business records by the telephone company. the content of the phone call is never subject to the third party doctrine is not kept or stored and even though you use it to provide that content, putting your stuff in the cloud, amazon which provides cloud services doesn't care or use or do anything with what you put in the cloud. so that would continue to be protected. that was truly business records of a third party and what is being stored boy a third party might be a line that can be

drawn. >> there two different private sector models. the model that has been'2g endod by the president and the subject of congress said telephone companies will continue to keep the meta data as their own business records and they will be approved fromyl7 obtaining t from the telephone companies. there was an alternative proposed that -- it's important to understand what the program was essentially was with them inquiries of it based on reasonable suspicion that they were associated with terrorism. what they are moving towards now is making that query of the

telephone companies. the intermediate model was let's give the bulk meta data to a third party who would hold it and have the government have the ability to sending the queries. i don't think there was any substantial support for that both because it creates a new security program. you know how it held with somebody else and it didn't seem to provide substantial privacy protections. >> let's open it up now for questions from the audience so we will have plenty of time to allow each of you to ask anything you might want to ask on any of the subjects we ñ any of the subjects we >> i just wanted to poke the bear a little bit and challenge

that line of use. for restricting the use of data and where that line is drawn. what would be your response to the challenge that you really can't -- it's not really voluntary for an individual to provide meta data to a telephone f]mito62!i!f:qj

because what's reasonable depends on what the law is and what the rules are. we moved from the model to this new reasonable expectation of privacy. it may be time and i'm not smart enough now to think of what the new regime would be. privacy that doesn't rely on the expectation of privacy. if you are rejecting the third party doctrine, you are allowing people to expand the scope of your home. they can use the tools to get

rid of the doctrine. >> it is not necessarily the consent question, but the wealth of information that is provided. the court was looking at discreet records and telephone calls made. there was not a sense that everything we do is in some ways can be recorded by a third party. that's where i think it's relevant recognizing the wealth of information available and that information is provided to a vird party. even though it was not specifically about a third party issue, the reilly case puts

pressure on them and my view is it should force the court and others to think about drawing lines. i was interested to hear the panel's thoughts on the use side as well as adequacy of safe quarters and efficacy this was

something we had to deal with. this was to facilitate information sharing among the agencies. basically with respect to signals intelligence, you can share products within the intelligence community according to the rules that govern the intelligence products. they were working on a set of rules to allow they are subject to the rules that govern that agency. the protections follow the data. as i said earlier, there is no indication that the rules had been ineffective.

i think what the argument has been is people think the law shouldn't allow what the law does allow. not that we don't have effective controls to enforce the law as it currently exists. it it were to go away completely, would that mean that local police would have to get pens which i don't think they have to do. >> as a 30 party doctrine, there is a host of others that may takes it place. there is a special needs doctrine that said if the government is engaging in non-law enforcement collection,

different rules apply and you don't necessarily need suspicions to engage in other activities. there is the possibility of the special needs doctrine that would expand to cover other activities that are taking place. there is a possibility of that. there is a host of other doctrines that may takes it place. that would require them to have an articulation of what the government's purpose was balanced against an evaluation. that doesn't happen when you invoke that. if they found interest in the movements with the arguments that scalia tried to look down the road and foresee some of

those unintended consequences, would that mean that would they have to get a warrant if they did it for a month. that was deemed to be you don't have injuries and a privacy interest in that. there concurrences that suggest how easy technology made surveillance. scalia awe the problem, but a

lot of cars have data and we collected about the feed of where that car was going. they would have similar issues they had with the meta data. there will be a change. it won't be overruled. penn registers will be penn registers. there might be limits or recasting largely because these are older doctrines and a lot of consequences from repealing it. >> the national security council with the project here in d.c.

the government would be in a special advocate president with the private and civil liberties interest. i think the president supports the idea of a special advocate and that comports the fisa court processes continuing to work whether they change in any respect as a result will remain to be seen. there is a few within the branch that a special advocate

construct will not unduly impede the operation of the court. >> do we have time here that the other panel did. >> i have on the tip of my tongue. i have thoughts on the classification and how that affects the debate between the

privacy and security. >> can you explain what you mean? >> i forget who actually said it. when you classify everything, you protect nothing. i'm curious to see once the information is collected, how is that categorized and how does that affect the argument between being able to achieve both privacy and security concerns? >> the classification is an independent concept from collection. an executive order of when you classify information and it depends upon the impact of national security. obviously the more highly classified information is and the more it's protected and the

more you can share and make use of it. the classification is a problem. i think for a variety of reasons, there a number of reasons there incentives to classify rather than not classify. it does not affect any desire to cover up problems. it's a series of bureaucratic incentives that push people to classify things. i guess the protections for privacy that exist are a different category from classified information. >> i think over the last year since the edward snowden

disclosure first came out, it's that there is a problem and a challenge i should say between the transparency you need to describe what it is you are doing and ways to make the american people feel good versus your concern about protecting how you do things. if you are too transparent, the bad guys know how to hide. if you are not, the parade will come up in people's minds about how you are acting and can take over and prove tell us. i was there for part of it. a move by many was in the intelligence community to try to increase the amount of transparenty about what that community does. that's running against the

culture. there security reasons you don't blab about what you do. the lessons in two years are to a much greater extent than in the past, the intelligence community would benefit about what it's doing and why. that's easy to say and hard to do. >> do any of the panelers have comments on the usa freedom act that is pending in congress and the differences between the house and the senate version of the bill? one of the questions related to the prostlagz is not in the house bill, but the senate bill regarding special advocate to be present before the court? >> there was a provision in the house bill that is different in the senate bill.

the house bill also had -- it's not and there differences, but the concept is the same. >> so bob is speaking and expressing a preference for the senate bill? >> no. i would not favor one house over another. i think that either of the two -- there probably will be in the near future9jr7y a statemenm the administration about what the view is on the legislation. i will probably let that come. >> i wanted to go back to the

question raised about ane issu that we haven't have with the interconnectedness of databases. just as one example that is not from the surveillance context, the no-fly list.

