusted annually for inflation) because the number of
privately owned systems is small.
Mandates that apply to public and private entities
The bill would impose several new requirements on owners
and operators of covered drinking water systems (those serving
populations of over 3,300 people). The bill would require those
facilities to comply with performance standards to be issued by
EPA for facility security. Such standards could include
infrastructure upgrades and changes to security procedures. The
bill also would require owners and operators of covered water
systems that possess chemicals in excess of a threshold set by
EPA to assess and potentially implement alternative measures
for increasing security at their facilities if such facilities
are designated as high risk by EPA. Such measures include the
use of alternative chemicals to process drinking water and
modifications to chemical storage practices. The bill also
would require owners and operators of covered water systems to
update vulnerability assessments and emergency response plans,
and to prepare and implement site security plans. Further, the
bill would require owners and operators of covered water
systems to maintain copies of planning documents, provide
access for audits and inspections, and provide employees with
training annually.
Depending on future regulations governing performance
standards, chemical thresholds, the number of covered water
systems designated as high risk, and the implementation
schedule for vulnerability assessments and site security plans,
the costs to covered water systems could be significant. Those
costs could result from new procedural requirements or, in some
cases, capital improvements. At the same time, many water
systems may already have security systems and procedures in
place that would meet the new requirements. Because of
uncertainty about the scope and implementation timeline of the
bill's requirements, CBO has no basis for determining annual
costs of the mandates on publicly owned systems. However,
because the number of privately owned systems that would be
affected is small, CBO estimates that the cost of the mandates
to private-sector entities would fall below the annual
threshold established in UMRA.
Mandates that apply to public entities only
H.R. 3258 would preempt state and local laws that provide
public access to information and require covered water systems
to submit security plans. The bill also would preempt any state
or local regulation that would conflict with the security
activities authorized by the bill. Further, the bill would
require state, local, and tribal authorities, such as law
enforcement officials, to share information. CBO estimates that
the costs of those mandates would be small.
Other impacts
H.R. 3258 would authorize $125 million for fiscal year 2011
for grants to covered water systems to increase security at
their facilities. The bill also would authorize such sums as
necessary for fiscal years 2012 through 2015 for such
activities.
Estimate prepared by: Federal Costs: Susanne S. Mehlman;
Impact on State, Local, and Tribal Governments: Ryan Miller;
Impact on the Private Sector: Amy Petz.
Estimate approved by: Peter H. Fontaine; Assistant Director
for Budget Analysis.
Section-by-Section Analysis of the Legislation
Section 1. Short title
This Act may be cited as the ``Drinking Water System
Security Act of 2009.''
Section 2. Intentional acts affecting the security of covered water
systems
The Drinking Water System Security Act of 2009 replaces
Section 1433 of the Safe Drinking Water Act (SDWA) as follows:
Subsection (a). Risk-based performance standards;
vulnerability assessments; site security plans;
emergency response plans
This subsection requires the Administrator of the
Environmental Protection Agency (hereafter the
``Administrator'' and ``EPA'') to issue regulations
establishing risk-based performance standards for covered
drinking water systems. The Administrator also must establish
deadlines and requirements for developing and updating
vulnerability assessments, site security plans, and emergency
response plans and providing training to employees of covered
water systems.
Covered water systems, by definition, include community
water systems serving more than 3,300 people and other public
water systems that the Administrator, in her discretion,
determines present a security risk. The Committee intends for
the Administrator to use this discretion to ensure that non-
community water systems that serve many people, such as the
water system at Walt Disney World, or systems that serve
security-sensitive areas or facilities, such as Camp David, are
sufficiently protected against intentional acts. It is not the
Committee's intent for the Administrator to use this authority
to regulate all community water systems that serve fewer than
3,300 people.
In developing and implementing the regulations under this
section, the Administrator must consult with states exercising
primary enforcement responsibility for public water systems
(hereafter ``states with primacy'') and other persons,
including the Secretary of the Department of Homeland Security
(hereafter the ``Secretary'' and ``DHS'').
The Committee expects that EPA would utilize, with
modifications as necessary to address the uniqueness of the
sector, DHS's existing risk assessment tools and performance
standards for chemical facilities. To ensure consistency of
tiering determinations across industry sectors, EPA should
apply DHS's tiering methodology, with modifications as
necessary to reflect any differences in statutory requirements.
The Administrator may designate any chemical as a
``substance of concern'' for the purposes of this section. When
the Administrator designates a substance of concern, she must
establish for each substance a threshold quantity for the
release or theft of the substance. In making this designation,
the Administrator must take into account Appendix A of the
Chemical Facility Anti-Terrorism Standards (CFATS), which lists
DHS's ``chemicals of interest.''
This subsection requires the Administrator to provide
covered water systems with baseline information about probable
threats to disrupt the safe and reliable supply of water, cause
a release of a substance of concern at the covered water
system, or steal, misuse, or misappropriate a substance of
concern.
Subsection (b). Risk-based performance standards
This subsection requires the Administrator to develop risk-
based performance standards for covered water systems to use in
developing their site security plans. The standards should be
more stringent for systems in higher-risk tiers. In developing
these standards, the Administrator must take into account the
risk-based performance standards in the CFATS program.
Subsection (c). Vulnerability assessment
This subsection requires each covered water system to
assess the system's vulnerability to a range of intentional
acts, including a release of a substance of concern that causes
death or injury or other adverse effects. As part of its
vulnerability assessment, the covered water system must review
its pipes, physical barriers, water distribution facilities,
computer systems, storage of substances of concern, and other
factors. If a water system has completed a vulnerability
assessment under the Public Health Security and Bioterrorism
Preparedness and Response Act of 2002, the covered water system
may update that assessment to comply with this subsection
rather than compiling an entirely new assessment.
Subsection (d). Risk-based tiers
The Administrator must establish four risk-based tiers for
covered water systems, with tier 1 representing the highest-
risk tier.
The Administrator may require each covered water system to
submit information in order to assign (or reassign) the system
to one of the risk-based tiers. In assigning a covered water
system to a tier, the Administrator must consider the potential
consequences of an intentional act to cause a release of a
substance of concern at the covered water system, to introduce
a contaminant into or otherwise disrupt the drinking water
supply, and to steal, misuse, or misappropriate substances of
concern.
This subsection requires the Administrator to provide to
each covered water system her reasons for assigning the system
to a particular tier and advise the system whether it is
required to assess the potential for implementing methods to
reduce the consequences of a chemical release from an
intentional act under subsection (g).
Subsection (e). Development and implementation of site
security plans
This subsection allows each covered water system to select
layered security measures that address the security risks
identified in the vulnerability assessment and meet the
applicable risk-based performance standards.
Subsection (f). Role of employees
In the site security plan and emergency response plan, each
covered water system must describe the roles and
responsibilities of system employees (including contractor
employees) in deterring or responding to an intentional act at
that system.
This subsection requires each covered water system to
provide at least eight hours of security-related training each
year to employees with roles and responsibilities in deterring
or responding to an intentional act.
This subsection also requires each covered water system to
include employees and appropriate employee representatives when
developing, revising, or updating the vulnerability assessment,
site security plan, and emergency response plan.
Subsection (g). Methods to reduce the consequences of a
chemical release from an intentional act
The term ``methods to reduce the consequences of a chemical
release from an intentional act'' means a measure at a covered
water system that reduces or eliminates the potential
consequences of a release of a substance of concern due to an
intentional act. Such measures include using alternate
substances, formulations, or processes to reduce the amount of
a substance of concern on-site; modifying pressures,
temperatures, or concentrations of a substance of concern; and
improving inventory control or chemical use efficiency to
reduce on-site handling of a substance of concern. The
Committee does not intend the term ``method to reduce the
consequences of a chemical release from an intentional act'' to
include the mitigation, control, containment, or recovery of a
substance of concern in the event of an intentional act.
This subsection requires any covered water system that uses
or stores a substance of concern in excess of the release
threshold to complete an assessment of whether it can implement
``methods to reduce'' and include this assessment as part of
its site security plan. The covered water system must provide
this assessment to EPA and the state with primacy, if any, for
that system. In preparing the assessment, the system must
describe the methods it considered; the degree to which each
method, if implemented, could reduce the consequences of an
intentional act; whether each method, if implemented, could
affect the quality of drinking water, human health or the
environment; whether each method, if implemented, is feasible
(not including the cost considerations typically used to
determine ``feasibility'' as defined in SDWA); the costs (and
avoided costs) associated with implementing each method; and,
based on these factors, whether the system plans to implement
any such methods. A covered water system that does not use or
store a release threshold quantity of a substance of concern
does not have to complete an assessment.
