Easy Targets

By Matthew Weinstock

February 1, 2003

Efforts to shore up America's infrastructure against another terrorist attack have largely ignored a critical and highly vulnerable sector of the economy: the chemical industry.

Last April, Carl Prine, donning a press pass and carrying a camera, was able to walk into 30 industrial facilities in Western Pennsylvania containing large stockpiles of toxic and explosive chemicals. About half of the sites were chemical plants. The others were sewage and water treatment facilities that stored chlorine, a life-threatening compound if released into the atmosphere. In most cases, Prine, a reporter for the Pittsburgh Tribune-Review , was able to walk or drive right up to tanks, pipes and control rooms. A month later, Prine discovered similar vulnerabilities at chemical manufacturing, storage and distribution plants in Baltimore, Chicago and Houston. He reported his findings in a series of stories in the Tribune-Review in April and May.

A few months later in Seadrift, Texas, a small port community along the Gulf of Mexico about 60 miles from Austin, Diane Wilson breached security at a Union Carbide chemical facility. At 5:30 a.m., on Aug. 29, the 53-year-old environmental activist scaled a barbed-wire fence, climbed a set of metal stairs encircling a tower in the plant's ethylene unit and chained herself to a platform about 70 feet off the ground. No one noticed her until roughly 7 a.m.

And on an overcast September afternoon in South Kearny, N.J., Frank and Rosa Ferreira parked their white Volvo across the street from the Kuehne Chemical plant on Hackensack Avenue. Armed with a handheld video camera, the two environmental activists wandered around the perimeter capturing images of the plant's guard gates and security fence. They zoomed in on large storage tanks labeled "sodium hydrochloride" in bold black letters.

A panoramic view of the fence shows security weaknesses in certain areas, particularly at three entrance and exit gates, which are loosely held closed by chains. No padlocks are noticeable. Despite scanning a couple hundred yards of fence, the Ferreiras didn't pick up any security personnel on the 20-minute video, which they posted on their Web site, www.publiccitizenonline.com. Two days later, on Sept. 5, 2002, the Ferreiras returned. Again, they photographed large chemical storage containers and idle tanker trucks sitting a few feet away from the fence. And again, no security personnel approached the couple.

Driving along the Pulaski Skyway, Frank Ferreira noticed another weakness at the facility: It sits directly underneath the 1.3-mile bridge connecting Jersey City to Newark. The plant, which produces chlorine and bleach for cities along the Eastern seaboard, is a mere three miles from Newark International Airport and five miles from Lower Manhattan. It wouldn't take much, Ferreira says, for someone to stop on the skyway and penetrate the storage tanks using a rifle or other weapon.

"A few days before we went down there, we saw an article in our local paper that Greenpeace was looking at the safety of the chemical industry," Ferreira recalls. "They focused on the Kuehne plant. The article talked about documents filed with the Environmental Protection Agency showing that a chemical release could threaten the lives of 12 million people in a 16-mile radius. We went down there expecting to see something like Fort Knox-something you couldn't penetrate." He was wrong. "It was like a ghost town. . . . Once we finished taping, I turned to my wife and said, 'There is something terribly wrong here.' "

If relatively harmless environmental activists, such as the Ferreiras and West, as well as an intrepid reporter like Prine, can easily penetrate plant security, imagine what ruthless terrorists could do. Yet little has been done since the Sept. 11 attacks to shore up defenses at the nation's more than 1,000 chemical facilities.

The chemical industry is in the early stages of assessing its vulnerabilities. Meanwhile, there is a fair amount of uncertainty about how-and even which-federal agencies can prevent a catastrophic event. A bill to make the Environmental Protection Agency responsible for chemical plant security was shot down last year in Congress when the industry objected. Now lawmakers are poised to take a second crack at legislation to clarify jurisdiction.

COMMUNITIES AT RISK

Chemical manufacturing plants pose well-documented dangers to surrounding communities. Legislation passed during the late 1980s and early 1990s requires companies to publicly disclose information about the amount of pollution they emit and the types and quantities of chemicals they store. The push for broader disclosure began in 1984, after an accident at a Union Carbide plant in Bhopal, India, released a toxic cloud of methyl isocyanate, killing more than 3,000 people and injuring 600,000.

After the tragedy, environmental activists demanded to know whether similar risks existed in the United States. In response, Congress passed the 1986 Emergency Planning and Community-Right-to-Know Act, which requires companies to report how much pollution they release. Originally, the so-called Toxic Release Inventory conducted by EPA focused on 300 chemicals. It grew to 650 in the late 1990s.

