June 19, 2002

The Honorable Tom Ridge
Director
Office of Homeland Security
The White House
Washington, D.C. 20500

Dear Governor Ridge:

We are writing to express our support for the efforts of the Office of Homeland Security to coordinate a comprehensive and consistent approach for assessing threats and vulnerabilities posed by potential terrorist actions to America's critical infrastructures and manufacturing facilities. These include both publicly and privately owned assets that are integral to the delivery of telecommunications and information technology services, the production and distribution of energy, and the delivery of safe food and drinking water, as well as manufacturing facilities that may be targets of potential terrorist actions. We are also writing to express our continued concern that sensitive information regarding potential vulnerabilities of these critical infrastructures and facilities are fully protected from improper public disclosure.

The Committee on Energy and Commerce has jurisdiction over telecommunications, energy and power generation and distribution, the food and drinking water supply, and other critical assets, such as chemical manufacturing facilities and nuclear power plants. The Committee has been actively overseeing the Executive Branch's implementation of Presidential Decision Directive 63, Executive Order 13288, and Executive Order 13231, which set forth the framework to assess vulnerabilities and develop a national strategy for ensuring the security of America's critical infrastructures. The Committee also has requested that the General Accounting Office review critical infrastructure protection activities of both the Federal and private sectors, including a specific review of the scope of activities taken by chemical manufacturing facilities in response to the September 11, 2001 terrorist attacks. These reviews are currently in progress.

We understand that the Environmental Protection Agency (EPA) is considering a proposal to mandate, under the existing environmental reporting authority of the Clean Air Act, that over 15,000 industrial, chemical manufacturing, storage and treatment facilities located across the United States conduct vulnerability assessments of the risks posed to their operations from intentional acts of terrorism. While we strongly support the need to ensure that vulnerabilities associated with potential terrorist acts are assessed and that corrective actions are implemented promptly, we are concerned that the Clean Air Act was not enacted with deliberate terrorist actions in mind, and does not provide either the statutory authority or the appropriate framework for such assessments.

Committee Members have been meeting with private sector officials to encourage them to work with your office, the intelligence community, and state and local law enforcement to improve security at their facilities in order to protect against potential terrorist attacks. Potential targets of terrorism, such as large manufacturing and storage facilities, should be adequately protected, but we must ensure that vulnerability assessments are never allowed to be used as roadmaps for terrorist action. We must provide adequate legal protection for such documents to shield them from improper public disclosure, but that is a goal we cannot achieve under the environmental reporting provisions of the Clean Air Act. For instance, as part of the Public Health Security and Bioterrorism Preparedness and Response Act (Public Law 107-188), we enacted additional legal protections to prevent public release and added criminal penalties for improper disclosure of vulnerability assessments of the Nation's drinking water supply.

More recently, the President has proposed the creation of a new Department of Homeland Security that will handle critical infrastructure protection activities, among other matters. Given this new proposal, we recommend that, rather than having individual Federal agencies and critical infrastructure sectors develop differing assessment models and security programs, the new Department should develop and promote a single framework for conducting vulnerability assessments across the critical infrastructure sectors, including common standards for the vulnerability assessments, and Congress should provide additional legal protections to protect the vulnerability assessments from improper public disclosure. Based on our understanding of the President's proposal for the new Department, this approach is currently being contemplated, and we encourage you to consider EPA's proposal in that context.

We look forward to working closely with you and the President in order to ensure that our Nation is prepared to prevent, defend, and respond to terrorism and to ensure that America's critical infrastructures are protected to the greatest extent practicable from those who seek to harm our citizens and our national economy.

Sincerely,

W.J. "Billy" Tauzin
Chairman

Richard Burr
Vice Chairman

Michael Bilirakis, Chairman
Subcommittee on Health

Joe Barton, Chairman
Subcommittee on Energy and Air Quality

Fred Upton, Chairman
Subcommittee on Telecommunications and the Internet

Cliff Stearns, Chairman
Subcommittee on Commerce, Trade and Consumer Protection

James C. Greenwood, Chairman
Subcommittee on Oversight and Investigations

Paul E. Gillmor, Chairman
Subcommittee on Environment and Hazardous Materials