The Committee intends for the Administrator to require each
covered water system to conduct a cost analysis associated with
each method considered, including an assessment of the
operational costs and savings, if applicable. The Administrator
or covered water system may want to consider any relevant
costs, such as capital costs, cost savings due to physical
security or other processes (i.e. mitigation technologies) that
would no longer be needed, any reduction in terrorism-related
insurance costs, and other avoided costs (i.e. a reduction in
costs due to regulatory compliance measures, inspections,
materials, permits or fees, other operating costs, contingency
planning and response, or personnel protective gear that are no
longer needed).
EPA must provide guidance, computer software and other
tools to covered water systems assigned to tiers 3 and 4 in
order to streamline the assessment process for these systems.
If the Administrator finds that the covered water system
did not submit a complete or thorough assessment, the
Administrator must inform the system and state with primacy for
that system and require the system to submit a revised
assessment. If the covered water system fails to complete such
assessment in accordance with the deadline set by the
Administrator, the Administrator may take appropriate
enforcement action.
With respect to a covered water system that has a release
threshold quantity of a substance of concern and is assigned to
one of the two highest risk-based tiers, the state with primacy
for this covered water system must determine, based on an
evaluation of the system's assessment, whether to require such
system to implement the methods to reduce and report this
determination to the Administrator. For covered water systems
in states without primacy, the Administrator must make this
determination. A covered water system that does not use or
store a release threshold quantity of a substance of concern
and is not in one of the two highest risk-based tiers will not
be subject to any requirement to implement the methods to
reduce.
Before requiring a covered water system in one of the
highest two risk-based tiers to implement methods to reduce,
the state with primacy (or the Administrator for covered water
systems in states without primacy) must examine whether
implementing these methods would significantly reduce the
consequences of a release of a substance of concern; would not
increase the interim storage of a substance of concern by the
covered water system; would not put the water system out of
compliance with SDWA and state or local drinking water
standards; and is feasible for the water system.
The Committee intends that the state with primacy (or the
Administrator for covered water systems in states without
primacy) should make each determination under this subsection
on a system-by-system basis and should not seek to impose
wholesale, sector-wide process or chemical changes.
The state with primacy or the Administrator (for non-
primacy states) must provide a covered water system with an
opportunity for appeal if the covered water system disagrees
with a determination that it must implement methods to reduce
the consequences of an intentional act.
The Committee does not intend to give the Administrator the
authority to overrule the determination of a state with primacy
under this subsection. This subsection outlines the parameters
of the Administrator's authority with regard to methods to
reduce the consequences of an intentional act. If a state with
primacy fails to determine whether to require a covered high-
risk water system to implement one or more methods to reduce
within a timeline set by the Administrator, the Administrator
can step in and make the determination. If the Administrator
finds that a state with primacy has not enforced the state's
own determination that a covered high-risk water system
implement one or more methods to reduce, the Administrator can
step in and enforce the determination. The Administrator may
consider the failure of a state to make or enforce a
determination when examining whether a state should retain
primary enforcement responsibility under SDWA.
This section also gives the Administrator authority to
provide or recommend tools, methodologies and software created
by the water sector and others. The Administrator may create
such tools, methodologies or computer software, if the
Administrator believes that such tools, methodologies or
computer software could assist such covered water systems in
complying with the requirements of this section, and the
Administrator may also recommend such tools, methodologies or
computer software that have been developed by other entities if
the Administrator believes that such tools, methodologies or
computer software could assist such covered water systems in
complying with the requirements of this section.
Subsection (h). Review by administrator
This subsection requires the covered water system to submit
its vulnerability assessment and site security plan to the
Administrator for review. The Administrator must review each
vulnerability assessment and site security plan and, in
consultation with the states with primacy, as appropriate,
determine whether each vulnerability assessment complies with
the regulations and whether each site security plan addresses
the system's vulnerabilities and meets the risk-based
performance standards. The Administrator also must require each
system to correct significant deficiencies, if any, in its
vulnerability assessment or site security plan.
This subsection also states that a covered water system
does not have to provide state and local governments with
copies of its vulnerability assessment and site security plan
just by virtue of a state or local law requiring that a system
turn over to the state or local government all documents that
it provides to EPA.
Subsection (i). Emergency response plan
This subsection requires each covered water system to
prepare or revise an emergency response plan and certify
completion to the Administrator. This plan must include plans
and procedures for responding to an intentional act at the
covered water system and mitigating the impact of intentional
acts on public health and safety. The covered water system must
provide appropriate information to local first responders and
law enforcement officials to ensure an effective response in
the event of an emergency.
If a water system completed an emergency response plan
under the Public Health Security and Bioterrorism Preparedness
and Response Act of 2002, the covered water system may update
that plan to comply with this subsection rather than compiling
an entirely new plan.
Subsection (j). Maintenance of records
This subsection requires each covered water system to
maintain an updated copy of its vulnerability assessment, site
security plan, and emergency response plan.
Subsection (k). Audit; inspection
This subsection requires the Administrator, or a duly
designated representative of the Administrator, to audit and
inspect covered water systems to determine compliance with this
section of the Act. The Administrator or the Administrator's
duly designated representative must have access to the system
operators, employees and employee representatives during the
audit or inspection.
During inspections, the Administrator or the duly-
designated representative must offer non-supervisory employees
the opportunity to share, confidentially, information about the
covered water system's compliance or non-compliance. An
employee representative, if any, also must have the opportunity
to accompany the Administrator or the Administrator's duly-
designated representative during inspections if the owner or
operator is accompanying the Administrator or the duly-
designated representative. If the covered water system does not
have an employee representative, a non-supervisory employee
also must have the opportunity to accompany the Administrator
or the Administrator's duly-designated representative during
inspections if a representative from the covered water system
is accompanying the Administrator or the Administrator's duly-
designated representative. The Committee believes that the
Administrator or the Administrator's duly-designated
representative should be free to conduct parts of the
inspections unaccompanied, if desired.
Subsection (l). Protection of information
``Protected information'' includes vulnerability
assessments and site security plans and portions of other
security-related documents, records, orders, notices, and
letters that would be detrimental to the security of one or
more covered water systems if disclosed and are developed for
the purposes of this section. Protected information does not
include information that is required to be made publicly
available under any other law; information that a covered water
system has lawfully disclosed elsewhere; and other information
that, if disclosed, would not be detrimental to the security of
one or more covered water systems.
This subsection exempts protected information from
disclosure under the Freedom of Information Act and state,
local and tribal information disclosure laws. The Committee
intends for the exemption under state, local and tribal
information disclosure laws to be equivalent to the exemption
from the federal Freedom of Information Act, despite
differences in drafting.
This subsection also requires the Administrator to
promulgate by regulation standards for sharing protected
information with and between state and local governments, first
responders, employees, employee representatives, and others
with security responsibilities at the covered water system.
These standards also must include procedures for sharing with
employees and their representatives, if any, those portions of
a covered water system's vulnerability assessment and site
security plan that relate to the roles and responsibilities of
those employees. The Committee intends for this to include the
assessment conducted under subsection (g).
Protected information cannot be shared except in accordance
with these standards. Any person who purposefully publishes,
divulges, discloses, or makes known protected information in
any manner or to any extent not authorized by these standards
can face criminal penalties and, in the case of federal
employees, may face loss of employment.
In judicial or administrative proceedings, protected
information will be treated similarly to Sensitive Security
Information to protect it from public disclosure.
Nothing in this section relieves a covered water system
from complying with other laws, including laws requiring
disclosure of information to federal, state, or local
governments or other persons, except as stated in subsection
(h). Nothing in this section may prevent a federal, state, or
local government from protecting and disclosing information
that it obtains from a covered water system as authorized by
another law.
Nothing in this section authorizes the withholding of
information from Congress. The Committee intends for EPA to
provide members of Congress with protected information, upon
request.
The Committee observes that on May 27, 2009, the President
issued the Memorandum for the Heads of Executive Departments
and Agencies on Classified Information and Controlled
Unclassified Information (CUI), which creates an interagency
task force on CUI. This task force is in the process of
developing a framework for the sharing of CUI, taking into
consideration the value of standardizing the procedures for
designating, marking, and handling all sensitive but
unclassified information; a presumption in favor of openness;
and the need to prevent the public disclosure of information
where disclosure would compromise privacy, security or other
legitimate interests. The Committee does not intend for this
section to obstruct the President's efforts to develop a CUI
information sharing environment or to preclude the President
from incorporating EPA's information protection regime into
this CUI framework at a future date.