In 1990, Congress amended the Clean Air Act requiring 15,000 facilities-including oil refineries, water treatment sites, chemical manufacturers and electric utilities-to detail the worst accidents they could envision at their sites. The worst-case scenarios show what would happen if a plant's largest storage tank released its entire contents into the environment.

Plants must develop risk management plans to reduce the chance of accidents, and explain how they would respond should they occur. Maps of the facilities and their surrounding communities and estimates of potential human exposures must be made available to the public.

Increased awareness has paid off. Emissions of Toxic Release Inventory chemicals have dropped by 48 percent since 1988, according to EPA. Risk management plans have forced industry and regulators to pay closer attention to safety. Regulators and emergency responders know what to expect in case of accidents.

BEYOND ACCIDENTS

A summary of the Kuehne plant's risk management plan notes that the facility has "three programs designed to address accidental release prevention and emergency response issues." One is designed to prevent a release, another to minimize off-site impact of a release and a third to aid emergency responders, should the community be exposed.

The document lists worst-case scenarios for chlorine and sulfur dioxide tanks. "In the event of a total failure of a railroad tank car of chlorine which discharges its entire contents within a 10-minute time frame, the resulting cloud of chlorine vapor would be immediately dangerous to both lifeand health for a distance exceeding 14 miles," the report states.

Risk management plans are specifically designed to address accidental releases. For the most part, they discuss the potential that one storage tank might release a single compound, according to an EPA official. In a recent analysis of those scenarios, the U.S. Public Interest Research Group, an activist group and staunch critic of the chemical industry, reported that 125 facilities nationwide each put at least 1 million people at risk. Another 700 facilities each pose a danger to 300,000 people.

The plans do not address what could happen in case of a terrorist attack. "We are struggling to get a handle on what the state of security is at these facilities," says Robert Bostock, EPA's head of homeland security. "We know through the risk management program what the state of play is for preventing an accidental release. We know most facilities have taken very seriously the imperative of reducing accidental releases. . . . One of the things we are still learning about is the situation with respect to security against a deliberate attack. It's a concern for EPA and the entire federal government."

HIDDEN RISKS

Anxiety about chemical plant security is not new. Congress addressed the issue in 1999 with passage of the Chemical Safety Information, Site Security and Fuels Regulatory Relief Act. To a large degree, the legislation came about because the industry was lobbying to keep confidential some data included in risk management plans. Working with officials from the Federal Bureau of Investigation, industry lobbyists were able to convince lawmakers that information such as toxic-gas dispersion models and casualty figures would provide terrorists a road map for destruction. The legislation required EPA to pull risk management plans from its Web site and put them in government reading rooms.

The law also ordered the Justice Department to assess the industry's vulnerabilities. An interim report to Congress was due Aug. 5, 2000, and a final report two years later. Neither was produced on time. In fact, Justice didn't deliver an interim report until May 2002. It has been kept confidential because officials say the findings could jeopardize national security. Justice officials have told Congress they lack funding to work on a final and more comprehensive report.

Yet in 2001 and 2002, the department failed to ask Congress for additional money, the General Accounting Office noted in an Oct. 10, 2002, memorandum (GAO-03-24R). Additionally, GAO argued that Justice easily could have shifted money from its general appropriations, a point that Justice officials refute. In a written response to the GAO memorandum, Acting Assistant Attorney General Robert Diegelman said the department must get permission from Congress before making any transfers. In March 2000, the department informed Congress of its intent to use money from its counterterrorism fund for the report. But "the Appropriations Committee objected to the transfer, and the department did not proceed with it," Diegelman wrote. The department has asked for $3 million in fiscal 2003 to complete the analysis.

The chemical industry is moving forward with its own analysis. The industry's largest trade group, the American Chemistry Council, now requires member companies to assess their vulnerabilities. Those analyses were completed at the end of last year. By the end of 2003, member companies must develop security plans. The association eventually will require companies to get verification of their assessments and plans from an independent third party, according to Chris VandenHeuvel, an association spokesman.

Results from the assessments are being kept secret. Not even the association sees them. VandenHeuvel says the association does not have a secure location to keep the reports, nor does it have security experts on staff. The association requires that chief executive officers at member companies certify compliance with the mandate to assess vulnerabilities. But an association executive, speaking on the condition of anonymity, acknowledges that the group has no way to verify company results.

SEEKING CLARITY

Even with the new mandate for chemistry council members, the industry is willing to accept more federal oversight of plant security, VandenHeuvel says, because it wants a level playing field. "When the federal government talks about the chemical industry, it talks about the 15,000 plants that submit risk management plans," VandenHeuvel says. "We represent 1,000 of them. There is a general desire on the part of the public that someone at the federal government is overseeing an industry such as ours to make sure everyone is looking at security." But which agency and under what authority?

