[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]
PIPELINES: SECURING THE VEINS OF THE AMERICAN ECONOMY
=======================================================================
HEARING
before the
SUBCOMMITTEE ON
TRANSPORTATION SECURITY
of the
COMMITTEE ON HOMELAND SECURITY
HOUSE OF REPRESENTATIVES
ONE HUNDRED FOURTEENTH CONGRESS
SECOND SESSION
__________
APRIL 19, 2016
__________
Serial No. 114-64
__________
Printed for the use of the Committee on Homeland Security
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.gpo.gov/fdsys/
__________
U.S. GOVERNMENT PUBLISHING OFFICE
22-757 PDF WASHINGTON : 2016
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
COMMITTEE ON HOMELAND SECURITY
Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas Bennie G. Thompson, Mississippi
Peter T. King, New York Loretta Sanchez, California
Mike Rogers, Alabama Sheila Jackson Lee, Texas
Candice S. Miller, Michigan, Vice James R. Langevin, Rhode Island
Chair Brian Higgins, New York
Jeff Duncan, South Carolina Cedric L. Richmond, Louisiana
Tom Marino, Pennsylvania William R. Keating, Massachusetts
Lou Barletta, Pennsylvania Donald M. Payne, Jr., New Jersey
Scott Perry, Pennsylvania Filemon Vela, Texas
Curt Clawson, Florida Bonnie Watson Coleman, New Jersey
John Katko, New York Kathleen M. Rice, New York
Will Hurd, Texas Norma J. Torres, California
Earl L. ``Buddy'' Carter, Georgia
Mark Walker, North Carolina
Barry Loudermilk, Georgia
Martha McSally, Arizona
John Ratcliffe, Texas
Daniel M. Donovan, Jr., New York
Brendan P. Shields, Staff Director
Joan V. O'Hara, General Counsel
Michael S. Twinchek, Chief Clerk
I. Lanier Avant, Minority Staff Director
------
SUBCOMMITTEE ON TRANSPORTATION SECURITY
John Katko, New York, Chairman
Mike Rogers, Alabama Kathleen M. Rice, New York
Earl L. ``Buddy'' Carter, Georgia William R. Keating, Massachusetts
Mark Walker, North Carolina Donald M. Payne, Jr., New Jersey
John Ratcliffe, Texas Bennie G. Thompson, Mississippi
Michael T. McCaul, Texas (ex (ex officio)
officio)
Krista P. Harvey, Subcommittee Staff Director
John Dickhaus, Subcommittee Clerk
Cedric C. Haynes, Minority Subcommittee Staff Director
C O N T E N T S
----------
Page
Statements
The Honorable John Katko, a Representative in Congress From the
State of New York, and Chairman, Subcommittee on Transportation
Security:
Oral Statement................................................. 1
Prepared Statement............................................. 2
The Honorable Kathleen M. Rice, a Representative in Congress From
the State of New York, and Ranking Member, Subcommittee on
Transportation Security:
Oral Statement................................................. 3
Prepared Statement............................................. 4
The Honorable Bennie G. Thompson, a Representative in Congress
From the State of Mississippi, and Ranking Member, Committee on
Homeland Security:
Prepared Statement............................................. 5
Witnesses
Ms. Sonya Proctor, Surface Division Director, Office of Security
Policy and Industry Engagement, Transportation Security
Administration, U.S. Department of Homeland Security:
Oral Statement................................................. 5
Prepared Statement............................................. 7
Mr. Andrew J. Black, President and CEO, Association of Oil Pipe
Lines:
Oral Statement................................................. 9
Prepared Statement............................................. 11
Ms. Kathleen S. Judge, Director of Risk and Compliance for Global
Security, National Grid, Testifying on Behalf of the American
Gas Association:
Oral Statement................................................. 13
Prepared Statement............................................. 15
Mr. Paul W. Parfomak, Specialist in Energy and Infrastructure
Policy, Congressional Research Service, Library of Congress:
Oral Statement................................................. 22
Prepared Statement............................................. 23
Appendix
Questions From Ranking Member Bennie G. Thompson for Sonya
Proctor........................................................ 45
Question From Ranking Member Bennie G. Thompson for Kathleen S.
Judge.......................................................... 45
Questions From Ranking Member Bennie G. Thompson for Paul W.
Parfomak....................................................... 46
PIPELINES: SECURING THE VEINS OF THE AMERICAN ECONOMY
----------
Tuesday, April 19, 2016
U.S. House of Representatives,
Committee on Homeland Security,
Subcommittee on Transportation Security,
Washington, DC.