there was a recent ruling out of california in which there was a woman placed on the no-fly list by mistake. the box that was checked, the wrong box was checked. according to the court's review, that was discovered after that and it took time before the relevant databases, all the information was cleared from the databases. that's one of the underlying concerns and issues that motivates some of this debate and discomfort among the the people about collection and about the sufficiency of even the best use protocols with the best instances of mistake and the consequences for real people. >> in the fisa context, we actually have very stringent and effective rules in that regard. for example, under one particular provision of fisa, we are not allowed to target either

the u.s. concerns or persons who are located within the united states. sometimes it happens that we think somebody is not a u.s. person and we discover oh, my gosh, this person has a green card. we didn't know that before. you have to report it to the fisa court and durnlg downstream reporting. all of this is overseen within the government and reported to the court and reported in summary fashion each year to congress. it is possible to get rules and procedures that do protect against these mistakes. >> i want to thank our panel for sharing their thoughts and wisdom and thanks to the audience for participation. i understand we now are going to

break for lunch and bring our lunch back here. be ready for the next presentation. thank you very much. >> in the next panel with the security forum, the director of george washington university's homeland security policy institute talks about the status of current and emerging homeland security threats around the globe. >> ladies and gentlemen, i'm going to get us back under way. many of you are finishing your lunch. please continue and we hope that people in the hall way can rejoin us. be as quiet as you can. let me reconvene our program at

1:10. we are fortunate to have the next speaker as the post lunch speaker to discuss current and emerging threats to meet the challenge. one only has to read the newspaper or watch television to appreciate how important this support has become again. america's memory is short, but hopefully people that work with the director and the homeless institute have long memories at the george washington university where the tell us institute is located. frank is the speaker and frank is the associate vice president at the george washington university. i'm sure he is a leader in many other regards with george washington. frank is routinely called upon to advice senior officials and the executive branch of u.s. armed services on a variety of

national homeland security issues. no one has a broader vision of homeland security i remember frank from the early days of homeland security and he was one of the closest advisers to secretary tom ridge as the department was being stood up. he served in office at the white house called the office of homeland security which was a really small shop. it grew into a $40 billion enterprise. before the white house was involved, literally i could go on and on about his background and resume, but let me now introduce the next speaker.

frank? >> thank you for that overly kind introduction. if i were to introduce myself, it would be a bumper sticker. he who displays varying degrees of ignorance. the environment we are facing today plays to one of my strengths. to a add. if you were to close your eyes and have a map in front of you and point to any place on the map, in all likelihood you are going to fall into a bull's-eye of a crisis that we are facing right now. i'm going to spare the lawyer joke. i can tell you one thing. i like lawyers behind me to be in front of all of you. that's threatening, but i have

the greatest respect and association for what the bar association does and what joe does and jim turner and what all of you do to advance the security. many others. we have done great work and you continue to do great work. our country needs it. what i thought i would do, close your eyes and point to anywhere on the map. whether it's the ukraine or crimea or pyongyang or whether it's what's unfolding in syria and iraq, whether it's where you see vaflt, vast territory under the control of islamists and foreign terrorist organizations.

whether it's the ebola outbreak in africa and whether it's cyber threats. the reality is unfolding and feels like it's unfolding quicker, faster and more dangerously than ever before. i don't know if you had an opportunity to read general flynn's interview, it is well worth taking five minutes to read his views. it is the head of the defense intelligence agency and the take away. i ask to you read it. this is one of the most dangerous times in his lifetime in terms of an era and threats and compared it perhaps to world war two where you had the most evil manifestations of what humanity has seen. it is worth looking at. accelerating all this is the speed and the connection of

technology. whether it's social media. if you see how effective social media has been for the adversaries to recruit individuals, look in syria and iraq. you have a surge. you have 13,000 foreign fighters joining the ranks of organizations in the area. these are big numbers. when you are talking about foreign fighter, at least 3,000 of which are westerners. that adds a new level of concern. these are individuals and they speak our language and they know the targets and know everything about us. many of these people return. perhaps we don't feel the full effect of what it means right now, but years from now, i think

you will see it manifest if dangerous sores of ways. if you look at the environment and try to understand that terrorism environment, it does come in various shapes, sizes and forms. how effective of they? they have been eclipsed. that is the wrong set of questions. it's a conflation of many, many organizations that are going in an out source model and they are open source where they are working with, between, and among. they are seeing conflict zones. you can't fully straight them from al qaeda and what you are seeing unfold in syria and iraq. you are starting to see individuals who are being talent

spotted who can be turned around. sent back to the homelands because of the familiarity and because of their recognition of the region. we did a major study in 2007 i want to say. maybe 2008 or 2009. army exactly. look looking at the trends and trajectories, at that time we started looking at that largely because of one particular case. does anyone here remember that case? this was a naturalized american who went to afghanistan. his intend was to fight alongside taliban. he was intercepted and curned around and said you are a much greater value. he was behind the spot. a sinister plot to suicide and homicide bombings on the new

york subway. this was the time our country was blinking really red. he got further along than any of us feel comfortable with. in part because we didn't have the sink ronization and integration we strive for in federal, state, and law enforcement. they materialized in denver and made it to new york. they were looking for the holes. we did analysis on this. the simple take away is they are nothing new if you go back to afghanistan. the first fight with the soviets, there were a number of westerners fighting alongside threats in that region as well.

the numbers are growing in terms of scale and the speed is quicker and the demographic is changing and many are coming back to the west. when you look at even the al qaeda threat, i think everyone would have liked to say dingdong the witch is dead and let's worry about all of our challenges that are facing our country. our economic situation and everything else we struggle with on a daily basis. the reality is the threat was not dead. i think part of that is getting to the recognition and understanding that it's not about networks or organizations alone, but the ideology. to paraphrase bill clinton, it's the economy and it's the ideology stoop. it's propelling the organization and fueling the organizations and quicker and faster and resonates with the percentage of people around the world. i think that should warrant a

lot of concern. we need to continue to push the envelope, but we need to recognize that until we address the ideological underpinnings of the threat, we will have tactics with the strategy. we will have to under mine and help facilitate and attacking it. that is being filled today. why africa. these are un and under governed spaces. they are afforded the time and ability to maneuver and plot

attacks. i think one of the challenging issues we have tried to address, taking drones. probably not a good topic in front of a bunch of lawyers, but i would rather the enemies look over the shoulders than giving them more time to plot, execute and maneuver and recruit and engage in terrorist activity. is it the panacea? absolutely not. is it an important instrument? yes, but it has to be coupled and combined with other,o];q2z instruments that we are not that comfortable as a country or a world. that's something we need to worry about. isis. if you look at the tragic, tragic news in recent days in terms of the beheading of an american, this is part of their narrative. the narrative is to say we

should be afraid and continue to engage in this sort of activity. i would va advice no one to watch that video. in a way we are giving them the oxygen they look for and seek for to be able to fulfill those objectives. that said, we can't ignore this particular issue. i hate to say it, we will see more along these lines. this is what zarqawi was doing. he was terrorist number in iraq. he ran al qaeda? iraq. he killed a number of wedding goers and family members.

that was a lot of besidings and videos and ultimately it didn't sell in the way he was looking for it. it did for a small percentage, but not overall. they were sending notes suggesting that this is too violent. we are never going to be able to win the so-called hearts and minds they were trying to in their obscure and twisted kind of way. i'm not sure that has staying power. the cycle is so fast now. they are looking for look at them. if you are to believe what you see, you have 500 brits fighting alongside isis and other terrorist organizations in both iraq and syria.

