Attorney General Marshall Calls on EPA to Protect Chemical Facility Data Tools from Malicious Cyber Threats

For Immediate Release:
May 14, 2026

For press inquiries only, contact:
Amanda Priest (334) 322-5694
William Califf (334) 604-3230

(Montgomery, Ala.) – Alabama Attorney General Steve Marshall co-led a letter with Oklahoma Attorney General Gentner Drummond calling on the U.S. Environmental Protection Agency (EPA) to lock down a proposed federal database of chemical facility information that, if accessed by foreign adversaries and hackers, could put American infrastructure and communities at risk. The letter filed formal comments with the EPA on a proposed rule that would overhaul chemical accident prevention requirements. The coalition applauded the EPA’s deregulatory effort to cut red tape and empower States but raised concerns with one part of the proposal: a public online database of facility-level chemical data that could be used by malicious actors. 

“Americans and our infrastructure face a growing and unprecedented threat from foreign adversaries conducting cyber intrusions. The chemical facility reporting system, while aimed at informing neighboring communities about potential risks, has become an unintended roadmap for those who wish to do us harm,” stated Attorney General Marshall.  “Detailed, facility-specific data disclosing chemical inventories, access routes, and accident plans have obvious value to nefarious actors. We must be more vigilant and deliberate about what information is published, how it is safeguarded, and who can access it.” 

Chemical plants and refineries covered by the program store substances that could sicken or kill nearby residents if released. The letter addressed to Administrator Lee Zeldin warns that the database would disclose chemical inventories, facility layouts, and maps showing what areas would be affected by a chemical spill and make it available to anyone with an internet connection, including adversaries who have spent years probing U.S. energy and chemical systems.

“Even where individual data points may appear innocuous in isolation, their consolidation, indexing, and machine-searchability in a single platform converts ordinary disclosures into a target-selection-and-exploitation manual,” the letter warns. “While transparency is important, that interest must be carefully balanced against the real and evolving threat environment faced by critical infrastructure.” 

The coalition asked the EPA to audit the database for security risks before launch, strip out or combine data that could identify specific facilities, loop in the Department of Homeland Security and federal cybersecurity officials in its design and give facilities a way to challenge disclosures they believe put them at risk. “The proposed rule fixes many of the Biden Administration missteps, but we ask the EPA to implement rigorous access controls on the Data Tool so that it can ensure that data access initiatives do not inadvertently introduce new vulnerabilities,” the letter concludes.

Joining Alabama and Oklahoma’s letter were attorneys general from Alaska, Arkansas, Florida, Georgia, Indiana, Iowa, Kansas, Kentucky, Louisiana, Mississippi, Montana, Nebraska, Ohio, Oklahoma, South Dakota, Utah, and West Virginia.

Click here to read the letter.

-30-