Subsection (m). Relation to chemical security requirements
Public water systems are exempt from regulation under the
Department of Homeland Security Chemical Facility Anti-
Terrorism Standards (CFATS).
Subsection (n). Preemption
States and political subdivisions thereof can enact
security standards for drinking water systems that are more
stringent than provided in this section.
Subsection (o). Violations
For a covered water system that violates any requirement of
this section, the Administrator can issue an order assessing an
administrative penalty or commence a civil action in district
court. Civil penalties cannot exceed $25,000 per day. With
regard to ``methods to reduce,'' EPA's enforcement authority is
limited to the terms detailed in subsection (g).
Subsection (p). Report to congress
The Administrator must produce a report to Congress no
later than 3 years after the effective date of the regulations
promulgated under this section and every 3 years thereafter.
The report will be publicly available.
Subsection (q). Grant programs
This subsection requires the Administrator to award grants
to, or enter into cooperative agreements with, states to assist
these states in implementing this section; to award grants to,
or enter into cooperative agreements with, non-profit
organizations to provide research, training, and technical
assistance to covered water systems; and to award grants to, or
enter into cooperative agreements with, covered water systems
to assist these systems in preparing and implementing
assessments and plans and implementing methods to reduce the
consequences of an intentional act. This subsection also
requires the Administrator to establish a grants program to
award grants for the training of employees and first
responders.
The Administrator, when awarding grants or entering into
cooperative agreements to assist systems in assessing and
implementing methods to reduce the consequences of an
intentional act, must give priority to covered water systems
that pose the greatest security risk. The Administrator, when
awarding grants or entering into cooperative agreements to
assist systems in preparing and updating vulnerability
assessments, site security plans and emergency response plans,
must give priority to covered water systems that have the
greatest need.
Subsection (r). Authorization of appropriations
This subsection authorizes $315 million for FY2011,
including $30 million for administrative costs incurred by the
Administrator or states and $125 million for implementation of
methods to reduce. This subsection authorizes such sums as may
be necessary for FY2012 through FY2015.
Funding for security enhancements shall not be used for
expenditures for personnel costs, or monitoring, operation, or
maintenance of facilities, equipment, or systems.
Section (b). Regulations; transition
This section requires the Administrator to promulgate
regulations within 2 years after the enactment of this bill.
The bill also ensures that the current section 1433 of SDWA and
its accompanying regulations apply until the effective date of
the new regulations. Nothing in this section affects the
authority of the Administrator to initiate or complete
enforcement action for violations of the current section 1433
of SDWA occurring before such effective date.
Changes in Existing Law Made by the Bill, as Reported
In compliance with clause 3(e) of rule XIII of the Rules of
the House of Representatives, changes in existing law made by
the bill, as reported, are shown as follows (existing law
proposed to be omitted is enclosed in black brackets, new
matter is printed in italic, existing law in which no change is
proposed is shown in roman):
SAFE DRINKING WATER ACT
TITLE XIV--SAFETY OF PUBLIC WATER SYSTEMS
SHORT TITLE
Sec. 1400. This title may be cited as the ``Safe Drinking
Water Act''.
* * * * * * *
Part D--Emergency Powers
* * * * * * *
[SEC. 1433. TERRORIST AND OTHER INTENTIONAL ACTS.
[(a) Vulnerability Assessments.--(1) Each community water
system serving a population of greater than 3,300 persons shall
conduct an assessment of the vulnerability of its system to a
terrorist attack or other intentional acts intended to
substantially disrupt the ability of the system to provide a
safe and reliable supply of drinking water. The vulnerability
assessment shall include, but not be limited to, a review of
pipes and constructed conveyances, physical barriers, water
collection, pretreatment, treatment, storage and distribution
facilities, electronic, computer or other automated systems
which are utilized by the public water system, the use,
storage, or handling of various chemicals, and the operation
and maintenance of such system. The Administrator, not later
than August 1, 2002, after consultation with appropriate
departments and agencies of the Federal Government and with
State and local governments, shall provide baseline information
to community water systems required to conduct vulnerability
assessments regarding which kinds of terrorist attacks or other
intentional acts are the probable threats to--
[(A) substantially disrupt the ability of the system
to provide a safe and reliable supply of drinking
water; or
[(B) otherwise present significant public health
concerns.
[(2) Each community water system referred to in paragraph (1)
shall certify to the Administrator that the system has
conducted an assessment complying with paragraph (1) and shall
submit to the Administrator a written copy of the assessment.
Such certification and submission shall be made prior to:
[(A) March 31, 2003, in the case of systems serving a
population of 100,000 or more.
[(B) December 31, 2003, in the case of systems
serving a population of 50,000 or more but less than
100,000.
[(C) June 30, 2004, in the case of systems serving a
population greater than 3,300 but less than 50,000.
[(3) Except for information contained in a certification
under this subsection identifying the system submitting the
certification and the date of the certification, all
information provided to the Administrator under this subsection
and all information derived therefrom shall be exempt from
disclosure under section 552 of title 5 of the United States
Code.
[(4) No community water system shall be required under State
or local law to provide an assessment described in this section
to any State, regional, or local governmental entity solely by
reason of the requirement set forth in paragraph (2) that the
system submit such assessment to the Administrator.
[(5) Not later than November 30, 2002, the Administrator, in
consultation with appropriate Federal law enforcement and
intelligence officials, shall develop such protocols as may be
necessary to protect the copies of the assessments required to
be submitted under this subsection (and the information
contained therein) from unauthorized disclosure. Such protocols
shall ensure that--
[(A) each copy of such assessment, and all
information contained in or derived from the
assessment, is kept in a secure location;
[(B) only individuals designated by the Administrator
may have access to the copies of the assessments; and
[(C) no copy of an assessment, or part of an
assessment, or information contained in or derived from
an assessment shall be available to anyone other than
an individual designated by the Administrator.
At the earliest possible time prior to November 30, 2002, the
Administrator shall complete the development of such protocols
for the purpose of having them in place prior to receiving any
vulnerability assessments from community water systems under
this subsection.
[(6)(A) Except as provided in subparagraph (B), any
individual referred to in paragraph (5)(B) who acquires the
assessment submitted under paragraph (2), or any reproduction
of such assessment, or any information derived from such
assessment, and who knowingly or recklessly reveals such
assessment, reproduction, or information other than--
[(i) to an individual designated by the Administrator
under paragraph (5),
[(ii) for purposes of section 1445 or for actions
under section 1431, or
[(iii) for use in any administrative or judicial
proceeding to impose a penalty for failure to comply
with this section,
shall upon conviction be imprisoned for not more than one year
or fined in accordance with the provisions of chapter 227 of
title 18, United States Code, applicable to class A
misdemeanors, or both, and shall be removed from Federal office
or employment.
[(B) Notwithstanding subparagraph (A), an individual referred
to in paragraph (5)(B) who is an officer or employee of the
United States may discuss the contents of a vulnerability
assessment submitted under this section with a State or local
official.
[(7) Nothing in this section authorizes any person to
withhold any information from Congress or from any committee or
subcommittee of Congress.
[(b) Emergency Response Plan.--Each community water system
serving a population greater than 3,300 shall prepare or
revise, where necessary, an emergency response plan that
incorporates the results of vulnerability assessments that have
been completed. Each such community water system shall certify
to the Administrator, as soon as reasonably possible after the
enactment of this section, but not later than 6 months after
the completion of the vulnerability assessment under subsection
(a), that the system has completed such plan. The emergency
response plan shall include, but not be limited to, plans,
procedures, and identification of equipment that can be
implemented or utilized in the event of a terrorist or other
intentional attack on the public water system. The emergency
response plan shall also include actions, procedures, and
identification of equipment which can obviate or significantly
lessen the impact of terrorist attacks or other intentional
actions on the public health and the safety and supply of
drinking water provided to communities and individuals.
Community water systems shall, to the extent possible,
coordinate with existing Local Emergency Planning Committees
established under the Emergency Planning and Community Right-
to-Know Act (42 U.S.C. 11001 et seq.) when preparing or
revising an emergency response plan under this subsection.
[(c) Record Maintenance.--Each community water system shall
maintain a copy of the emergency response plan completed
pursuant to subsection (b) for 5 years after such plan has been
certified to the Administrator under this section.
