Prepared Statement by Senator Chuck Grassley of Iowa
Ranking Member, Senate Judiciary Committee
Executive Business Meeting
Thursday, April 26, 2012
On the agenda today are three nominations ready for committee action – Curiel, Shea, and Shelby. I believe a roll call may be requested for Mr. Shea’s nomination.
Before we consider the nominations, I would like to speak about yesterday’s hearing and a serious matter I raised with Secretary Napolitano. I asked Secretary Napolitano about the Department of Homeland Security’s failure to approve a single chemical facility site security plan under the Chemical Facility Anti-terrorism Standards (CFATS).
The CFATS program was passed by Congress in 2006 to provide baseline security for chemical facilities that store certain types of dangerous chemicals. Regulations were issued in 2007 that required sites to submit security plans for approval. To date, 4,200 sites have submitted plans to DHS. However, DHS has not approved a single one despite operating the program for more than five years and spending nearly a half-a-billion taxpayer dollars. As implemented, this program is a disaster.
Secretary Napolitano admitted that the program is not operating as they would like. I think that is a major understatement and an internal review of the failures of the program underscores how this is an understatement.
This memorandum, dated November 10, 2011, is one of the most candid assessments of an agency’s failure I’ve ever seen. The authors found, among other things, that no site plans have been approved and that even if they were, DHS is not prepared to conduct compliance inspections.
Additionally, the memorandum paints the picture of an agency that has lost control. Specifically, the authors found:
· The Department had hired “people who do not have the necessary skills to perform key mission and essential functions.”
· “While the vast majority of employees are talented, hardworking people, there are numerous exceptions.”
· “There is a catastrophic failure to ensure personal and professional accountability” among agency employees.
· The “lack of focus and vision has resulted in problems with how we have spent our money, and how we are managing those funds.”
There are other major problems, including car fleet management problems, lack of oversight and accountability for purchase cards, travel cards used for unauthorized expenses, property management issues, and records management.
While I appreciate the candor in this memorandum and the significant detail included by those tasked with completing this analysis, it raises serious questions about how DHS uses taxpayer dollars. It also raises questions about DHS’s ability to implement the policies Congress has entrusted it with.
I’m also concerned with what this entails for those who are currently seeking to give DHS more regulatory authority and hundreds of millions more in taxpayer money to oversee cybersecurity.
For example, the White House issued a Statement of Administration Policy last night on the cybersecurity legislation the House is currently addressing. One of the major reasons the statement was allegedly issued was that the bill “fails to provide authorities to ensure that the Nation’s core critical infrastructure is protected.” In other words, the President won’t sign the bill into law because it doesn’t give DHS the power to regulate the private sector.
I’ll admit I have been skeptical of giving DHS the power to regulate cybersecurity from the outset.
But, I do believe the threat to our country from cyber-attacks is real. That is why I have cosponsored S.2151, the SECURE I.T. Act. This legislation will enhance cybersecurity without creating a new bureaucracy at DHS and without stifling innovation in the private sector with burdensome new regulations.
After reading this DHS memorandum, my initial skepticism against DHS’s role in cybersecurity has turned into outright concern. Based upon the failures of CFATS to date, such an approach would surely lead to more wasted taxpayer dollars with nothing to show for it. Given the fiscal situation we face, this is an unacceptable option.
Despite the failures outlined by DHS’s own internal review, Secretary Napolitano did her best yesterday to say the program is moving forward. I have my doubts, given the level of failures cited in this memorandum. I’d be surprised if DHS has been able to turn this program around overnight. So, I’ll be requesting a briefing from DHS to find out what is being done to fix these problems.
Regardless of what DHS has done to address these problems, the fact remains that the American taxpayers are out nearly a half-a-billion dollars with nothing to show for it. We have a duty to conduct oversight on the failures and problems mentioned in this memorandum. We have a duty to our constituents and all taxpayers to ensure these problems are fixed and that they don’t continue.
Absent proof, and not just assurances, that the problems are fixed, we should not even consider giving DHS another ounce of regulatory authority or additional layers of bureaucracy to deal with Cybersecurity. I believe Cybersecurity is an important topic that we need to address, but not at the expense of throwing more taxpayer dollars at an agency with the sort of problems this internal review details.