The department will validate submis­sions through audits and site inspections, and will provide technical assistance to fa­cility owners and operators as needed. Performance standards will be designed to achieve specific outcomes, such as se­curing the perimeter and critical targets, controlling access, deterring theft of po­tentially dangerous chemicals, and pre­venting internal sabotage. Security strategies necessary to satisfy these stan­dards will depend upon the level of risk at each facility.

The proposed regulations provide chemical facilities with two quick and simple opportunities to challenge the dis­approval of a site security plan. Failure to comply with performance standards may result in civil penalties up to $25,000 per day, and egregious instances of non­compliance could result in an order to cease operations.

The Homeland Security Appropriations Act of 2007 granted the department au­thority to regulate the security of high-risk chemical facilities and requires that the proposed regulations be issued by April 4, 2007. The proposed regulations con­template immediate implementation at the highest risk facilities, and a phased im­plementation at other chemical facilities that present security risks addressed by the statute, beginning in 2007 and continuing through 2008.

Although many companies in the chemical industry have initiated voluntary security programs and have made signifi­cant capital investments in responsible se­curity measures, the Secretary of Homeland Security has concluded that voluntary efforts alone will not provide sufficient security for the nation. The pro­gram proposed by this notice would be implemented in phases, and DHS would address chemical facilities with the most significant risk profiles as early in the pro­gram as possible.

For each phase, the program would contain several basic steps:

-Chemical facilities fitting certain risk profiles would complete a risk assessment methodology, which would be used by the department to determine if a chemi­cal facility “present[s] a high level of se­curity risk” and should be covered by this program.

-If DHS determines that a chemical fa­cility qualifies as “high risk,” the depart­ment would require the facility to prepare and submit a Vulnerability Assessment and Site Security Plan, and would provide technical assistance to the facility as ap­propriate.

Following a facility’s submission of these materials, DHS would review the submissions for compliance with risk-based performance standards. This would be followed up with a site inspection and audit.

-If the facility’s Vulnerability Assess­ment or Site Security Plan is found defi­cient or if other problems arise, the facility could seek further technical assistance from DHS, and could consult, object, or appeal depending on the stage of the process. If the Vulnerability Assessment and/or Site Security Plan are ultimately disapproved, the covered facility would be required to revise its plan and resubmit the materials or face penalties and other remedies set forth in the statute.

If the covered facility’s submissions are approved, the security plan is fully imple­mented and the facility is otherwise in compliance, DHS would issue a Letter of Approval to document the determination. It would also then notify the facility of its continuing obligations—based on its level of risk—to maintain and periodically up­date its Vulnerability Assessment and Site Security Plan.

Risk Assessment Methodology (RAMCAP)

DHS has been working with the American Society of Mechanical Engi­neers, with input from many other par­ties, to develop a risk assessment methodology for many elements of our nation’s critical infrastructure. The methodology is composed of two sepa­rate parts and can be utilized to perform both a preliminary “consequence” analysis and a more thorough vulnera­bility assessment on chemical facilities.

The first segment of the RAMCAP methodology is a screening tool known as the Top-screen, and is designed to be used through a secure Department web-site. For chemical facilities, the Top-screen solicits answers to a series of questions intended to assess the level of damage that could result from a terrorist incident at the facility. The Top-screen process draws in part on preexisting data from the EPA’s Risk Management chem­ical safety program (“RMP,” discussed below).

For example: Does the facility operate any RMP Program 2 or 3 processes? If so, how many persons could be exposed by a toxic release worst-case scenario? How many persons could be exposed by a flammable release worst-case scenario? The Top-screen also includes queries regard­ing manufacture and storage of explosives materials, and seeks information on quantities of chemical substances and precur­sors addressed by the Chemical Weapons Convention.

The Top-screen process is intended to gather information both to evaluate the consequences of a catastrophic explosion or release and to assess the possible dan­ger if dangerous chemicals are stolen.

The second segment of RAMCAP pro­vides the tools to conduct a thorough fa­cility Vulnerability Assessment and could also be utilized via a secure website. It has three fundamental steps, each with de­tailed instructions:

1.                    1. Identify the assets on the facility;

2.                    2. Apply specified threat scenarios to each asset to quantify the resulting conse­quences if an attack succeeded; and

3.                   3. Apply the threat scenarios to each asset in light of the security measures in place and evaluate the likelihood and the degree to which the attack could succeed. FSM To review the proposal, go to www.dhs.gov/xprevprot/laws/gc_1166796 969417.shtm. To comment on the proposal, send comments by mail to IP/CNPPD/Dennis Deziel, Mail Stop 8610, Department of Homeland Security, Washington DC 20528-8610. Instructions: All submis­sions must include the agency name and docket number or Regulatory Information Number (RIN) for this rulemaking.