[(d) Guidance to Small Public Water Systems.--The
Administrator shall provide guidance to community water systems
serving a population of less than 3,300 persons on how to
conduct vulnerability assessments, prepare emergency response
plans, and address threats from terrorist attacks or other
intentional actions designed to disrupt the provision of safe
drinking water or significantly affect the public health or
significantly affect the safety or supply of drinking water
provided to communities and individuals.
[(e) Funding.--(1) There are authorized to be appropriated to
carry out this section not more than $160,000,000 for the
fiscal year 2002 and such sums as may be necessary for the
fiscal years 2003 through 2005.
[(2) The Administrator, in coordination with State and local
governments, may use funds made available under paragraph (1)
to provide financial assistance to community water systems for
purposes of compliance with the requirements of subsections (a)
and (b) and to community water systems for expenses and
contracts designed to address basic security enhancements of
critical importance and significant threats to public health
and the supply of drinking water as determined by a
vulnerability assessment conducted under subsection (a). Such
basic security enhancements may include, but shall not be
limited to the following:
[(A) the purchase and installation of equipment for
detection of intruders;
[(B) the purchase and installation of fencing,
gating, lighting, or security cameras;
[(C) the tamper-proofing of manhole covers, fire
hydrants, and valve boxes;
[(D) the rekeying of doors and locks;
[(E) improvements to electronic, computer, or other
automated systems and remote security systems;
[(F) participation in training programs, and the
purchase of training manuals and guidance materials,
relating to security against terrorist attacks;
[(G) improvements in the use, storage, or handling of
various chemicals; and
[(H) security screening of employees or contractor
support services.
Funding under this subsection for basic security enhancements
shall not include expenditures for personnel costs, or
monitoring, operation, or maintenance of facilities, equipment,
or systems.
[(3) The Administrator may use not more than $5,000,000 from
the funds made available under paragraph (1) to make grants to
community water systems to assist in responding to and
alleviating any vulnerability to a terrorist attack or other
intentional acts intended to substantially disrupt the ability
of the system to provide a safe and reliable supply of drinking
water (including sources of water for such systems) which the
Administrator determines to present an immediate and urgent
security need.
[(4) The Administrator may use not more than $5,000,000 from
the funds made available under paragraph (1) to make grants to
community water systems serving a population of less than 3,300
persons for activities and projects undertaken in accordance
with the guidance provided to such systems under subsection
(d).]
SEC. 1433. INTENTIONAL ACTS.
(a) Risk-Based Performance Standards; Vulnerability
Assessments; Site Security Plans; Emergency Response Plans.--
(1) In general.--The Administrator shall issue
regulations--
(A) establishing risk-based performance
standards for the security of covered water
systems; and
(B) establishing requirements and deadlines
for each covered water system--
(i) to conduct a vulnerability
assessment or, if the system already
has a vulnerability assessment, to
revise the assessment to be in
accordance with this section;
(ii) to update the vulnerability
assessment not less than every 5 years
and promptly after any change at the
system that could cause the
reassignment of the system to a
different risk-based tier under
subsection (d);
(iii) to develop, implement, and, as
appropriate, revise a site security
plan not less than every 5 years and
promptly after a revision to the
vulnerability assessment;
(iv) to develop an emergency response
plan (or, if the system has already
developed an emergency response plan,
to revise the plan to be in accordance
with this section) and revise the plan
not less than every 5 years thereafter;
and
(v) to provide annual training to
employees and contractor employees of
covered water systems on implementing
site security plans and emergency
response plans.
(2) Covered water systems.--For purposes of this
section, the term ``covered water system'' means a
public water system that--
(A) is a community water system serving a
population greater than 3,300; or
(B) in the discretion of the Administrator,
presents a security risk making regulation
under this section appropriate.
(3) Consultation with state authorities.--In
developing and carrying out the regulations under
paragraph (1), the Administrator shall consult with
States exercising primary enforcement responsibility
for public water systems.
(4) Consultation with other persons.--In developing
and carrying out the regulations under paragraph (1),
the Administrator shall consult with the Secretary of
Homeland Security, and, as appropriate, other persons
regarding--
(A) provision of threat-related and other
baseline information to covered water systems;
(B) designation of substances of concern;
(C) development of risk-based performance
standards;
(D) establishment of risk-based tiers and
process for the assignment of covered water
systems to risk-based tiers;
(E) process for the development and
evaluation of vulnerability assessments, site
security plans, and emergency response plans;
(F) treatment of protected information;
(G) security at co-managed drinking water and
wastewater facilities; and
(H) such other matters as the Administrator
determines necessary.
(5) Substances of concern.--For purposes of this
section, the Administrator, in consultation with the
Secretary of Homeland Security--
(A) may designate any chemical substance as a
substance of concern;
(B) at the time any substance is designated
pursuant to subparagraph (A), shall establish
by rule a threshold quantity for the release or
theft of the substance, taking into account the
toxicity, reactivity, volatility,
dispersability, combustibility, and
flammability of the substance and the amount of
the substance that, as a result of a release,
is known to cause or may be reasonably
anticipated to cause death, injury, or serious
adverse effects to human health or the
environment; and
(C) in making such a designation, shall take
into account appendix A to part 27 of title 6,
Code of Federal Regulations (or any successor
regulations).
(6) Baseline information.--The Administrator, after
consultation with appropriate departments and agencies
of the Federal Government and with State, local, and
tribal governments, shall, for purposes of facilitating
compliance with the requirements of this section,
promptly after the effective date of the regulations
under subsection (a)(1) and as appropriate thereafter,
provide baseline information to covered water systems
regarding which kinds of intentional acts are the
probable threats to--
(A) substantially disrupt the ability of the
system to provide a safe and reliable supply of
drinking water;
(B) cause the release of a substance of
concern at the covered water system; or
(C) cause the theft, misuse, or
misappropriation of a substance of concern.
(b) Risk-Based Performance Standards.--The regulations under
subsection (a)(1) shall set forth risk-based performance
standards for site security plans required by this section. The
standards shall be separate and, as appropriate, increasingly
stringent based on the level of risk associated with the
covered water system's risk-based tier assignment under
subsection (d). In developing such standards, the Administrator
shall take into account section 27.230 of title 6, Code of
Federal Regulations (or any successor regulations).
(c) Vulnerability Assessment.--The regulations under
subsection (a)(1) shall require each covered water system to
assess the system's vulnerability to a range of intentional
acts, including an intentional act that results in a release of
a substance of concern that is known to cause or may be
reasonably anticipated to cause death, injury, or serious
adverse effects to human health or the environment. At a
minimum, the vulnerability assessment shall include a review
of--
(1) pipes and constructed conveyances;
(2) physical barriers;
(3) water collection, pretreatment, treatment,
storage, and distribution facilities, including fire
hydrants;
(4) electronic, computer, and other automated systems
that are used by the covered water system;
(5) the use, storage, or handling of various
chemicals, including substances of concern;
(6) the operation and maintenance of the covered
water system; and
(7) the covered water system's resiliency and ability
to ensure continuity of operations in the event of a
disruption caused by an intentional act.
(d) Risk-Based Tiers.--The regulations under subsection
(a)(1) shall provide for 4 risk-based tiers applicable to
covered water systems, with tier one representing the highest
degree of security risk.
(1) Assignment of risk-based tiers.--
(A) Submission of information.--The
Administrator may require a covered water
system to submit information in order to
determine the appropriate risk-based tier for
the covered water system.
(B) Factors to consider.--The Administrator
shall assign (and reassign when appropriate)
each covered water system to one of the risk-
based tiers established pursuant to this
subsection. In assigning a covered water system
to a risk-based tier, the Administrator shall
consider the potential consequences (such as
death, injury, or serious adverse effects to
human health, the environment, critical
infrastructure, national security, and the
national economy) from--
(i) an intentional act to cause a
release, including a worst-case
release, of a substance of concern at
the covered water system;
(ii) an intentional act to introduce
a contaminant into the drinking water
supply or disrupt the safe and reliable
supply of drinking water; and
(iii) an intentional act to steal,
misappropriate, or misuse substances of
concern.
(2) Explanation for risk-based tier assignment.--The
Administrator shall provide each covered water system
assigned to a risk-based tier with the reasons for the
tier assignment and whether such system is required to
submit an assessment under subsection (g)(2).
(e) Development and Implementation of Site Security Plans.--
The regulations under subsection (a)(1) shall permit each
covered water system, in developing and implementing its site
security plan required by this section, to select layered
security and preparedness measures that, in combination,
appropriately--
(1) address the security risks identified in its
vulnerability assessment; and
(2) comply with the applicable risk-based performance
standards required under this section.
