Remarks by Homeland Security Secretary Michael Chertoff at the National Chemical Security Forum

Washington, D.C.American Chemistry CouncilNational Chemical Security ForumMarch 21, 2006   Secretary Chertoff:  Well, Frank, thank you for introducing me.  And I want to thank Jack Gerard, the CEO of the American Chemistry Council, for inviting me to address this group.  I think that the Chemistry Council is obviously focused on a very important issue nationally, which is the security of our chemical plants.  And it's part of a larger effort that we are undertaking now to make sure we're generally raising security in all the elements of significant infrastructure across the country, whether it's transportation, whether it's communications, whether it's physical plants or dams or bridges.  All of these things require us to continue to raise the level of protection in order to make sure that we are hardening ourselves against the possibility of an attack if an attack comes.   Now of course, chemistry is a little bit of a technical subject, and I read in The Washington Post this morning that I was being a little bit too technical in the words I was using when I spoke yesterday.  This is a group that I think will understand big words.  If members of the press need help in translation afterwards, I'll be happy to do that.   I want to begin with a fundamental proposition.  The reality is, in this country, the private sector owns and operates the vast majority of our nation's infrastructure, and that's certainly true with respect to chemicals.  So theea that the federal government can own and operate all the security for all this infrastructure is simply misguided.  What we do has to be done in partnership with the people who actually have direct control over the assets and who employ the people who work at these facilities.   And that's why, as we go forward and talk about how we increase our security, we have to do so in a way that is constantly engaged with the private sector so that we can exchangeeas, so that we can figure out what works, and so we can go about the objective of raising our security in a way that doesn't destroy the businesses we're trying to protect.   It's very easy to put all of the weight on one side of the balance, but if the consequence of that is we stifle our economy, we throw workers out of work, we make it difficult to make our way of life, then we will actually have succeeded in doing what the enemy has not, which is causing our own loss of prosperity and our own loss of freedom.   So we all have the same interests.  We want to promote prosperity of the country, but we also recognize that we face substantial threats and we have to take appropriate steps to address these threats.   Now, the chemical sector certainly stands as one of the principle areas of infrastructure about which we have to be concerned.  If you look back at the whole history of the way al Qaeda has conducted its operations, where possible, they have always tried to leverage our own technology against ourselves.  They've turned jets, commercial jets, into weapons.  They've tried to use our own chemicals and our own products as means of exploding devices against us.  And obviously, one of the areas we have to be concerned about are parts of our infrastructure which house chemicals which could, if properly ignited, create a huge amount of havoc in a populated area -- whether it be because of a large explosion or whether it's because of toxic inhalation.    So one of the areas we have to make sure we are constantly focused on is how do we protect our chemical industry against being exploited by terrorists.    Now let me begin by saying we haven't just started this today.  We have been working with the chemical industry on the issue of sector protection for some considerable period of time.  And working together, we have seen a lot of progress.  Since September 11th, members of the chemical industry have helped create a new type of risk analysis, one that recognizes that we face a deliberate and intelligent enemy.  Traditional risk methods, as applied in the chemical industry and other similar industries, have not had to account for this kind of 21st century deliberate threat.  The concern was more accident or environmental contamination.  But now, after 9/11, many people in the industry, including people in this room, have developed screening methods and best practices in the area of security that help to reduce or to eliminate some of the types of vulnerabilities at the site that could be exploited by terrorists.  A lot of companies have taken steps, like investing in new security infrastructure and capabilities, implementing new security procedures, and, in many cases, complying with new rules, all in an effort to protect against this kind of terror threat.    And the Department has also been making investments in this kind of effort.  We've been working in developing resources to improve our policing capabilities, working with local communities to improve emergency response, consequence management, and community planning.  And I'm pleased to say that in the fiscal year 2007 budget offered by the President, the administration has requested additional funding to promote chemical site security.   So that is what we have done, but we have a lot more to do.  The fact of the matter is, we are four years after 9/11, and the time to wait on volunteerism as the sole solution I think has begun to pass.  The fact of the matter is that although large numbers of the chemical companies that operate in this country have been very responsible in taking steps to make sure that they are elevating their own security, we have to recognize that not all chemical companies have done that.  And all the industry, in fact the whole country, is hostage to those few who do not undertake the responsibility that they have to make sure security is at an appropriate level.   When we deal with this kind of circumstance, where the good work of the many is held hostage to the lack of responsibility of the few, government does have a role to play to step in to make sure we have raised the level for everybody, both in order to protect our citizens, and also to make sure that those who have put a responsible investment in are able to reap the benefits of that security investment.   Now I know you're all aware that legislation on chemical infrastructure security has been proposed in each of the last three congressional sessions.  But so far, no bill has generated sufficiently broad support to work its way successfully through the legislative process.  Now we finally need to have a bill that will succeed in becoming law.   Since 2003, Congress has been considering but has not enacted legislation that would give the authority to my Department to create a sensible regulatory structure for the nation's chemical infrastructure.  This law has not passed.   Now, I understand this is an election year, and there are skeptics who say that in an election year it's virtually impossible to get anything done.  But since the terrorists aren't planning to take this year off, and since I spend most of my mornings reviewing the intelligence that comes in every day about the continued efforts by al Qaeda and their sympathizers to carry out deadly attacks against Americans, I refuse to simply abdicate the field this year and say, well, we're going to have to wait until after the election to get serious again.   I want to challenge Congress to take the steps this year to enact a sensible bill that will allow us to complete the process across the entire spectrum of this sector of getting the chemical plant sector where it needs to be in terms of national security.   Now I want to emphasize, I'm not saying that as we speak there is a specific, credible treat against the chemical industry.  