they got up to 100 americans fighting alongside. the thing you have to realize is terrorism is a small numbers business. we can't afford a small member of incidents because it has catastrophic impact. especially in terms of threats to the homeland. even the foreign fighter issue aside, if you look at isis, it's arguably the most funded terrorist organization in history. they robbed banks and have oil fields. someone is buying this. i hope that's where we squeeze that. they have a sense of momentum.

most importantly they have safe haven. they turn the cannons away in terms of the threat there looking here. unless we can ramp up the activity. that's why i support air strikes right now. i don't see better alternatives. the threat level had dropped. right now i think that's not to suggest we don't have more capabilities, but in terms of intent and numbers, we have to take it incredibly seriously. in terms of the actual counter terrorism state craft tools we need to bring to bear, it is about addressing the narrative.

there great programs that people are not aware of at state department. the other entities or forward-leaning in terms of pushing back. even using humor to defeat the resonance of the adversary's message. i think we need to do a lot more. in terms of other safe hachs, obviously mali is that warrants great concern for a lot of folks. the french deserve a lot of credit for how they -- i never thought i would say viva la france in a national security sense. even in a counter terrorism standpoint they got in front of what was going to be a much greater threat in terms of immedia immediacy. that doesn't last forever. how do we start addressing the

issues? nigeria, this is one of the most gruesome organizations and most brutal and barbaric in terms of iraq. you want to turn off the and stop reading your twitter feeds. you want to stop reading the newspapers. it is a gruesome organization. you have people being killed eye regular basis. you are seeing vicious ied campaigns in the region. you are seeing swaths of girls and now boys being kidnapped, for what? for try to be human. for trying to be part of society. i'm not sure to get our arms around that, but we have to build it up because we can't do it all. boots on the ground should be the last option we ever have in the places. light footprints, yes. heavy footprints, not so much.

that plays to the enemy's narrative and quite honestly as much as we can deal with counter terrorism, we will never kill and capture our victory alone. it has to be followed up with the solutions and the like. there has been good news, but i'm not sure it's beginning to fade. here you also have a very vicious terrorist organization that can easily and the community that has been least integrated. and we are not out of the woods there either.

that would have been the most dangerous. and we have a lot to worry about overseas. what is new is old and new is old. russia is back. we need to start thinking about what all of that means a& when started to work the issues in the 90s, we were worried about state sponsored terrorism. it's back. whether it's ha mazz or hezbollah or awe tonnuous

organizations or whether it's russia in terms of what you are seeing providing some plausible deniability using theirs, that's how they attack through cyber means and starting to see it now through physical means. that's why they have greater concerns. they have nukes and lots of them. those can be game changers. they have to be careful in terms of how we engage the issues. as brutal and gruesome as terrorism is, when you are dealing with a nuclear threat, that can be a game changer quickly. obviously you have biodefense issues. that perhaps if i were to look at from an instrumentality perspective, the area we have done the least amount of work that we ought to do more. whether it is natural outbreaks

and disease or whether it's foreign terrorists or nation states engaging in warfare agents. these are the gifts that keep giving and the things that can be game changers and tipping point types of threats. we need to be cognizant of. we have a homegrown threat. that comes in various stripes and forms. i think here we are going to be traveling overseas. they are going to stay off the screams and still be significant and real threats. a long winded way of saying he ain't out of the woods, but i think there is potential for optimism here. a lot of this is coming at a time where americans' trust in government is at an all time low

so we have to engage in the instrumentalities and maintain that balance because we don't want to tip it too far, but at the same time we need to acknowledge and not wish threats away. this is possibling up most of my time, we are at a very early stage in recognizing the threat and what it means. we are not going to defeat cyber. wing going to use cyber to achieve objectives. whether it's on the radicalization side or computer network exploit. if you are using that as a weapon to be able to attack.

we are not seeing it out of the field idea. it's a more sophisticated attacking and a computer network exploi exploits. we have to get a little more clarity in terms of what we mean or most concerned about. if we were to rack at the top of the list, it would be the russias and the chinas. by and large, their intent unless escalating in this situation is not to take down an attack system unless they are threatened. something happens in the gulf, maybe that will trigger

something. maybe that will force the russians to it matters. those are the jobs. that's the intellectual property and the imagine that keeps america going forward and it is vulnerable and susceptible and stolen at huge amounts like that. if you are in the chinese minds, what would deter you from not? if you look at the post discussion, all of this moral equivalency. you engage. i'm shocked there is gambling going on. we are not engaging to support

apple or ibm or ford or any american company. the difference is there you have national assets and resources being engaged and used to benefit companies. that's an unfair playing field. that's not a playing field anyone should want to play on because then it gets to the very core of who we are of who america is as a country. to me that's a market place issue that needs to be addressed. i am optimistic we can get to those solutions. take the russians and the chinese. are they going to continue to look to space and the internet of things? i can't separate what is physical and cyber anymore. they are one in the same. but who are the countries we need to be worried about from a national security immediate perspective and attack perspective. that's iran.

that's north korea. what they can engage, they can try to engage through cyber means and quite honestly they are. they are attempting and doing the equivalent of intelligence on the battlefield and even a company like city or bank of america, they were not built to defend against the states, we can't separate what is the government and the private5+-j) sector. if i were to tell you who am i most concerned with, it would probably be the government of iran through proxies like hezbollah or other proxies they are using. the russians are doing this every day. and it does provide that plausibility deniability. the smoking key bores are hard

to find. i don't know who is behind that keyboard at the time. we are getting better, but by no means 100%. finally you are starting to see. criminal enterprises with capabilities that used to be in the hands of governments alone. these are largely russian-speaking criminal enterprises. i mean, just look at the target hack. that's what you're seeing, that's what you're read iing. if you think that's the only thing going on right now, i'm glad it opens up people's eyes and puts some ownership in executives to address the issue, but they are the ones that got caught. if you think they are alone, think again. the reality is that those that have been hacked are those that are to be hacked and those that aren't aware that they have been hacked. so to me when you're starting to look at some of the corporate

priorities and some of the business challenges and executives, cybers at the top of the list going forward. if you're looking at it from a national security standpoint, yes, from a foreign counterintelligence cyber is high, but you need to be concerned about those engaged. bottom line is we need to use a little more claire uty and precision when we talk about cyberer. and right now if you were to pick up a newspaper, you wouldn't be able to do that. are there going to be cyber drive by shooters, absolutely. are they going to cause harm, yes. but it's not the same as a foreign nation engaging in an attack. will foreign terrorist organizations turn to cyber? they are trying. i'm still more worried about kinetic attacks because that fuels their recruiting that has visuals. but are they going to engage in cyber, absolutely.