The president's strategy for homeland security makes EPA the lead agency, but the chemical industry wants oversight to go to the new Homeland Security Department. Publicly, industry officials say security experts should be in charge of security. Privately, they worry that EPA could draft regulations that would force companies to make expensive changes to manufacturing processes and to reduce reliance on certain toxic chemicals.

EPA officials say they are the right agency to monitor the industry. "We've got the expertise in terms of knowing what they have and how close they are to population centers. And we can determine whether they are following best industry practices," Bostock contends. At the same time, the Occupational Safety and Health Administration and the Chemical Safety and Hazard Investigation Board, an independent agency created to study and mitigate potential accidents, also claim some jurisdiction over security. Both are studying how and where they can make an impact.

"We usually go in after an accident and ask, What happened? What was the company doing to prevent it?" says Carolyn Merritt, chairman of the investigation board. "We don't want to wait for a [terrorist] event. Let's start asking those questions now." Yet Merritt acknowledges that the board, as an independent agency, has limited ability to influence company behavior. It does not issue binding regulations.

Meanwhile OSHA's chief, John Henshaw, says his agency is developing guidance on how chemical facilities can conduct vulnerability assessments and share that information with workers.

Last October, EPA abruptly abandoned plans to issue new regulations that would have required chemical facilities to assess and take steps to mitigate security vulnerabilities. Internal agency documents, obtained and leaked to reporters last fall by Greenpeace, reveal that the agency was poised to announce an aggressive new framework and levy large daily fines against companies that failed to comply. Despite the fact that one of the documents says that the Clean Air Act gives EPA the power to issue such regulations, the decision to step back was based on unclear legislative authority, Bostock says.

Not so, says Nicholas Ashford, professor of technology and policy at MIT. The Clean Air Act clearly gives the agency authority to protect citizens from chemical releases. It doesn't matter if they are the result of an accidental release or a terrorist attack. "There's been a lot of analysis by a lot of lawyers saying you could fit a little bit of homeland security under different statutes," Bostock counters. "Our conclusion has been that we really need some specific new legislative authority so it is clear and clean and we can move forward."

Nonetheless, EPA outlined a series of steps it plans to take to ensure plant security in its strategic plan for homeland security, published last September. Among other things, it pledged to work with industry associations in reviewing and developing vulnerability assessments. Beyond outlining physical security steps, the document commits EPA to studying the use of so-called inherently safer technologies. These often require firms to find substitutes for highly toxic chemicals, redesign processes or reformulate products. By eliminating problems at the source, facilities can prevent harm, MIT's Ashford says.

To chemical industry officials, the term "inherently safer technologies" signals expensive changes to manufacturing processes. Last year, Sen. Jon Corzine, D-N.J., introduced the Chemical Security Act (S. 1602), which would have forced companies to consider safer technologies. It also would have required EPA to identify "high risk" facilities and force them to conduct vulnerability assessments.

The Senate Environment and Public Works Committee passed the bill unanimously. But aggressive chemical industry lobbying prevented the measure from reaching the Senate floor.

VandenHeuvel says the industry does not oppose some form of legislation, but the Corzine bill was unacceptable because it put EPA, rather than the Homeland Security Department, in charge of security.

EPA officials support the Corzine bill, but they think it needs modification. For starters, it forced EPA to define the universe of facilities to be covered. That would have required a lengthy rule-making process and would have delayed assessments, according to Bostock. Instead, Congress should define the covered entities, he says.

The bill also would have required EPA to verify that vulnerability assessments are being done properly. "We really don't have the resources to do that," Bostock says. "The approach we have been looking at is more along the lines of requiring facilities to do vulnerability assessments that cover certain parameters, including access controls, inventory practices, physical security and hazard reduction." He says companies already conducting assessments, such as those recommended by the American Chemistry Council, shouldn't be forced to shift gears midstream. "We don't want to stop progress," he says. "We don't want to get in a situation where facilities are waiting to see exactly what we come up with before doing something."

The Senate Environment and Public Works Committee's new chairman, James Inhofe, R-Okla., has said that chemical plant security will be a top priority. An ally of the industry, Inhofe is likely to push a bill putting oversight in the hands of the Homeland Security Department rather than EPA. "At the end of the day, if it is decided that this is something the new department ought to be doing and they are in the position to do, then I can't imagine that we would have any objection," Bostock says. "The question is how quickly would the new department be able to do this as opposed to EPA."



By Matthew Weinstock

February 1, 2003

http://www.govexec.com/magazine/2003/02/easy-targets/13373/