(f) Role of Employees.--
(1) Description of role.--Site security plans and
emergency response plans required under this section
shall describe the appropriate roles or
responsibilities that employees and contractor
employees are expected to perform to deter or respond
to the intentional acts described in subsection
(d)(1)(B).
(2) Training for employees.--Each covered water
system shall annually provide employees and contractor
employees with roles or responsibilities described in
paragraph (1) with a minimum of 8 hours of training on
carrying out those roles or responsibilities.
(3) Employee participation.--In developing, revising,
or updating a vulnerability assessment, site security
plan, and emergency response plan required under this
section, a covered water system shall include--
(A) at least one supervisory and at least one
non-supervisory employee of the covered water
system; and
(B) at least one representative of each
certified or recognized bargaining agent
representing facility employees or contractor
employees with roles or responsibilities
described in paragraph (1), if any, in a
collective bargaining relationship with the
private or public owner or operator of the
system or with a contractor to that system.
(g) Methods To Reduce the Consequences of a Chemical Release
From an Intentional Act.--
(1) Definition.--In this section, the term ``method
to reduce the consequences of a chemical release from
an intentional act'' means a measure at a covered water
system that reduces or eliminates the potential
consequences of a release of a substance of concern
from an intentional act such as--
(A) the elimination or reduction in the
amount of a substance of concern possessed or
planned to be possessed by a covered water
system through the use of alternate substances,
formulations, or processes;
(B) the modification of pressures,
temperatures, or concentrations of a substance
of concern; and
(C) the reduction or elimination of onsite
handling of a substance of concern through
improvement of inventory control or chemical
use efficiency.
(2) Assessment.--For each covered water system that
possesses or plans to possess a substance of concern in
excess of the release threshold quantity set by the
Administrator under subsection (a)(5), the regulations
under subsection (a)(1) shall require the covered water
system to include in its site security plan an
assessment of methods to reduce the consequences of a
chemical release from an intentional act at the covered
water system. The covered water system shall provide
such assessment to the Administrator and the State
exercising primary enforcement responsibility for the
covered water system, if any. The regulations under
subsection (a)(1) shall require the system, in
preparing the assessment, to consider factors
appropriate to the system's security, public health, or
environmental mission, and include--
(A) a description of the methods to reduce
the consequences of a chemical release from an
intentional act;
(B) how each described method to reduce the
consequences of a chemical release from an
intentional act could, if applied, reduce the
potential extent of death, injury, or serious
adverse effects to human health resulting from
a chemical release;
(C) how each described method to reduce the
consequences of a chemical release from an
intentional act could, if applied, affect the
presence of contaminants in treated water,
human health, or the environment;
(D) whether each described method to reduce
the consequences of a chemical release from an
intentional act at the covered water system is
feasible, as defined in section 1412(b)(4)(D),
but not including cost calculations under
subparagraph (E);
(E) the costs (including capital and
operational costs) and avoided costs (including
savings and liabilities) associated with
applying each described method to reduce the
consequences of a chemical release from an
intentional act at the covered water system;
(F) any other relevant information that the
covered water system relied on in conducting
the assessment; and
(G) a statement of whether the covered water
system has implemented or plans to implement
one or more methods to reduce the consequences
of a chemical release from an intentional act,
a description of any such methods, and, in the
case of a covered water system described in
paragraph (3)(A), an explanation of the reasons
for any decision not to implement any such
methods.
(3) Required methods.--
(A) Application.--This paragraph applies to a
covered water system--
(i) that is assigned to one of the
two highest risk-based tiers under
subsection (d); and
(ii) that possesses or plans to
possess a substance of concern in
excess of the release threshold
quantity set by the Administrator under
subsection (a)(5).
(B) Highest-risk systems.--If, on the basis
of its assessment under paragraph (2), a
covered water system described in subparagraph
(A) decides not to implement methods to reduce
the consequences of a chemical release from an
intentional act, the State exercising primary
enforcement responsibility for the covered
water system, if the system is located in such
a State, or the Administrator, if the covered
water system is not located in such a State,
shall, in accordance with a timeline set by the
Administrator--
(i) determine whether to require the
covered water system to implement the
methods; and
(ii) for States exercising primary
enforcement responsibility, report such
determination to the Administrator.
(C) State or administrator's
considerations.--Before requiring, pursuant to
subparagraph (B), the implementation of a
method to reduce the consequences of a chemical
release from an intentional act, the State
exercising primary enforcement responsibility
for the covered water system, if the system is
located in such a State, or the Administrator,
if the covered water system is not located in
such a State, shall consider factors
appropriate to the security, public health, and
environmental missions of covered water
systems, including an examination of whether
the method--
(i) would significantly reduce the
risk of death, injury, or serious
adverse effects to human health
resulting directly from a chemical
release from an intentional act at the
covered water system;
(ii) would not increase the interim
storage of a substance of concern by
the covered water system;
(iii) would not render the covered
water system unable to comply with
other requirements of this Act or
drinking water standards established by
the State or political subdivision in
which the system is located; and
(iv) is feasible, as defined in
section 1412(b)(4)(D), to be
incorporated into the operation of the
covered water system.
(D) Appeal.--Before requiring, pursuant to
subparagraph (B), the implementation of a
method to reduce the consequences of a chemical
release from an intentional act, the State
exercising primary enforcement responsibility
for the covered water system, if the system is
located in such a State, or the Administrator,
if the covered water system is not located in
such a State, shall provide such covered water
system an opportunity to appeal the
determination to require such implementation
made pursuant to subparagraph (B) by such State
or the Administrator.
(4) Incomplete or late assessments.--
(A) Incomplete assessments.--If the
Administrator finds that the covered water
system, in conducting its assessment under
paragraph (2), did not meet the requirements of
paragraph (2) and the applicable regulations,
the Administrator shall, after notifying the
covered water system and the State exercising
primary enforcement responsibility for that
system, if any, require the covered water
system to submit a revised assessment not later
than 60 days after the Administrator notifies
such system. The Administrator may require such
additional revisions as are necessary to ensure
that the system meets the requirements of
paragraph (2) and the applicable regulations.
(B) Late assessments.--If the Administrator
finds that a covered water system, in
conducting its assessment pursuant to paragraph
(2), did not complete such assessment in
accordance with the deadline set by the
Administrator, the Administrator may, after
notifying the covered water system and the
State exercising primary enforcement
responsibility for that system, if any, take
appropriate enforcement action under subsection
(o).
(C) Review.--The State exercising primary
enforcement responsibility for the covered
water system, if the system is located in such
a State, or the Administrator, if the system is
not located in such a State, shall review a
revised assessment that meets the requirements
of paragraph (2) and applicable regulations to
determine whether the covered water system will
be required to implement methods to reduce the
consequences of an intentional act pursuant to
paragraph (3).
(5) Enforcement.--
(A) Failure by state to make determination.--
Whenever the Administrator finds that a State
exercising primary enforcement responsibility
for a covered water system has failed to
determine whether to require the covered water
system to implement methods to reduce the
consequences of a chemical release from an
intentional act, as required by paragraph
(3)(B), the Administrator shall so notify the
State and covered water system. If, beyond the
thirtieth day after the Administrator's
notification under the preceding sentence, the
State has failed to make the determination
described in such sentence, the Administrator
shall so notify the State and covered water
system and shall determine whether to require
the covered water system to implement methods
to reduce the consequences of a chemical
release from an intentional act based on the
factors described in paragraph (3)(C).
(B) Failure by state to bring enforcement
action.--If the Administrator finds, with
respect to a period in which a State has
primary enforcement responsibility for a
covered water system, that the system has
failed to implement methods to reduce the
consequences of a chemical release from an
intentional act (as required by the State or
the Administrator under paragraph (3)(B) or the
Administrator under subparagraph (A)), the
Administrator shall so notify the State and the
covered water system. If, beyond the thirtieth
day after the Administrator's notification
under the preceding sentence, the State has not
commenced appropriate enforcement action, the
Administrator shall so notify the State and may
commence an enforcement action against the
system, including by seeking or imposing civil
penalties under subsection (o), to require
implementation of such methods.
(C) Consideration of continued primary
enforcement responsibility.--For a State with
primary enforcement responsibility for a
covered water system, the Administrator may
consider the failure of such State to make a
determination as described under subparagraph
(A) or to bring enforcement action as described
under subparagraph (B) when determining whether
a State may retain primary enforcement
responsibility under this Act.