and if i were to have to take worst case scenarios, it's the convergence of physical and cyber. it's a multiplier to a kinetic attack. that's what we need to be worrying about going forward. all that said and done, i really don't mean -- i think -- i know it was yogi bah ra who said it was the future -- the end of the cold war, threat forecasting is made astroll ji look credible. to shape it. and i feel like we're in react mode. we're tired. we're reacting to crises everywhere. we need to be in the business of shaping the environment and, yes, i'm a proud american to our national interest. and then do so in a way that's

collectively beneficial for society. i'll leave it at that. i spoke way too long. i want to engage in any sorts of questions, but thank you. [ applause ] do you have any questions? >> when you were. talking about france having citizens and great britain having citizens and the french going into mali, can we count on our western allies at all to come in and help us? my big concern is the land grab going on. now there's a home base. >> that's a questigreat questio. i will tell you when it comes to the five i's, there's no sunlight. yes, we can count on them.

do they have the capacity and capability is another question. i do think that they have a lot of capability and they are one of our closest allies and if they have something they will provide it. quite honestly the brits are probably upset with all the leaks. it stymied some of their capabilities. in terms of the french, that's a complex -- because as happy as i was in terms of what i saw in mali, and by the way, they went against all indigenous polls, there was less than 20% support at the time of french engage me ment. he went against the polls of his own country. . that said they are still selling stuff to the russians. is that state sponsored terrorism taking out civilian airlines? i don't know, good question. . i'm not very happy in terms of what we are seeing.

who is buying this oil? that should be the sets of questions we need to be asking. once you dry up some of their funding well, obviously, you minimize their ability to project power and deploy forces in the same kind of way we're seeing right now. so when you start looking at our allies on counterterrorism issues, i think u.s./france has been a strong partnership. perfect, no, but the politics of it all doesn't really affect the ops. it doesn't affect the relationships on the ground where it matters. because we both have great interests to address these issues. but it was also a frenchman that came back and shot up people at a jewish museum. i mean, that was the first indicator that you have foreign fighters coming back and engaging in terrorist activity.

so i am very concerned if you look at the numbers of brits that are fighting overseas. even before isis, you saw a number of brits from southeast asia joining up with al qaeda and the arabian e peninsula, which kind of confused me. the way the brits security folks would explain it was they knew the authorities were on to them if they kept traveling it to pakistan. they go there and come back and have the same street creds to their audiences. we have to make this stuff not cool. it's gruesome. it's awful. people die u. yet there's this cool factor that's triggering some of this in their twisted little world. so bottom line is with the brits, i have every bit of confidence what they can do, they will bring to the fight. they have actually been -- other than russia, i would like to see

them get a little stronger. but i think they have been a good partner. in terms of counterterrorism issue, i'm optimistic that our relationship with france is strong. now the question is can we get our arms all around this. the belgiums there are fighter. are they a friend, absolutely. but do they have the capacity to get their arms around this. and let's be serious. us, do we know everyone who has gone overseas? did we know the numbers until we started seeing some of them on the battlefields? probably not. >> okay, thank you. >> thanks, frank, for an excellent presentation. basically two questions. first has to do with the efficacy of counterterrorism

measures. or the preeminence of the lack of adequate measures against that. that's one question. what's your state on the efficacy of implementation. secondly, a post nato withdraw in afghanistan, what threats do you see to our allies as well as the homeland. >> those are great questions. i apologize i didn't bring up afghanistan. let's not make the same mistakes we're seeing right now in iraq. that's a longer set of questions. and i'm not making a political decision on whether or not we should have huge boots on the ground, but there are measures short of that that can be taken, must be taken and we can't take our eye off that ball. that vacuum can be filled really fast. and by the way, i also neglected

to discuss when i mentioned the fata region, many others, these are the bads of the bads. and if there's one sense of optimism it's that they are looking a little bit over their shoulder. if they stop looking over their shoulder, they are going to be using that time unfortunately not to our best interest. so in terms of -- and your first question was on the financial side. you know this better than. i do because i think you teach a course looking at some of the finance-related issues, but it's not just countries. it is individuals. and when we can get the precision to be able to address those matters, they are effective. you do have individuals that are

fueling some of this. some of them in so-called allied countries so i am concerned about some of that. but in the isis situation, they don't need that. that's what makes it that much more frightening. they've got the oil. that's very different than what we have seen in the recent past in the past decade of so-called long war. we haven't had a very wealthy, open ability to maneuver in daylight organization. you have that there. it's well financed on their own. it's well armed. they took the technology. they took the weaponry. it's heavily armed. unfortunately, they have a lot of training experience based on their activity. so they are heartened. and they are adaptive. we tend to think that they don't

learn. the reality is they do learn. and they become more resilient and adaptive based on recent history. that's something we always need to stay ahead of the curve. i think that's all instruments of stay craft. >> thanks a lot. [ applause ] coming up in an hour, the house rules committee will meet to take up two bills before they hit the house floor. one would restrict the epa's attempt to define which waters it regulates under the clean another condemns president obama for not giving congress advanced notice of the bergdahl taliban prisoner exchange. we'll bring you that meeting of the rules committee live at 5:00 p.m. eastern here on c-span 3.

sglrvelgs now a look at the homeland security's where an antiterrorism standards. discuss issues arising in the security-focused regulation under those chemical facilities that are deemed to be at the highest risk of terrorist attack or exploitation. before i get going, i want to

apologize if my speech is difficult to understand or slurred at points. interesting thing happened it to me a few weeks ago when i traveled to the discussions on chemical security, i got on the plane with a sinus in. fection and got off with a facial nerve paralysis that is temporary. so there's a bit of mumbling, not much blinking or smiling, at least on this side of the face. but note i am smiling on the inside. especially talking about the program and that is exactly what we are here to discuss today. we are here at a very exciting time in the history of the program. we have working with our stake holders made significant forward progress having gone from not having approved a single facility site security plan or

ssp as of security plans having granted final approval to more than 1,000 of those plans and conducted 1,500 inspections at the facilities. congress taking note of this forward progress is now considering long-term authorization of the program, which would go farther towards providing a stable platform for continued success while affording our industry stake holders the certainty they deserve as they contemplate making investments. we published an advanced notice of rule making. developing the next generation of the regulation. so both long-term authorization and maturation are sited in report to the president

