Homeland Security Director Michael Chertoff gave a pointed, gentle threat to the entire chemical industry today in his remarks before the American Chemistry Council. I’ve decided to print the speech in its entirety. There are grave economic, political, and libertarian repercussions from the things Chertoff threatens to do, “if the chemical industry isn’t able to police itself.”
Remarks by Homeland Security Secretary Michael Chertoff at the National Chemical Security Forum
Washington, D.C.
American Chemistry Council
National Chemical Security Forum
March 21, 2006
Secretary Chertoff: Well, Frank, thank you for introducing me. And I want to thank Jack Gerard, the CEO of the American Chemistry Council, for inviting me to address this group. I think that the Chemistry Council is obviously focused on a very important issue nationally, which is the security of our chemical plants. And it’s part of a larger effort that we are undertaking now to make sure we’re generally raising security in all the elements of significant infrastructure across the country, whether it’s transportation, whether it’s communications, whether it’s physical plants or dams or bridges. All of these things require us to continue to raise the level of protection in order to make sure that we are hardening ourselves against the possibility of an attack if an attack comes.
Now of course, chemistry is a little bit of a technical subject, and I read in The Washington Post this morning that I was being a little bit too technical in the words I was using when I spoke yesterday. This is a group that I think will understand big words. If members of the press need help in translation afterwards, I’ll be happy to do that.
I want to begin with a fundamental proposition. The reality is, in this country, the private sector owns and operates the vast majority of our nation’s infrastructure, and that’s certainly true with respect to chemicals. So the idea that the federal government can own and operate all the security for all this infrastructure is simply misguided. What we do has to be done in partnership with the people who actually have direct control over the assets and who employ the people who work at these facilities.
And that’s why, as we go forward and talk about how we increase our security, we have to do so in a way that is constantly engaged with the private sector so that we can exchange ideas, so that we can figure out what works, and so we can go about the objective of raising our security in a way that doesn’t destroy the businesses we’re trying to protect.
It’s very easy to put all of the weight on one side of the balance, but if the consequence of that is we stifle our economy, we throw workers out of work, we make it difficult to make our way of life, then we will actually have succeeded in doing what the enemy has not, which is causing our own loss of prosperity and our own loss of freedom.
So we all have the same interests. We want to promote prosperity of the country, but we also recognize that we face substantial threats and we have to take appropriate steps to address these threats.
Now, the chemical sector certainly stands as one of the principle areas of infrastructure about which we have to be concerned. If you look back at the whole history of the way al Qaeda has conducted its operations, where possible, they have always tried to leverage our own technology against ourselves. They’ve turned jets, commercial jets, into weapons. They’ve tried to use our own chemicals and our own products as means of exploding devices against us. And obviously, one of the areas we have to be concerned about are parts of our infrastructure which house chemicals which could, if properly ignited, create a huge amount of havoc in a populated area — whether it be because of a large explosion or whether it’s because of toxic inhalation.
So one of the areas we have to make sure we are constantly focused on is how do we protect our chemical industry against being exploited by terrorists.
Now let me begin by saying we haven’t just started this today. We have been working with the chemical industry on the issue of sector protection for some considerable period of time. And working together, we have seen a lot of progress. Since September 11th, members of the chemical industry have helped create a new type of risk analysis, one that recognizes that we face a deliberate and intelligent enemy. Traditional risk methods, as applied in the chemical industry and other similar industries, have not had to account for this kind of 21st century deliberate threat. The concern was more accident or environmental contamination.
But now, after 9/11, many people in the industry, including people in this room, have developed screening methods and best practices in the area of security that help to reduce or to eliminate some of the types of vulnerabilities at the site that could be exploited by terrorists. A lot of companies have taken steps, like investing in new security infrastructure and capabilities, implementing new security procedures, and, in many cases, complying with new rules, all in an effort to protect against this kind of terror threat.
And the Department has also been making investments in this kind of effort. We’ve been working in developing resources to improve our policing capabilities, working with local communities to improve emergency response, consequence management, and community planning. And I’m pleased to say that in the fiscal year 2007 budget offered by the President, the administration has requested additional funding to promote chemical site security.