(6) Guidance for covered water systems assigned to
tier 3 and tier 4.--For covered water systems required
to conduct an assessment under paragraph (2) and
assigned by the Administrator to tier 3 or tier 4 under
subsection (d), the Administrator shall issue guidance
and, as appropriate, provide or recommend tools,
methodologies, or computer software, to assist such
covered water systems in complying with the
requirements of this section.
(h) Review by Administrator.--
(1) In general.--The regulations under subsection
(a)(1) shall require each covered water system to
submit its vulnerability assessment and site security
plan to the Administrator for review according to
deadlines set by the Administrator. The Administrator
shall review each vulnerability assessment and site
security plan submitted under this section and--
(A) if the assessment or plan has any
significant deficiency described in paragraph
(2), require the covered water system to
correct the deficiency; or
(B) approve such assessment or plan.
(2) Significant deficiencies.--A vulnerability
assessment or site security plan of a covered water
system has a significant deficiency under this
subsection if the Administrator, in consultation, as
appropriate, with the State exercising primary
enforcement responsibility for such system, if any,
determines that--
(A) such assessment does not comply with the
regulations established under section (a)(1);
or
(B) such plan--
(i) fails to address vulnerabilities
identified in a vulnerability
assessment; or
(ii) fails to meet applicable risk-
based performance standards.
(3) State, regional, or local governmental
entities.--No covered water system shall be required
under State, local, or tribal law to provide a
vulnerability assessment or site security plan
described in this section to any State, regional,
local, or tribal governmental entity solely by reason
of the requirement set forth in paragraph (1) that the
system submit such an assessment and plan to the
Administrator.
(i) Emergency Response Plan.--
(1) In general.--Each covered water system shall
prepare or revise, as appropriate, an emergency
response plan that incorporates the results of the
system's most current vulnerability assessment and site
security plan.
(2) Certification.--Each covered water system shall
certify to the Administrator that the system has
completed an emergency response plan. The system shall
submit such certification to the Administrator not
later than 6 months after the system's first completion
or revision of a vulnerability assessment under this
section and shall submit an additional certification
following any update of the emergency response plan.
(3) Contents.--A covered water system's emergency
response plan shall include--
(A) plans, procedures, and identification of
equipment that can be implemented or used in
the event of an intentional act at the covered
water system; and
(B) actions, procedures, and identification
of equipment that can obviate or significantly
lessen the impact of intentional acts on public
health and the safety and supply of drinking
water provided to communities and individuals.
(4) Coordination.--As part of its emergency response
plan, each covered water system shall provide
appropriate information to any local emergency planning
committee, local law enforcement officials, and local
emergency response providers to ensure an effective,
collective response.
(j) Maintenance of Records.--Each covered water system shall
maintain an updated copy of its vulnerability assessment, site
security plan, and emergency response plan.
(k) Audit; Inspection.--
(1) In general.--Notwithstanding section 1445(b)(2),
the Administrator, or duly designated representatives
of the Administrator, shall audit and inspect covered
water systems, as necessary, for purposes of
determining compliance with this section.
(2) Access.--In conducting an audit or inspection of
a covered water system, the Administrator or duly
designated representatives of the Administrator, as
appropriate, shall have access to the owners,
operators, employees and contractor employees, and
employee representatives, if any, of such covered water
system.
(3) Confidential communication of information; aiding
inspections.--The Administrator, or a duly designated
representative of the Administrator, shall offer non-
supervisory employees of a covered water system the
opportunity confidentially to communicate information
relevant to the employer's compliance or noncompliance
with this section, including compliance or
noncompliance with any regulation or requirement
adopted by the Administrator in furtherance of the
purposes of this section. A representative of each
certified or recognized bargaining agent described in
subsection (f)(3)(B), if any, or, if none, a non-
supervisory employee, shall be given an opportunity to
accompany the Administrator, or the duly designated
representative of the Administrator, during the
physical inspection of any covered water system for the
purpose of aiding such inspection, if representatives
of the covered water system will also be accompanying
the Administrator or the duly designated representative
of the Administrator on such inspection.
(l) Protection of Information.--
(1) Prohibition of public disclosure of protected
information.--Protected information shall--
(A) be exempt from disclosure under section
552 of title 5, United States Code; and
(B) not be made available pursuant to any
State, local, or tribal law requiring
disclosure of information or records.
(2) Information sharing.--
(A) In general.--The Administrator shall
prescribe such regulations, and may issue such
orders, as necessary to prohibit the
unauthorized disclosure of protected
information, as described in paragraph (7).
(B) Sharing of protected information.--The
regulations under subparagraph (A) shall
provide standards for and facilitate the
appropriate sharing of protected information
with and between Federal, State, local, and
tribal authorities, first responders, law
enforcement officials, designated supervisory
and non-supervisory covered water system
personnel with security, operational, or
fiduciary responsibility for the system, and
designated facility employee representatives,
if any. Such standards shall include procedures
for the sharing of all portions of a covered
water system's vulnerability assessment and
site security plan relating to the roles and
responsibilities of system employees or
contractor employees under subsection (f)(1)
with a representative of each certified or
recognized bargaining agent representing such
employees, if any, or, if none, with at least
one supervisory and at least one non-
supervisory employee with roles and
responsibilities under subsection (f)(1).
(C) Penalties.--Protected information, as
described in paragraph (7), shall not be shared
except in accordance with the standards
provided by the regulations under subparagraph
(A). Any person who purposefully publishes,
divulges, discloses, or makes known protected
information in any manner or to any extent not
authorized by the standards provided by the
regulations under subparagraph (A), shall, upon
conviction, be imprisoned for not more than one
year or fined in accordance with the provisions
of chapter 227 of title 18, United States Code,
applicable to class A misdemeanors, or both,
and, in the case of Federal employees or
officeholders, shall be removed from Federal
office or employment.
(3) Treatment of information in adjudicative
proceedings.--In any judicial or administrative
proceeding, protected information, as described in
paragraph (7), shall be treated in a manner consistent
with the treatment of Sensitive Security Information
under section 525 of the Department of Homeland
Security Appropriations Act, 2007 (Public Law 109-295;
120 Stat. 1381).
(4) Other obligations unaffected.--Except as provided
in subsection (h)(3), nothing in this section amends or
affects an obligation of a covered water system--
(A) to submit or make available information
to system employees, employee organizations, or
a Federal, State, tribal, or local government
agency under any other law; or
(B) to comply with any other law.
(5) Congressional oversight.--Nothing in this section
permits or authorizes the withholding of information
from Congress or any committee or subcommittee thereof.
(6) Disclosure of independently furnished
information.--Nothing in this section amends or affects
any authority or obligation of a Federal, State, local,
or tribal agency to protect or disclose any record or
information that the Federal, State, local, or tribal
agency obtains from a covered water system or the
Administrator under any other law.
(7) Protected information.--
(A) In general.--For purposes of this
section, protected information is any of the
following:
(i) Vulnerability assessments and
site security plans under this section,
including any assessment developed
pursuant to subsection (g)(2).
(ii) Documents directly related to
the Administrator's review of
assessments and plans described in
clause (i) and, as applicable, the
State's review of an assessment
prepared under subsection (g)(2).
(iii) Documents directly related to
inspections and audits under this
section.
(iv) Orders, notices, or letters
regarding the compliance of a covered
water system with the requirements of
this section.
(v) Information required to be
provided to, or documents and records
created by, the Administrator under
subsection (d).
(vi) Documents directly related to
security drills and training exercises,
security threats and breaches of
security, and maintenance, calibration,
and testing of security equipment.
(vii) Other information, documents,
and records developed exclusively for
the purposes of this section that the
Administrator determines would be
detrimental to the security of one or
more covered water systems if
disclosed.
(B) Detriment requirement.--For purposes of
clauses (ii), (iii), (iv), (v), and (vi) of
subparagraph (A), the only portions of
documents, records, orders, notices, and
letters that shall be considered protected
information are those portions that--
(i) would be detrimental to the
security of one or more covered water
systems if disclosed; and
(ii) are developed by the
Administrator, the State, or the
covered water system for the purposes
of this section.
(C) Exclusions.--For purposes of this
section, protected information does not
include--
(i) information that is otherwise
publicly available, including
information that is required to be made
publicly available under any law;
(ii) information that a covered water
system has lawfully disclosed other
than in accordance with this section;
and
(iii) information that, if disclosed,
would not be detrimental to the
security of one or more covered water
systems, including aggregate regulatory
data that the Administrator determines
appropriate to describe system
compliance with the requirements of
this section and the Administrator's
implementation of such requirements.