outlining the path forward for implementation of executive order 13650 on improving chemical safety and security. the title of that report was a shared commitment and as with all things related to chemical security, implementation of the program has taken by in and effort across a numb of different communities. as my boss noted in this morning's keynote address, security is not something we can achieve through option at dhs. this is very true. a great deal of work across an array of groups has gone into fos fering the success of security plans to industry associations and attorneys who have helped us to spread the word about the program and to identify potentially regulated entities to members of congress and congressional staff which who have championed authorization of the program. i'm delighted to be joined by pan

panelists who will provide thoughts and perspectives on the program from each of o these perspectives. first, we have todd clesman, starting closest to me. one of the true pioneers in development of cfats program. todd serves as the technical authority on the regulation and on the secure handling of ammonium nitrate act and responsible for providing advice and counsel in my role as director of the office. todd including as the branch chief and as acting deputy director. todd has been working on chemical security issues since april of 2004. during that time todd has served as a member of the original chemical security task force tasked with developing the cfats

program. the first national strategy for securing the chemical sector. next to todd, we have elizabeth o'neill, who is the senior manager of government relations at chemical manufacturers. she has responsibility for the chemical security and chemical security fort foal ya. she works on a variety of safety and security issues include iin the chemical program. she represents the chemical sector and chair of the working group for the implementation of the summit which just occurred last month and that is a tremendous event annually if you have the opportunity to be there and many of you have been at that event. she previously managed government relations at the national association of chemical

house and senate. she holds a masters of public affairs. todd also as well as law school. the university of michigan law school. elizabeth has played a huge role in advancing the cfats program on ideas for new tools to help prepare for-n authorization inspections, a product titled what to expect when we're inspecting. so just another plug for cfats-related products. next we have joan o'hara, who is the acting general council for homeland security. joan joined the security as

council in august 20111 providing legal analysis and advice on numerous questions involving domestic and international law with a special emphasis on civil rights and privacy issues. in december of 2012 joan was promoted to deputy chief council in june of this year. as acting general council she helps to overdee the implementation of the legislative agenda and lead attorney for cfats. she also advises mike mccall on all homeland. security-related issues. prior to becoming a lawyer, joan spent more than a decade in professional athletics. she was a resident athlete at the u.s. olympic training center in san diego where she was a scholar training with the rowing team and became the u.s. national champion in the single and quadruple skulls. she began her career as a coach. she was head coach at wesley college leading them to a championship bid and number one

national ranking. and head coach at san diego where she was named west coast conference coach of the year. joan was born and raised on long island, new york. she holds a masters degree from san diego state university as well as a bachelors in art history from loyola college. joan really has been the driving force behind the push to get cfats authorized on a long-term basis, something that will be hugely important as we continue to move the program forward. finally, we have evan wolf, no relation, but evan is a partner in washington, d.c. office where e he helps lead the privacy and

cyber security practice. it focuses on privacy and data security including regulatory compliance, safety act, corporate international investigations, corporate compliance in government nance cyber security and environmental audits. he has significant experience in the area of infrastructure protection prior to entering private practice, he serves as an adviser and was involved in the development of dhs. previously he held the position of homeland security project analyst to the mooider corporation. evan serves on the external advisory board, the national security task force and is involved with the aba and is the co-chair of the homeland security law institute and senior adviser to the committee on law and national security. so evan has in past years

organized this panel and graciously invited me to sit on the panel. somehow this year he's managed to trick me into moderating. we'll see if he pulls that off again next year. in 2011 evan was invited to serve as member of the aspen institute's homeland security group and he serves as the senior negotiate for homeland security countertism program. at the center for strategic and international studies. so without further delay, i'm going to turn this over to our esteemed panelists for their remarks going in order starting with todd. >> thank you very much, dave. as the first person with the joy of speaking about cfats today, i thought i would give some background on how the program works. i recognize a handful of faces out there so this is going to be redundant for those who are almost as well verse d as the

panelists r but i want to make sure everyone els what we're talking about as a program before e we look at our future priorities. as dave mentioned earlier, this is our regulatory program for the department focused on security at high risk chemical facilities. when the department was given this authority, one of the things we decided to do was rather than try to define a chemical facility, we wanted to look at the chemicals that present the risks at these facilities. we started instead of defining that term by developing a list of 325 chemicals, which if presented in certain quantities could cause risks either through off site e release itself or theft and diversion and used elsewhere in the communities. any facility that possesses an amount of these 325 amount of interest is required to submit information through an online assessment. now the top screen is a fairly simple online tool asking for basic facility information.

typically things like the name, the owner of the facility, where it's located and most importantly what chemicals of interest it has on site and what quantities and depending on the material how that's stored or where that's stored. based on this information, they are able to make a quick determination whether that is likely to present a higher risk. because we're focused on the chemicals and not the type of facility, the community is broader that what folks think of chemical facilities. it includes not only manufacturers, warehouses and distributors, but also things like colleges and universities and hospitals. so part of our challenge has been reach iing that broader audience. now for those facilities who are initially determined to be high risk based on that information, they will receive notification that you are a high risk facility and e we ask those facilities to submit an assessment. these are resource intensive, provide more information about

the facility, the materials it has on site, how it uses it in process, some information about potential vulnerabilities and mitigating measures and we'll use this to make a final determination regarding whether that facility is high risk. if either from the top screen assessment, we make a determination that a facility is not high risk. it will receive notification it is not part of the program and done its obligations unless it makes a modification or change to its holdings and thus we ask it to provide updated information to e reassess the risk. for those facilities determined to be high risk, they are the lucky ones who get to do a site security plan and submit that to the department and implement the plan once it's approved. the process that is used as we have developed a group of 18 risk-based performance standards, which cover all aspects of security. they look at some of the more

fundamental principles such as cyber security, personal security and also the administrative aspects of security such as training, recordkeeping, organizational structure. but because it's performance based, the facility has to propose how it's going to meet these standards. you won't see anything saying you have to have a ten-foot fence with barbed wire. in essence the facility can build off of what it has already done. it has the choice of the specific risks associated with the facility. they will submit the plan to the department where it will be reviewed. we issue a letter of authorization. following the letter of authorization, we'll send a teem of inspectors. we have 100 inspectors throughout the country. they will spend two days on the facility going over the plan and making sure that now they are seeing it in person that the plan is commensurate to the level of risk presented by the

facility. if at that point in time the plan looks good. the facility will receive a letter of approval. that's a golden ticket, you're in compliance with the program. at that point in time, it is the facility's responsibility to continue to implement that security plan going forward and pure yodically the department will verify that. dave went through some of the statistics. we have 3,300 facilities. so going forward over the next will be continuing to work with the facilities to get them through the authorization inspection and approval stage. we're currently working at a pace of 120 authorizations a month with 100 or so inspections a month and 80 or so approval. so we're looking at a two or three-year time frame to get through the remainder of the inspections. over that time we'll be transitioning to a core focus of compliance inspections. we started those last year.