But the fact of the matter is, you don't need to wait for a threat to understand the consequences to public health and economic vitality if we wait until a threat actually matures, because we know that at least with respect to a certain category of chemicals, the result of a successful attack would be tremendous -- tremendous in terms of loss of life, tremendous in terms of property damage, and then also tremendous in terms of its impact on our national economy.   Now the fact of the matter is, since I came on board a year ago, we've been working with Congress and the industry to develop the framework for reasonable legislation, and we want to continue to participate in this discussion and provide our best advice.   I've spoken personally with Chairman Collins and Senator Lieberman in the Senate and with leaders in the House of Representatives, all of whom are working to put together a sensible and appropriate bill that would give us the authority we need to make sure we have the proper level of safety in the chemical sector.  We still have some work to do, but I'm confident that we have within these various proposals the elements of what can be a successful bill that can be enacted by this Congress.   What I want to do, though, is I want to lay out for you what I think are the essential core principles of what a bill should look like.  First of all, making sure we are paying attention to the highest risks, not overdoing it by trying to eliminate every possible risk, but doing what we always do as a matter of common sense:  managing the risks that are the most significant, in terms of the consequence, the vulnerability and the threat.   The second is devising a bill that doesn't micromanage the chemical industry by attempting to dictate very specific ways in which security has to be achieved, but rather one which takes advantage of the strength of the industry -- its adaptability, its initiative and its ingenuity -- by laying out a series of performance standards.  In other words, we want to say to the industry, look, here's where we need to go.  Now there are a lot of different roads to get there, and you can choose the road that best fits your particular type of chemical and your particular type of operation.  We're not going to micromanage that.  What we do insist, though, is that you get to the place you need to be, and we need to make sure that we then have the tools to verify that you've in fact reached the destination.   And the third principle I want to talk about is making sure that we reward those who have already taken the steps on a voluntary basis.  The fact of the matter is a cookie-cutter approach that says one size fits all actually penalizes those who are good corporate citizens in order to seek out and raise the level of performance of those few who are bad corporate citizens.   So let me turn first of all to risk.  I've said pretty much every time I get up and speak to a group that everything we do at the Department of Homeland Security -- whether it's decision-making, whether it's operations, whether it's planning, and whether it's giving money out -- has to be driven by the principle of risk management.  And to boil it down very simply, that means we've got to look at what are the consequences, the most serious consequences we face, where are we vulnerable, and where are the actual threats.  It requires us to recognize that it is a false promise if we tell the American people that we are going to give them a security blanket against every possible thing that could ever happen that's bad.  Life isn't like that, and our society isn't like that.  Our society recognizes that to have freedom and to have prosperity, we have to balance risk.  We can't be entirely pushed or balance on the side of protection, because then what we have is a nanny state instead of the kind of vibrant and economically efficient society which we all cherish in this country.   When we look at the chemical industry in particular, we recognize that there are business operations that run the entire spectrum of risk.  There are some small operations dealing with chemicals that, frankly, there wouldn't be much of a consequence if something happened.  I mean, there would be an economic consequence, but there wouldn't be a lot of loss of life.  For example, to the extent you talk about certain kinds of products like ink that are chemical, if there were a big ink spill on the highway, it's going to be messy, but it's not going to kill a lot of people.  On the other hand, we have to acknowledge that there are some businesses that do operate with chemicals that are highly hazardous -- hazardous either because they are capable of being exploded, or hazardous because if inhaled by humans, they could cause a very toxic reaction.   Therefore, as we approach the issue of regulation of the chemical industry, I think we have to tier the industry.  We have to recognize there are different levels of risk for different types of operations, and we have to focus what we demand, in terms of performance and in terms of security, based upon the level of consequence that we are concerned about.  That means we are not going to take a mechanical approach to security, but we are going to look at these categories and treat each category as one that has to be approached with distinct considerations about vulnerability, including the capability of response and mitigation, and distinct approaches with respect to threat.   Once we have tiered the industry into these separate categories, and recognizing that the most significant security restrictions have to be placed on those where the consequence is the greatest, we have to talk about how we actually get to where we need to be, in terms of security.  And again, as I said, that means not specifying you have to have a certain number of fences, you have to have a certain number of guards, they have to have a certain kind of weapon; but rather talking about what is the outcome we want to achieve.  What are the kinds of capabilities that these chemical companies have to have in order to reduce the risk and reduce the vulnerability?   Now we measure that in a lot of ways.  We can talk about different kinds of attacks we are concerned about.  We can talk about response times that need to be in place to make sure that we can mitigate if an attack is successful.  We can talk about degrees of protection against certain kinds of attacks that should be incorporated into the physical structure of the plant.  But whatever category we're talking about, the critical thing to do is to make sure that we are clear about the outcome and performance we are looking for, and not to get into the business of telling those who operate the individual plants what is the best way to achieve those outcomes.   Now that doesn't mean we're going to be naive, or that we're going to simply take a company's word for it that they've achieved the results that are necessary.  But what it means is we will allow companies, I think if we're sensible, to devise their own way to get what needs to be done actually accomplished.  To put it in a vernacular, there are a lot of ways to skin a cat, and we're going to let chemical operators figure out the right way, as long as the cat gets skinned.  And I've probably offended some animal rights people by using that expression, but you understand what my point is.  We have to work with the ingenuity, and we have to recognize the superior knowledge that every business operator has about the way his or her own operations can best be assimilated to security.   The third thing we have to do is recognize a lot of work has been done already.  A lot of companies have put into effect the kinds of processes that will enhance their security.  And that means we have to validate that, but then allow these voluntary measures, where they meet the requisite standards, to substitute for what we might otherwise mandate.  In other words, if a company has done the right thing and gotten to the right place on its own, we shouldn't make them redo it because we