(m) Relation to Chemical Facility Security Requirements.--The
following provisions (and any regulations promulgated
thereunder) shall not apply to any public water system subject
to this Act:
(1) Title XXI of the Homeland Security Act of 2002
(as proposed to be added by H.R. 2868, the Chemical
Facility Anti-Terrorism Act of 2009).
(2) Section 550 of the Department of Homeland
Security Appropriations Act, 2007 (Public Law 109-295).
(3) The Chemical Facility Anti-Terrorism Act of 2009.
(n) Preemption.--This section does not preclude or deny the
right of any State or political subdivision thereof to adopt or
enforce any regulation, requirement, or standard of performance
with respect to a covered water system that is more stringent
than a regulation, requirement, or standard of performance
under this section.
(o) Violations.--
(1) In general.--A covered water system that violates
any requirement of this section, including by not
implementing all or part of its site security plan by
such date as the Administrator requires, shall be
liable for a civil penalty of not more than $25,000 for
each day on which the violation occurs.
(2) Procedure.--When the Administrator determines
that a covered water system is subject to a civil
penalty under paragraph (1), the Administrator, after
consultation with the State, for covered water systems
located in a State exercising primary responsibility
for the covered water system, and, after considering
the severity of the violation or deficiency and the
record of the covered water system in carrying out the
requirements of this section, may--
(A) after notice and an opportunity for the
covered water system to be heard, issue an
order assessing a civil penalty under such
paragraph for any past or current violation,
requiring compliance immediately or within a
specified time period; or
(B) commence a civil action in the United
States district court in the district in which
the violation occurred for appropriate relief,
including temporary or permanent injunction.
(3) Methods to reduce the consequences of a chemical
release from an intentional act.--Except as provided in
subsections (g)(4) and (g)(5), if a covered water
system is located in a State exercising primary
enforcement responsibility for the system, the
Administrator may not issue an order or commence a
civil action under this section for any deficiency in
the content or implementation of the portion of the
system's site security plan relating to methods to
reduce the consequences of a chemical release from an
intentional act (as defined in subsection (g)(1)).
(p) Report to Congress.--
(1) Periodic report.--Not later than 3 years after
the effective date of the regulations under subsection
(a)(1), and every 3 years thereafter, the Administrator
shall transmit to the Committee on Energy and Commerce
of the House of Representatives and the Committee on
Environment and Public Works of the Senate a report on
progress in achieving compliance with this section.
Each such report shall include, at a minimum, the
following:
(A) A generalized summary of measures
implemented by covered water systems in order
to meet each risk-based performance standard
established by this section.
(B) A summary of how the covered water
systems, differentiated by risk-based tier
assignment, are complying with the requirements
of this section during the period covered by
the report and how the Administrator is
implementing and enforcing such requirements
during such period including--
(i) the number of public water
systems that provided the Administrator
with information pursuant to subsection
(d)(1);
(ii) the number of covered water
systems assigned to each risk-based
tier;
(iii) the number of vulnerability
assessments and site security plans
submitted by covered water systems;
(iv) the number of vulnerability
assessments and site security plans
approved and disapproved by the
Administrator;
(v) the number of covered water
systems without approved vulnerability
assessments or site security plans;
(vi) the number of covered water
systems that have been assigned to a
different risk-based tier due to
implementation of a method to reduce
the consequences of a chemical release
from an intentional act and a
description of the types of such
implemented methods;
(vii) the number of audits and
inspections conducted by the
Administrator or duly designated
representatives of the Administrator;
(viii) the number of orders for
compliance issued by the Administrator;
(ix) the administrative penalties
assessed by the Administrator for non-
compliance with the requirements of
this section;
(x) the civil penalties assessed by
courts for non-compliance with the
requirements of this section; and
(xi) any other regulatory data the
Administrator determines appropriate to
describe covered water system
compliance with the requirements of
this section and the Administrator's
implementation of such requirements.
(2) Public availability.--A report submitted under
this section shall be made publicly available.
(q) Grant Programs.--
(1) Implementation grants to states.--The
Administrator may award grants to, or enter into
cooperative agreements with, States, based on an
allocation formula established by the Administrator, to
assist the States in implementing this section.
(2) Research, training, and technical assistance
grants.--The Administrator may award grants to, or
enter into cooperative agreements with, non-profit
organizations to provide research, training, and
technical assistance to covered water systems to assist
them in carrying out their responsibilities under this
section.
(3) Preparation grants.--
(A) Grants.--The Administrator may award
grants to, or enter into cooperative agreements
with, covered water systems to assist such
systems in--
(i) preparing and updating
vulnerability assessments, site
security plans, and emergency response
plans;
(ii) assessing and implementing
methods to reduce the consequences of a
release of a substance of concern from
an intentional act; and
(iii) implementing any other security
reviews and enhancements necessary to
comply with this section.
(B) Priority.--
(i) Need.--The Administrator, in
awarding grants or entering into
cooperative agreements for purposes
described in subparagraph (A)(i), shall
give priority to covered water systems
that have the greatest need.
(ii) Security risk.--The
Administrator, in awarding grants or
entering into cooperative agreements
for purposes described in subparagraph
(A)(ii), shall give priority to covered
water systems that pose the greatest
security risk.
(4) Worker training grants program authority.--
(A) In general.--The Administrator shall
establish a grant program to award grants to
eligible entities to provide for training and
education of employees and contractor employees
with roles or responsibilities described in
subsection (f)(1) and first responders and
emergency response providers who would respond
to an intentional act at a covered water
system.
(B) Administration.--The Administrator shall
enter into an agreement with the National
Institute of Environmental Health Sciences to
make and administer grants under this
paragraph.
(C) Use of funds.--The recipient of a grant
under this paragraph shall use the grant to
provide for--
(i) training and education of
employees and contractor employees with
roles or responsibilities described in
subsection (f)(1), including the annual
mandatory training specified in
subsection (f)(2) or training for first
responders in protecting nearby
persons, property, or the environment
from the effects of a release of a
substance of concern at the covered
water system, with priority given to
covered water systems assigned to tier
one or tier two under subsection (d);
and
(ii) appropriate training for first
responders and emergency response
providers who would respond to an
intentional act at a covered water
system.
(D) Eligible entities.--For purposes of this
paragraph, an eligible entity is a nonprofit
organization with demonstrated experience in
implementing and operating successful worker or
first responder health and safety or security
training programs.
(r) Authorization of Appropriations.--
(1) In general.--To carry out this section, there are
authorized to be appropriated--
(A) $315,000,000 for fiscal year 2011, of
which up to--
(i) $30,000,000 may be used for
administrative costs incurred by the
Administrator or the States, as
appropriate; and
(ii) $125,000,000 may be used to
implement methods to reduce the
consequences of a chemical release from
an intentional act at covered water
systems with priority given to covered
water systems assigned to tier one or
tier two under subsection (d); and
(B) such sums as may be necessary for fiscal
years 2012 through 2015.
(2) Security enhancements.--Funding under this
subsection for basic security enhancements shall not
include expenditures for personnel costs or monitoring,
operation, or maintenance of facilities, equipment, or
systems.
* * * * * * *
DISSENTING VIEWS
We, the undersigned Members of the Committee on Energy and
Commerce oppose the passage of H.R. 3258 and submit the
following comments to express our significant concerns with
this legislation.
In early 2002, Congress enacted the Public Health Security
and Bioterrorism Preparedness and Response Act (P.L. 107-188).
Title IV of this Act amended the Safe Drinking Water Act to
require community water systems serving more than 3,300 people
to perform site vulnerability assessments and develop emergency
response plans. Under that legislation, vulnerability
assessments were required to be conducted and submitted to the
U.S. Environmental Protection Agency (EPA) by community
(drinking) water systems providing water to more than 3,300
persons; the required emergency response plans did not need to
be sent to EPA. In addition, community water facilities were
provided some federal funding to aid in assessing and
addressing of their critical vulnerabilities. Finally, this law
contains very strict information protection requirements which
include mandatory loss of employment for federal personnel
disclosing sensitive information regarding a water facility's
vulnerabilities.
Following enactment of Title IV in 2002, drinking water
systems across the country took serious steps to prepare
against chemical, biological, and radiological threats that
would be posed by a terrorist event. The result has been that
not a single terrorism event has occurred at a community
drinking water system since then.