we have done close to 50 or so to date. but our prime focus will still be on getting those facilities to the approval stage for the next couple years. now beyond just implementing the program, which obviously is our prime mission and reason for being, there are a number of other things we are focused on. they are going to be touched on by the other panelists. i want to point out a couple of the ones that will be taking a lot of our time and attention over the next year and beyond. the first with dave, the long-term authorization. initially we provided a three-year program. and it has been reauthorized on a basis on the process. . why there's never been fear it will go away, it provides instability for departments long-term planning and regulated community. a lot of times they are going to have to look at three to five-year budget periods when looking at improvements and

stability to know the program not only is not going to go away but still going to look the same many years down the road as critical to allow them through the proper planning and take appropriate action to address the security. so not only the department, i don't want to speak on behalf of the industry, but industry is supportive of getting long-term authorization here. the second thing that's going to be a priority going forward is working on improving the regulations themselves. even in the absence of permanent legislation. dave mentioned the first step we're taking is the advanced notice of rule making which was e released earlier this week. that's open for a 60-day common period. it closed october 17th and will be hosting a number of listening sessions across the country really soliciting comments. we did identify some specific areas that we're particularly interested in hearing from not only the regulated community, but stake holders at large such as the overall approach, how the process work, how the

nontraditional facilities are handled. the chemicals of interest list. should some be removed? are the threshold levels correct? definitions in terminology and the risk-based performance standards. so these arey3l some areas tha have received a lotç of feedba over the years. this is the first formal effort to take a look at the regulations themselves and to potentially enhance the regulation based on stake holder feedback. we encourage folks if you're interested in this program, take a look at the proposed rule making. . it's a fairly quick read. we really encourage public comment and participation in this process. now one of the things we're doing outside of the rule making process but is equally important and critical to the heart of the program is looking at our methodology and ways to enhance that process. over the past year, we have completed an external peer review with members of the private sector and other federal agencies taking a look at how we look at high risk facilities and

determine what risk they pose. the government accountability office also did an audit during that timeframe and received recommendations from the peer review panel and our hard at work developing a plan to address some of those recommendations. we expect to do that over the next 12 to 18 months and so that's one of the things we hope will provide some improvements to the overall program without jeopardizing the stability that we have built over the past few years. and finally although this is not cfats specific, it's the executive order that dave mentioned. the department is one of the tri-chairs on this committee and we're committed to working with all stake holders. not only our federal partners, but also the private sector in finding ways to more efficiently enhance and improve the chemical s safety across the country. just about a month or two ago,

we submitted a report to the prosecute which e detailed the progress since the issue went last year. more importantly it provides a road map for the anticipates we want to do going forward. as dave mentioned, the title of shared commitment, is not a government only effort. we're going to need to engage with the private sector and members of the other federal, state and local entities engaged. if we want to find good ways to be r more efficient on our approach. so that's another thing if you're interested. take a look at that report. there's going to be plenty of opportunities for engagement and involvement in the process. and i know we're going to be spending a lot of time working on it. we look forward to a good collaborative relationship on that effort. that's it from me. >> good afternoon, i'm elizabeth o'neill, senior management of government relations at the society of chemical manufacturers and affiliates. i'm pleased to partner with

these groups including evan wolf and my committee colleagues to engage in constructive dialogue on security today. for 93 years just a little bit about, we have been and continue to be the leading trade association representing the batch, custom and specialty chemical industry. our companies employ more than 100,000 workers across the country and produce some 50,000 products valued at $60 billion annually. from pharmaceuticals and construction products, they make materials that help make our standard of living possible. over 80% of members are small businesses. we ed a advocate on behalf of a industry that creates the building blocks of daily living and contributes to the betterment of society. regulators and stake holders in order to ensure the passage of

rational laws and regulations and abundant to save lives and enable the manufacturing of other products. all members are subject to osha regulations. virtually all are subject to epa regulation. but maintaining the security of our facilities has been a private for members. after the tragic events of 9/11, members did not wait for new government. regulations before researching, investigating and implementing security measures to address these new threats. under. the flagship environment health and safety and security management program, members were required to conduct security vulnerability assessments and o to implement security measures. a methodology was designed for batch custom and specialty chemical facilities approved by the center for chemical process safety for an effective

methodology separate. our members have spent millions of dollars and have devoted countless man hours to secure their operations and right now our member companies are 99% compliant in which we believe will continue to the foreseeable future. . we have heard an introduction today including an overview and program focus for the next year and will hear the legislative priorities in congress. from an industry perspective on the program, we believe cfats is working to improve facilities across the united states. and though there were initial challenges, dhs is implement in the program well. we have three priorities for cfats. first, the program must be given long-term authorization by congress fully supported by the administration. second, we can improve the program and will continue to work with the dhs through rule making and continue to monitor and press for changes for the methodology. finally, our industry is

significa significantly impacted by the executive order 13650, a priority for us will be to work with the agencies and whoous it house in months and years to come as government makes changes to build a stronger cfats program. while we believe cfats is working and dhs has improved in implement i implementing the program well in companies across the u.s., as a result of the chemical sector strong cooperation with dhs there's been 100% compliance by industry with requirements to submit svas and site security plans. cfats is reducing risks in a market-based way. over 3,000 facilities have changed inventories in ways that have enabled them to screen out of the program. cfats is driving facilities to reduce hazards, relying not on mandates but on the company's expert judgment to do so where it makes sense where it can be

done without reducing quality to some other point in the supply chain. we support the program. the program's flexible approach prevents against attack by ing the industry's ability to remain innovative and members have quite literally bought into the program. costs a lot of time and money to plan

we weren't certain that cfats would continue since it had been basically taken over by the appropriations cycle and had not be authorized. this was a concern for industry because they are investing money and resources in trying to come ply with the cfats scan. if you're going to have to make new investments. that wasn't good for industry. it also wasn't good for dhs, cho is trying to build on the framework that they had had in place to not have that certainty that the program would even continue was not helping them out at all either. noigs that, there seemed to be sort of like the top ten list of complaints and shortcomings about cfats through its history. and a lot of those, as i said,

were common. so i was hearing the same things over and over from a lot of different stakeholders. it seemed like a smart way to address all of these concerns collectively would would be for congress to authorize the program. not only would it provide the certainty and stability and give everybody a little bit of a sense of peace of mind, it would also provide congress with the best opportunity to make improvements in law. so we were obviously providing a lot of oversight and holding hearing hearings, providing guidance, writing letters, addressing all the problems we had heard. the most powerful tool that our congress has is to put these directives into legislation. so it seemed that it made sense to try and authorize the program, give it the certainty while including in that

legislation mandates to correct what we had been hearing and what we felt were some of the shortcomings to the program. so that's how it all kbot started. and i have worked very closely with elizabeth and a lot of her colleagues as well as with dave and his team and we felt the time was write for this authorization to sort of put our faith in dave's team to get this program on track. they had come in very eager to make a lot of improvements and had been showing us that they were serious about it, demonstrating improvements consistently. e we felt like this was the right time to give them our confidence and hep them to make corrections but to continue to build on the momentum they were generating. so the process is something that i dpo like to talk about because i find it very encouraging. we were very collaborative in getting this done.