So that is what we have done, but we have a lot more to do. The fact of the matter is, we are four years after 9/11, and the time to wait on volunteerism as the sole solution I think has begun to pass. The fact of the matter is that although large numbers of the chemical companies that operate in this country have been very responsible in taking steps to make sure that they are elevating their own security, we have to recognize that not all chemical companies have done that. And all the industry, in fact the whole country, is hostage to those few who do not undertake the responsibility that they have to make sure security is at an appropriate level.
When we deal with this kind of circumstance, where the good work of the many is held hostage to the lack of responsibility of the few, government does have a role to play to step in to make sure we have raised the level for everybody, both in order to protect our citizens, and also to make sure that those who have put a responsible investment in are able to reap the benefits of that security investment.
Now I know you’re all aware that legislation on chemical infrastructure security has been proposed in each of the last three congressional sessions. But so far, no bill has generated sufficiently broad support to work its way successfully through the legislative process. Now we finally need to have a bill that will succeed in becoming law.
Since 2003, Congress has been considering but has not enacted legislation that would give the authority to my Department to create a sensible regulatory structure for the nation’s chemical infrastructure. This law has not passed.
Now, I understand this is an election year, and there are skeptics who say that in an election year it’s virtually impossible to get anything done. But since the terrorists aren’t planning to take this year off, and since I spend most of my mornings reviewing the intelligence that comes in every day about the continued efforts by al Qaeda and their sympathizers to carry out deadly attacks against Americans, I refuse to simply abdicate the field this year and say, well, we’re going to have to wait until after the election to get serious again.
I want to challenge Congress to take the steps this year to enact a sensible bill that will allow us to complete the process across the entire spectrum of this sector of getting the chemical plant sector where it needs to be in terms of national security.
Now I want to emphasize, I’m not saying that as we speak there is a specific, credible treat against the chemical industry. But the fact of the matter is, you don’t need to wait for a threat to understand the consequences to public health and economic vitality if we wait until a threat actually matures, because we know that at least with respect to a certain category of chemicals, the result of a successful attack would be tremendous — tremendous in terms of loss of life, tremendous in terms of property damage, and then also tremendous in terms of its impact on our national economy.
Now the fact of the matter is, since I came on board a year ago, we’ve been working with Congress and the industry to develop the framework for reasonable legislation, and we want to continue to participate in this discussion and provide our best advice.
I’ve spoken personally with Chairman Collins and Senator Lieberman in the Senate and with leaders in the House of Representatives, all of whom are working to put together a sensible and appropriate bill that would give us the authority we need to make sure we have the proper level of safety in the chemical sector. We still have some work to do, but I’m confident that we have within these various proposals the elements of what can be a successful bill that can be enacted by this Congress.
What I want to do, though, is I want to lay out for you what I think are the essential core principles of what a bill should look like. First of all, making sure we are paying attention to the highest risks, not overdoing it by trying to eliminate every possible risk, but doing what we always do as a matter of common sense: managing the risks that are the most significant, in terms of the consequence, the vulnerability and the threat.
The second is devising a bill that doesn’t micromanage the chemical industry by attempting to dictate very specific ways in which security has to be achieved, but rather one which takes advantage of the strength of the industry — its adaptability, its initiative and its ingenuity — by laying out a series of performance standards. In other words, we want to say to the industry, look, here’s where we need to go. Now there are a lot of different roads to get there, and you can choose the road that best fits your particular type of chemical and your particular type of operation. We’re not going to micromanage that. What we do insist, though, is that you get to the place you need to be, and we need to make sure that we then have the tools to verify that you’ve in fact reached the destination.
And the third principle I want to talk about is making sure that we reward those who have already taken the steps on a voluntary basis. The fact of the matter is a cookie-cutter approach that says one size fits all actually penalizes those who are good corporate citizens in order to seek out and raise the level of performance of those few who are bad corporate citizens.
So let me turn first of all to risk. I’ve said pretty much every time I get up and speak to a group that everything we do at the Department of Homeland Security — whether it’s decision-making, whether it’s operations, whether it’s planning, and whether it’s giving money out — has to be driven by the principle of risk management. And to boil it down very simply, that means we’ve got to look at what are the consequences, the most serious consequences we face, where are we vulnerable, and where are the actual threats. It requires us to recognize that it is a false promise if we tell the American people that we are going to give them a security blanket against every possible thing that could ever happen that’s bad. Life isn’t like that, and our society isn’t like that. Our society recognizes that to have freedom and to have prosperity, we have to balance risk. We can’t be entirely pushed or balance on the side of protection, because then what we have is a nanny state instead of the kind of vibrant and economically efficient society which we all cherish in this country.