While we think it is reasonable to have updates of the
vulnerability assessments, site security plans, and reviews of
emergency response plans, we are not reassured that EPA's
existing track record of success for this program will be
continued or enhanced under the provisions contained in H.R.
3258.
We consider protection of drinking water to be of paramount
concern. While the effects from an explosion at a facility
depend in part on the direction the wind is blowing, the
provision of drinking water in a community reflects no such
variable. Drinking water is supplied to homes and businesses
for health and sanitary purposes. For this reason, we are
concerned by efforts that move the drinking water security
program at EPA away from the construct established by Title
IV--with direct input and flexibility for local experts to
adopt feasible solutions--to one that seeks to accomplish the
goals of environmental advocacy groups under the guise of
homeland security. We are especially concerned that H.R. 3258
turns the focus of Title IV away from chemical, biological, and
radiological contaminants and only focuses on chemical ones.
In addition, we are extremely concerned about Section 2
(new Section 1433(g)) of H.R. 3258, which requires an
evaluation by drinking water facilities of Methods to Reduce
the Consequence of a Terrorist Attack. This section forces the
highest risk facilities, and others picked by the Administrator
of EPA, to justify to EPA or their State drinking water
regulator, if that State has primary enforcement of federal
drinking water requirements, why they should not be forced to
make process, input, or storage changes to their drinking water
system.
Exacerbating our concerns with these provisions are the
remarks at the full committee markup by the Energy and
Environment Subcommittee chairman, Mr. Markey, that this
subsection was not about bolstering security. Our amendment
that would require security to be a consideration when making a
local water utility change its disinfection process was
rejected by the Majority. If the Committee wanted to
investigate drinking water disinfection efforts, that should be
another debate on another day.
Moreover, at an October 1, 2009, hearing before the Energy
and Environment Subcommittee, testimony was received that
inherently safer technology (IST)--the forerunner notion
enshrined in proposed subsection 1443(g)--is hard to define and
that experts have repeatedly testified before Congress that the
government should not be in the business of mandating IST
because of ``significant technical challenges that requires
more research.'' Considering the implications of the
requirements, the enforcement authority attendant to the
requirements, the universe of unique and diversity facilities--
and their resources--and the public health and welfare issues
that would be swept into this requirement, we are very
concerned that such a mandate is contained in the bill. For
this reason, we attempted to strike proposed subsection
1433(g), but this amendment was rejected by the Majority.
Finally, as it relates to our concerns with the provisions
of proposed subsection 1433(g), no one should be under the
impression that without this bill nothing is being done at
these facilities. To the contrary, in addition to required
compliance with the EPA's Risk Management program, the U.S.
Occupational Safety and Health Administration's Process Safety
Management standard, and the Emergency Planning and Community
Right to Know Act; many facilities, without the benefit of a
federal mandate, have voluntarily reduced their risks. These
facilities did so because it made sense for many reasons, and
these facilities could do it on their own timeline, minimizing
risks to their workers, their plants, and the surrounding
community.
Further, we are keenly aware that drinking water treatment
can be complex and is closely constrained by Safe Drinking
Water Act (SDWA) regulations, production demands, and customer
affordability. Evaluating changes to water treatment must be
thoughtful and consider the effects those changes will have on
the quality of water provided to consumers, and the
sustainability of the treatment process over time and under
adverse conditions. The evaluation must be technically
transparent and fully consider all the alternatives available
to the water system. An example that illustrates a robust and
transparent technical approach is ``Selecting Disinfectants in
a Security-Conscious Environment,'' a guide published by the
American Water Works Association. This guide outlines a five
step process beginning with assessing the current situation and
ending in implementation of necessary actions; linkages to
routinely used engineering tools, techniques, and references
are provided for each step in the process. It also incorporates
accepted risk communication principles throughout the
evaluation process, and incorporates ties to existing EPA and
DHS guidance where relevant.
In addition to our objections to the bill described above,
H.R. 3258 raises genuine national and homeland security
concerns by rejecting security-enhancing provisions in favor of
environmental law type standards in other areas, most notably
information protection. H.R. 3258 changes existing information
protection requirements instituted in Title IV and contained in
Section 1433(a) of SDWA. Instead, H.R. 3258 adopts a public
``right-to-know'' view that only documents and information
specifically identified in the law should be included as
protected, and the bill effectively leaves unprotected
materials that may have security implications. We are further
concerned that, unlike the chemical facility security
legislation considered by our Committee, that proposed
subsection 1433(l)(7)(B) allows certain sensitive materials to
be released as long as it contains redactions of potentially
seriously sensitive information. We question the need to even
have amended versions of these items in the public domain. We
do not underestimate the potential for such materials to be
sought in discovery and compelled in litigation by people who
wish us harm. For that reason, we are troubled by the
legislation's conscious exclusion of certain materials from
protection, allowing them to serve as terror ``blue-prints''
for the able.
Most strikingly, H.R. 3258 places an extremely high bar on
prosecution of improper disclosures of sensitive, protected
information, and requires a showing that such information was
divulged ``purposefully'' before penalties would apply.
Specifically, H.R. 3258 repeals the ``knowingly or recklessly''
prosecution standard contained in SDWA Section 1433(a) and
replaces it with a much higher prosecution standard to meet
under the law--``purposefully''--when trying to penalize
persons for disclosure of protected, sensitive information--we
doubt that there are many scenarios, if any, in which sanctions
could be enforced. The ``purposefully'' standard would not
allow the United States to prosecute anyone who has been
careless, negligent, or reckless with sensitive, protected
information. At both subcommittee and full committee we offered
to reinsert the well-established standard of ``knowingly or
recklessly,'' each time being rejected by arguments that did
not reflect an understanding of the provisions of the bill or
an appreciation for what was at stake. We believe a deterrent
of a strong penalty is only efficacious if it can actually be
enforced. We are disappointed that the Majority did not share
this paramount concern as well.
Additionally, we are opposed to H.R. 3258's silence on
citizen suit provisions, allowing any person to sue a drinking
water facility under Section 1449 of SDWA and compel sensitive
information on these plants through discovery. We do not
understand how the Majority would try to make an effort to try
and protect individual chemical plants from these suits because
of potential problems, but leave drinking water systems exposed
to this assault. It is no secret that terrorists hire lawyers,
and DHS has testified to Congress that citizen suits may lead
to the disclosure of sensitive information in these
proceedings. We question why it is needed at all. We are
disappointed that the Majority defeated amendments to bar this
provision, unsympathetic to the potential unintended
consequences it might engender.
Finally, on the matter of preemption, proposed subsection
1433(n) allows States and local governments to enact laws that
are more ``stringent'' than the federal law. This is a new
standard for a security program and one modeled after, but not
identical to other provisions in SDWA on drinking water
contaminant standards. We believe the EPA program should be a
uniform, national standard which States and local governments
should not disrupt. This is not a novel approach; it is already
the case in nuclear, hazmat transportation, aviation, and port
security programs where the federal government is the dominant
regulator. Embracing a patchwork approach to national security,
however, the Majority on the Committee voted against an
amendment offered by the Minority that would have restricted
States from enacting laws that pose obstacles to, hinder, or
frustrate the purpose of this drinking water safety law. While
it may be appropriate in many localized pollution cases to have
State and local laws that are more stringent than the relevant
federal environmental statutes, we cannot treat homeland
security like a local problem relegated to one area or State.
There are other provisions in this bill that give us pause,
but they are secondary to the larger issues we have mentioned.
Ultimately, we had hoped that because this bill relates to
homeland security protection, long a bipartisan issue, that it
would have been possible to reach a legislative compromise. We
believe, however, that partisanship and misdirected ideology
have left our committee reporting a bill that naively
sacrifices sound, homeland security policy in the name of
environmental goals.
We will continue to fight the provisions we have identified
above because they do not make us safer in defense of the
country and people we have taken an oath to protect. Absent
significant changes that balance real security with economic
freedom; openness with firm, meaningful protections; and local
flexibility with a strong, overarching framework; we must
oppose this bill, as reported, and urge the Congress to do the
same.
Joe Barton,
Ranking Member.
Fred Upton.
Greg Walden.
Cliff Stearns.
John Shimkus.
George Radanovich.
Ralph M. Hall.
Ed Whitfield.
Nathan Deal.
Roy Blunt.
Steve Buyer.
Lee Terry.
Joseph R. Pitts.
Steve Scalise.
John Shadegg.
John Sullivan.
Tim Murphy.
Marsha Blackburn.
Phil Gingrey.
Michael Burgess.
Sue Myrick.
Mike Rogers.
Mary Bono Mack.