everybody who was a stakeholder whether it was dhs, the regulated community, other committees in congress with shared jurisdiction over this program, everyone came to the table and shared their ideas and their concerns and what we tried to do was put together a bill that would address what seemed to be the most pressing and common concerns among those groups. so you're going to have different segments of industry, different stakeholders of dhs versus the energy and commerce committee where they might have particular asks that potentially could be not necessarily in conflict with one another, but controversial. but there were a lot of ideas that we had in common. so we really tried to focus on those. what were the fixes that we could make, what were the most important elements to address and codify.

so it was actually an intense experience and it went on for eight months to a year with a roth of back and forth and sharing of ideas, disagreeing over ideas, coming to accommodations for various reasons, but. everybody came to the table with an open mind and a willingness to compromise what might be specific individual requests for the greater good of getting this done. getting the program authorized, providing that stability and certainty, taking care of some of the fundamental shortcomings and problems with the program. so in that respect, i that ugt it was a good. process. erbe had a voice. everyone was heard. people had the opportunity to hash out ideas, come up with new solutions, perhaps, things that hadn't been proposed in the past. we also worked right from the

beginning with our counterparts. i think that's largely a part of the reason why this bill has gotten through our senate homeland committee and it's very likely to get to the senate floor because the senate had input on this all along. we didn't just come up with a product and throw it across the desk and say you better pass this. they had input right from the beginning. so all that is to say, i am encouraged by this process and i think when people feel they can communicate and come to the table with an open mind and all the stakeholders are included, we can get things done, which is not necessarily the tone at the moment on capitol hill. but it does happen. some of the issues specifically that we addressed in our bill were the backlog. cfats was behind on inspections and approvals. as you heard dave say shs they

have gotten through quite a bit. they have made great process in the last six months or so. but we wanted to help facilitate that. we wanted to demand they got through the backlog faster. the pace was not acceptable, but we wanted to make sure they had the tools and authorities they needed to do that. another issue was the tragedy at west, texas, with the fertilizer facility that exploded there. that was not a security cfats-related issue. it did show us what could result and what the impact on the community could be when chemical facilities were vulnerable. what did result from that incident was an acknowledgment that there were a lot of small facilities out there that dhs was not aware of. they had been relying very heavily on associations to help them identify the facilities.

mainly those facilities were members of larger associations. when you had a facility like the west fertilizer plant that had like seven employees or something, they are not a member of a big association. so we wanted to help to solve that problem and we have addr s addressed that in the bill as well among the directives we put in there, we have asked dhs to engage much more closely and much more actively with state and locals to really get out in the field and talk to people who know where these facilities are. another issue was -- and i won't go into the specifics, but making sure the program was w k workable for the regulated community. as we got into things, it seemed like there were some redundancies. that industry was asked to comply with. we wanted to make sure that we

were serving the dual purpose as facilitator of making sure dhs had what it needed to ensure security, but at the same time, making sure that the process was not overly burdensome or almost prohibitively dismt for the regulative community. that's something e we engaged with everyone to find solutions to some of those problems. there are a lot of things that are addressed in the bill. those are just some of the highlights, but i think this is a very good start. this authorization gives congress, as i said, the ability to provide in law directives to the program. it's also given us the opportunity to partner with dhs as much as it seems sometimes that congress and the administration are sort of playing on different teams, we're not. so our objective was not to

shake our finger and scold dhs, but to partner with them and help them to achieve national security, which is what my committee's primary goal is. so i've given it several thoughts on this bill and this process throughout the last couple months, but i generally have concluded and saying and open this up to you as well, it's important that we're hearing from everyone who has a stake in this issue in this cfats program. so if you come to our committee with ideas not just with problems but ideas for solutions as well, it's very, very helpful to us. we really are listening. we go to great lengths to try to incorporate great ideas coming from the regulated community. you're living it. so i would just conclude by

encouraging everyone here and spread the word that if you have continued concerns or ideas for this program, don't hesitate to come to the helm and we would love to include you in the process. >> part of the benefit of having the last name wolf means you're either at the end of the line or beginning of the line. i'm going to be brief in my remarks. before i do, i want to make two points. first of all, i'd like to thank personally and professionally the panel and everyone else in the room who works for congress or the department for your commitment to everything you have done to improve dhs. having been there at the beginning, those of us that were there early on, we dedicated as much of our effort as we could at the time. the department has vastly improved over time. largely through the dedication of everyone at dhs and the hill. on that note, 109 oversight

committ committees. i still think there's a lot of work that congress can do on making their oversight on the department more efficient and easy. i'll leave that stump speech on its own for now and applaud for the work done and ask others to model that. also just as the lawyer in the private sector on the panel, none of my remarks represent any commitments or legal advice that i'm give. ing to anyone in this room. also nothing represents any -- indicates to my clients. with that, i'd like to spend a few minutes just talking about the structure and the questions that dhs proposed in the rule making. i really think and once again, i applaud the direction that dhs has brought the program in. the program has not only improved in the efficiency and

the metrics they can talk about and i understand that's an important point, but also in the quality. i will also state we're at a point. this is a program that was created quickly with 800 words of legislation with a very short timeframe and from that there's been a large regulatory footprint that's been built and managed as efficiently as you could. part of both driving old automobiles and managing the program that was quickly developed is that not only do we need new guidance, but we need opportunities to work transparentally with the stake holders. that's why i really do applaud dhs for their taking the time to put together the advance and listen to us. with that, i'm going to spend a few minutes talking about some of the issues. the first is in their description with the regulatory approach, i really think we're at a time and point where we can

and at a technical understanding where we can identify what is high risk facilities and think about it not in terms of risk elimination, but in risk reduction, which is what others have been talking about for a long time. both in the trade organizations and member companies. as we had to convince dhs early on, having a facility list its chemicals or e below the threshold is not a bad thing but a good thing. that's evidence of risk elimination. a risk reduction. we need to continue down that path of defining what is a high-risk chemical facility. i think the legislation will help. dhs has a real opportunity to focus on those high-risk chemical facilities, which will reduce the amount of numbers that it would look at, but also improve the efficiency. the core part of that and the second point i'd like to make is what i'll call clearing the regulatory lanes.

