Greg Nash Between us, we have spent careers across the Department of Homeland Security—one of us at the Federal Emergency Management Agency before leading the Cybersecurity and Infrastructure Security Agency, the other as a senior policy analyst at the agency’s Office of Chemical Security — working to keep America’s chemical facilities out of the crosshairs of terrorists, criminals, and foreign adversaries.
We know what works. We also know what makes the work harder. The U.S. Environmental Protection Agency is about to make that work much harder, and our communities less safe, out of a misguided sense of transparency.
EPA has proposed a rule that, in part, deserves applause. The Biden administration’s 2024 Safer Communities by Chemical Accident Prevention Rule forced chemical facilities to publicly disclose a startling amount of sensitive information about their operations, vulnerabilities, and worst-case accident scenarios — information that homeland security professionals have spent two decades trying to keep out of adversaries’ hands. The Trump EPA is rightly rolling that back, removing the disclosure burden from facility owners.
But the proposed replacement makes a different mistake. Instead of requiring each facility to publicly disclose its own information, EPA proposes to consolidate the same data into a single, searchable federal database accessible to anyone with an internet connection. That eases a regulatory burden, but at the cost of creating a national security problem.
In 2000, the Justice Department warned EPA that posting facility-specific chemical accident data on the internet was uniquely dangerous because it allowed information to be aggregated—assembled from one anonymous location into a usable targeting product. The Justice Department observed that a deliberate chemical release could rival a weapon of mass destruction in its effect, and that a sophisticated adversary would never need to set foot on American soil to identify the most lethal targets if the federal government built the list for them.
That warning came before the era of artificial intelligence, large-scale data scraping, and adversaries who run those tools as a matter of doctrine. China’s Volt Typhoon campaign — which U.S. intelligence officials have identified as a state-sponsored effort to pre-position inside American critical infrastructure to enable disruption in a future conflict — does not begin at a chemical plant’s fence. It begins by identifying which fence to attack.
A federal database that consolidates location, regulated substances, accident history, and population exposure for every covered chemical facility in the U.S. is precisely the kind of reconnaissance product a hostile intelligence service would otherwise have to spend significant time and resources to assemble. EPA proposes to assemble it for them, free of charge.
This is not hypothetical. Iranian state-affiliated actors have already targeted American water utilities, which store substantial quantities of chlorine. Russia-linked actors disabled Colonial Pipeline. Federal authorities warned in 2024 that Chinese actors had moved beyond intelligence collection into pre-attack positioning against U.S. critical infrastructure. The threat environment in which EPA proposes to publish this database is the most dangerous one this country has faced in a generation.
The timing makes it worse. The federal Chemical Facility Anti-Terrorism Standards program has been lapsed since July 2023, leaving more than 89 million Americans living or working within two miles of high-risk chemical facilities that previously would have been subject to ongoing federal security oversight.
Roughly 9,000 personnel names per month are now going unvetted against terrorist watch lists at high-risk chemical sites. EPA is proposing a public vulnerability database at the exact moment the federal government’s main chemical-security tool sits dormant.
There is also a question of which agency should be making this call. EPA is an environmental regulator. It is not structured to conduct threat assessments. It does not operate the classified information systems, secure handling protocols, or counterintelligence relationships that the Department of Homeland Security, the Department of Defense, and the FBI rely on every day. Congress recognized this when it designated the Department of Homeland Security — through the Cybersecurity and Infrastructure Security Agency — as the Sector Risk Management Agency for the chemical sector.
The interagency record from the 2024 rulemaking shows that federal security agencies raised precisely the concerns we raise here, but they were overridden. Repeating that mistake, with the threat picture worse and the regulatory backstop gone, is not a defensible posture.
The administration’s instinct on this rule was the right one, but there is a better path. EPA should complete the rollback it has begun, but decline to operate a centralized, searchable public database of chemical facility information. It can preserve what communities genuinely need to be safe — the names of regulated substances at nearby facilities, the contact information for the Local Emergency Planning Committee, basic shelter-in-place and evacuation guidance — while declining to publish operational details that serve no public-safety purpose but would help adversaries target facilities.
And it can do what its predecessor would not: consult formally with the Cybersecurity and Infrastructure Security Agency, the FBI and the Department of Defense before publishing anything, and treat their judgment on security-sensitive disclosure as more than an inconvenience to be overridden.
Bridget Bean served as Executive Director and Acting Director of the Cybersecurity and Infrastructure Security Agency. Trevar Kolodny served as a senior policy analyst in the agency’s Office of Chemical Security. Both are now Visiting Fellows at The Heritage Foundation.
Add as preferred source on Google Tags Joe BidenCopyright 2026 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Comments: Link copiedMore Opinions - National Security News
See All
Opinions - National Security As Putin loses confidence in his military, Ukraine presses harder by Jonathan Sweet and Mark Toth, opinion contributors 1 hour ago Opinions - National Security / 1 hour ago