When we look at the chemical industry in particular, we recognize that there are business operations that run the entire spectrum of risk. There are some small operations dealing with chemicals that, frankly, there wouldn’t be much of a consequence if something happened. I mean, there would be an economic consequence, but there wouldn’t be a lot of loss of life. For example, to the extent you talk about certain kinds of products like ink that are chemical, if there were a big ink spill on the highway, it’s going to be messy, but it’s not going to kill a lot of people. On the other hand, we have to acknowledge that there are some businesses that do operate with chemicals that are highly hazardous — hazardous either because they are capable of being exploded, or hazardous because if inhaled by humans, they could cause a very toxic reaction.
Therefore, as we approach the issue of regulation of the chemical industry, I think we have to tier the industry. We have to recognize there are different levels of risk for different types of operations, and we have to focus what we demand, in terms of performance and in terms of security, based upon the level of consequence that we are concerned about. That means we are not going to take a mechanical approach to security, but we are going to look at these categories and treat each category as one that has to be approached with distinct considerations about vulnerability, including the capability of response and mitigation, and distinct approaches with respect to threat.
Once we have tiered the industry into these separate categories, and recognizing that the most significant security restrictions have to be placed on those where the consequence is the greatest, we have to talk about how we actually get to where we need to be, in terms of security. And again, as I said, that means not specifying you have to have a certain number of fences, you have to have a certain number of guards, they have to have a certain kind of weapon; but rather talking about what is the outcome we want to achieve. What are the kinds of capabilities that these chemical companies have to have in order to reduce the risk and reduce the vulnerability?
Now we measure that in a lot of ways. We can talk about different kinds of attacks we are concerned about. We can talk about response times that need to be in place to make sure that we can mitigate if an attack is successful. We can talk about degrees of protection against certain kinds of attacks that should be incorporated into the physical structure of the plant. But whatever category we’re talking about, the critical thing to do is to make sure that we are clear about the outcome and performance we are looking for, and not to get into the business of telling those who operate the individual plants what is the best way to achieve those outcomes.
Now that doesn’t mean we’re going to be naive, or that we’re going to simply take a company’s word for it that they’ve achieved the results that are necessary. But what it means is we will allow companies, I think if we’re sensible, to devise their own way to get what needs to be done actually accomplished. To put it in a vernacular, there are a lot of ways to skin a cat, and we’re going to let chemical operators figure out the right way, as long as the cat gets skinned. And I’ve probably offended some animal rights people by using that expression, but you understand what my point is. We have to work with the ingenuity, and we have to recognize the superior knowledge that every business operator has about the way his or her own operations can best be assimilated to security.
The third thing we have to do is recognize a lot of work has been done already. A lot of companies have put into effect the kinds of processes that will enhance their security. And that means we have to validate that, but then allow these voluntary measures, where they meet the requisite standards, to substitute for what we might otherwise mandate. In other words, if a company has done the right thing and gotten to the right place on its own, we shouldn’t make them redo it because we take the attitude that it’s my way or the highway. We should rather say, okay, you’ve achieved the performance metric, we have validated it, and we will accept your approach as being equivalent and therefore sufficient under the regulatory regime put into place.
Now, validation is a critical part of this, meaning we’ve got to kick the tires, we’ve got to make sure that companies in fact are achieving the performance that we are going to insist upon as part of this approach. But it doesn’t mean that the government has to do all the validation itself. Another proposal I would lay out there for Congress to consider is the possibility of third-party validation. We have, in our financial system in this country, literally tens of thousands of publicly traded companies with very complicated financial statements. We don’t have the Securities and Exchange Commission go out and personally audit the books of every one of those companies. If we did, we would cripple our capital markets. What we do is we rely upon the validation of accounting firms. And notwithstanding the occasional very high profile failure, the fact of the matter is, for 99.9 percent of the companies that raise money in the capital markets, using accounting firms, third-party validators, works very well in terms of creating a level of assurance and confidence in the integrity of those statements in this country that is unsurpassed all over the world.