there are clear exemptions. there were some very clear legislative and regulatory exemptions they were given to build the program around such as the maritime transportation security act and other regulatory programs. and those that have grown out since the program was developed. it's an opportunity for dhs to focus on the high-risk facilities that are identified and let other programs that have been developed by states take over their agencies so we don't have programs moving on to the secondary that they have asked for comments on the treatment of nontraditional chemical facilities so we don't end up with facilities that really have burdensome approach to managing the regulation. one example i'll use is especially forrátñ5k theí nontraditional chemical facilities is what i'll take is a sign of success from the clean air act. i think we would want to use a

40-year-old piece of legislation that's been through the supreme court many times as an example of a perfect regulation. there are some important opportunities to take rules. for example, for some of the -- given the fact that the clean air act affects almost every industry across america, they have implementation plans that are given at an industry or subindustry or sector role. if you're a pulp and paper mill, you have a guidance on what implementation, and these aren't prescriptive, direction on how you can comply and achieve compliance with the regulations. that may be a great way of partnering to speak to what suzanne spaulding raised earlier today with partnering with industry. to really enter into a dialogue facilities achieve come plints

or risk elimination. i think we have the opportunity now, and i hope dhs will think long and hard about finding more efficient and effective ways of working with these nontraditional chemical facilities. to the risk-based performance standards as well, as with everything else in the regulation, as i think lincoln often said, when you don't have a lot of time to write something, you write long speeches, and writing with efficiency is often hard. the 18 rdpss were a good starting point. i think as we have an opportunity to reflect on what are the focused areas of risk and security, i think we can come up with efficiencies. i also agree we should come up with the top ten. i'll lay down the gauntlet that we should have ten standards. if we think about the core elements the companies are focused on this day and age, and the security of the agencies.

in the last seven or eight years, we didn't have the plethora of ip addressable cameras that we have now. we've changed technology, and we also need to change how we look at the regulatory model in this case. i quickly am mentioning the chemicals of interest. other than i think it would be great to come up with another name for it other than coi or appendix a. i think the list was set out as answering the initial question of what is potentially a high-risk chemical facility. i think we have many years of identifying who are the high-risk facilities. i think we could put the appendix a list on a diet and get it reduced to fewer chemicals, that would reduce the footprint of industry in the program. and the last point i'd like to make is what i'll call the one touch approach to the cpac

program. what i didn't know when i was at dhs, that i know now, it's not unusual for a single facility within the course of a day, month or year to interact with multiple dhs regulatory programs, whether it's maritime transportation security act, the twik program or cpac. and dhs has had a challenge in that the programs are managed and appropriated separately. and they're managed at a different component of the department. i think we can make these more efficient. we, meaning industry and government, by continuing to work together. i think twik is a great example where dhs is working with personal surety programs. i think we need to think about a one-touch approach so industry doesn't have to spend as much time answering the same questions to the same departments, since i am a fan of one dhs. wi without quite so much rigger. with that, i'll turn it over to

mr. wolff. >> thank you, to all of you. i think we have a few minutes for questions from the audience. we have a microphone up front, so please fire away. >> i want to thank all the people here. basically two questions. the first is, what kind of methodology does beatrice use to determine risk levels? is it the simple mapping of threat, vulnerability and consequence information, or is it something else? secondly, given the era of data breaches and snowden leaks, how do you really maintain the confidentiali confidentiality, or the protection of the information as far as chemical facilities go? do you have the ssi, cbi, or bcii? there is some type of confusion as to what categorization to use to preserve and protect important and relative information that is sent to the address by the chemical

facilities. >> thanks. >> thank you for the question. it sounds like a great one for our senior policy adviser. >> thank you. when it comes to the risk methodology, the department in general, i'll use the consequence vulnerability and threat, we look at it in two different stages. the security vulnerability assessment. the former one is almost a hundred percent driven by small consequence. it depends on the security issues. if you're talking about the modeling, and that's using an improvised explosive device, and we look how easy it is to convert. we have a little bit more threat piece. our initial vision was to use vulnerability. we didn't have a lot of confidence in the self-reported data. so we have not been using vulnerability as one of the factors. that's one of the recommendations we received from both gao and the peer review

panel. but generally speaking, we are consistent with the dhs model of consequential vulnerability and threat, deciding what the risk is for an individual facility. for the information protection piece, cbi, it's the information regime that was developed. so anything with peer information or chemicals on site of the security plans, all that would be protected under cbi for our program. and that is how we maintain it secure the information. >> do we have other questions out there? mr. kennedy? >> you guys are stuck in between two walls. i've never really seen this before. i do a lot of chemical security issues obviously, and i'm also an honorary regulatory geek as

well. the question that i had was, for fix some of these issues? and also, moving forward, could you just sort of explain kind of what the time line -- if i had an idea, like a checklist or something like that, and i propose it, and i make comments,

in the next reiteration in the final rule, will you take those into consideration and weigh that over another option of what dhs could do? or another person? i just want to know exactly how that would work, nuts and bolts-wise. >> i'll do my best. i know there's general counsel members in the audience. so give me a sign if i'm talking about -- >> i'll look over here. >> from the perspective, will it impinge the dialogue. that certainly does restrain some of the ways we'll communicate with our stakeholders and communities. but i look at it as more of an opportunity because it's going to formally open it up to stakeholders, who otherwise might not have the benefit of attending events like this, otherwise providing more direct communication. i see that as a positive. it will allow us hopefully to elicit more feedback.

once the period closes, dialogue can expand a little bit. but there will be constraints that might not otherwise have existed. as far as the time rg, that i'm not going to wager on. i've guessed many times in the past, and i'm almost always wrong. i can tell you the next steps would be our intention, it really depends on the results from the comments. this is open for 60 days. we would review the comments received during that time period. and start to formalize a rule. this is more open-ended on giving us your general feedback, the next document you would see from the department would be many, many months after it's concluded. notice of proposal will include the proposed rule of thumb. we would hopefully assess and evaluate the feedback, on studies, analysis, what have you, and come up with what we think the next generation might look like. again, we'd go through a public comment period where folks have a better idea of what our

specific modifications might be. they can provide comments and feedback on the specific modifications. so again, i can't really go to task after that. hopefully it would go smoothly and go to a final rule. this is all complicated by the legislation, which if it gets passed, may throw everything into another position. >> we do take seriously the requirements and restrictions of the administrative procedures act with respect to rule making. we certainly do all we can to avoid being thrown in apa jail. we're very committed to continuing dialogue and transparency going forward. final question? if not, i will thank everyone who has taken time out to be in our audience, and a special thanks to todd, elizabeth, joan and evan for serving on