I want to suggest to you that there is a place for this kind of third-party independent validation in the chemical industry — in fact in a lot of industries — as we make sure that we don’t necessarily deaden our efficiency by insisting that the government do everything itself.
I want to also, before I conclude, talk about one other thing that we should avoid in regulation, and that’s what I call “mission creep.” One of the attributes of some of the level of security we’ve placed in this country in the last four years is the tendency to have the impulse to increase our security against terror attacks or other kinds of hazards hijacked in the service of other goals. And it’s not to say that these other goals aren’t worthwhile. It’s to say, though, that the mission begins to migrate from focusing on terrorism to focusing on other ends.
One example is various kinds of screening tools. At various times, we’ve talked about rolling out tools that we can use to screen people to make sure terrorists don’t get on airplanes or don’t get into sensitive buildings, and then you start to hear arguments that we should start to use these screening tools to serve other purposes — find people, for example, who are in arrears on their child support, or people who perhaps have misdemeanor warrants that are outstanding. And it’s not to say that these aren’t goals that are serious and worthwhile in themselves, but when we dilute the mission, when we impose restrictions to achieve a single end and then we start to use those restrictions to achieve other ends as well, we run the risk of breaking faith with the American people who, after all, take us at our word. What they believe is if we say we’re here to fight terrorism, we should be focused on doing that and not trying to serve other ends at the same time.
In the area of the chemical industry, of course, this gets us into the issue of inherently safer technology. Clearly a lot of chemical companies on their own, in meeting performance standards, will want to look at inherently safer technology as a means to reduce the risk, and therefore achieve what they need to achieve. But we have to be careful not to move from what is a security-based focus, as part of the type of regulation I’m describing, into one that tries to broaden into achieving environmental ends that are unrelated to security. There is an Environmental Protection Administration. They deal with environmental matters that are distinct from security. And I want to make sure that we don’t allow our focus on security to become a surrogate for achieving ends that may very well be worthwhile but ought to be pursued in a debate in another forum.
As I’ve indicated, I think that we are finally at the point now that we need to have appropriate regulatory authority to allow DHS to assure that the entire chemical sector comes up to the standard that we must insist upon in order to make sure this country is safe. And this is simply one element of a broader strategy, as we look at rail security, because after all, before the chemicals get to the plant, they travel by rail. We have to do the same thing with rail security. We have to do the same thing with port security. We have to do the same thing with air cargo. And we are doing these things. Every single day, we are raising the degree of protection and the degree of security in all of these elements of infrastructure. Sometimes we can do it without regulation, but where we need regulation, and in particular where an industry needs regulation to make sure that everybody is playing on a level playing field, we won’t hesitate to urge Congress to give us the authority to regulate in a sensible way that doesn’t overdo it and that works with the strengths of American business as opposed to smothering American business.
Therefore, I want to say again, I’m realistic but I’m optimistic. I think Congress can pass a balanced, risk-based security measure for the chemical industry this year, one that will give us the tools to make sure security is increased, but one that relies ultimately on the expertise and the knowledge of the chemical sector itself to achieve those goals.
In the meantime, until that gets done, we will continue to work with the sector on a voluntary basis to make sure that we do as much as we can before regulation is put into place, because every day that we raise our security is a day we make Americans safer.
I want to thank you for your attention, I want to thank you for your critical support for this need to make sure security is raised, and I want to end by saying in this, as in so many areas, there will be a lot of naysayers, there will be a lot of people who say Congress can’t do it, it’s going to be — too many different interests are going to come into play, and we’re going to get paralyzed. I don’t think that’s really what the American people expect from their government, and I certainly know it’s not what the American people want from their government. Nobody in this room, and I don’t think anybody in Congress, wants to be sitting somewhere in a year or two years if there is a successful attack on a chemical plant, saying, if we had only put into the place the tools we needed, we could have avoided this.
It is much better to avoid these things looking forward than it is to have them happen and that we can spend a year or two having commissions to go back and review what we failed to do.
So we are committed in this Department in moving forward on sensible legislation. I appreciate your support in doing that. I am confident it can be done, and I look forward to working with you and speaking out on this topic more in the months to come. Thank you.