The subcommittee met, pursuant to call, at 2:24 p.m., in
Room 311, Cannon House Office Building, Hon. John Katko
[Chairman of the subcommittee] presiding.
Present: Representatives Katko, Rogers, Carter, Ratcliffe,
and Rice.
Mr. Katko. The Committee on Homeland Security, Subcommittee
on Transportation Security will come to order. The subcommittee
is meeting today to examine how the Transportation Security
Administration works with pipeline stakeholders to secure this
critical infrastructure.
I now recognize myself for an opening statement. Over 2.6
million miles of pipeline run through the United States
carrying oil and natural gas operated by approximately 3,000
companies. The integrity of this complex network of pipelines
is critical not only to our economy, but in keeping our cars
running and our stoves burning. Following the creation of the
Department of Homeland Security, responsibility for pipeline
security shifted to the TSA, while the Department of
Transportation retained responsibility for pipeline safety.
Although the terms safety and security are often used
interchangeably, the root causes for concern behind each of
these concepts are fundamentally different and warrant
differing approaches.
While safety focuses on preventing and responding to
accidents, security aims to thwart malicious actors with ill
intentions from damaging or disrupting pipeline operations. The
threat to pipeline security has been deemed relatively low by
the intelligence community. This is largely due to security
measures put in place by operators and the extent to which a
vast majority of the U.S. pipeline network is buried
underground. However, we must remain diligent. Just because
terrorists have not yet targeted pipelines for an attack does
not mean they will not in the future. In addition to physical
attacks, we must also guard against cyber attacks.
Our adversaries, including North Korea, China, Russia, and
Iran have shown a proclivity for launching sophisticated cyber
attacks against U.S. companies, banks, and critical
infrastructure. In March the Justice Department indicted
members of Iran's Revolutionary Guard for hacking the
operational control system of a small dam in my home State of
New York.
While there is no evidence that hackers had been able to
penetrate the industrial systems of pipelines, there have been
several high-profile incidents where the systems of global
energy companies have been compromised and sensitive
information fell into the wrong hands. As hackers become more
sophisticated, we cannot discount the possibility that they may
one day seek to intrude on the industrial control systems,
disrupting the flow of oil and natural gas. Although TSA has
the authority to regulate pipeline security, they have chosen
instead to pursue a more collaborative approach with the
industry. That could serve as a model for other parts of the
Government. However, I am concerned that TSA has not issued any
updates to the pipeline security guidelines since 2011.
I look forward to learning more about how TSA and industry
stakeholders work together to ensure the security of our
Nation's pipelines. Although I must say I am preliminarily
encouraged that all sides seem to be happy with the current
arrangement.
I would like to thank everyone for being here today, and I
look forward to hearing the testimony from our distinguished
panel of witnesses.
With that I now recognize my Ranking Member of the
subcommittee, the gentlewoman from New York, Miss Rice, for any
statements she may have.
[The statement of Chairman Katko follows:]
Statement of Chairman John Katko
April 19, 2016
Over 2.6 million miles of pipeline run through the United States
carrying oil and natural gas operated by approximately 3,000 companies.
The integrity of this complex network of pipelines is critical not only
to our economy, but in keeping our cars running and our stoves burning.
Following the creation of the Department of Homeland Security,
responsibility for pipeline security shifted to the Transportation
Security Administration while the Department of Transportation retained
responsibility for pipeline safety. Although, the terms ``safety'' and
``security'' are often used interchangeably, the root causes for
concern behind each of these concepts are fundamentally different and
warrant differing approaches. While safety focuses on preventing and
responding to accidents, security aims to thwart malicious actors with
ill intentions from damaging or disrupting pipeline operations.
The threat to pipeline security has been deemed relatively low by
the intelligence community. This is largely due to security measures
put in place by operators and the extent to which a vast majority of
the U.S. pipeline network is buried underground. However, we must
remain diligent. Just because terrorists have not yet targeted
pipelines for an attack does not mean they will not in the future.
In addition to physical attacks, we must also guard against cyber
attacks. Our adversaries, including North Korea, China, Russia, and
Iran, have shown a proclivity for launching sophisticated cyber attacks
against U.S. companies, banks, and critical infrastructure.
In March, the Justice Department indicted members of Iran's
Revolutionary Guard Corps for hacking the operational control system of
a small dam in my home State of New York. While there is no evidence
that hackers have been able to penetrate the industrial control systems
of pipelines, there have been several high-profile incidents where the
systems of global energy companies have been compromised and sensitive
information fell into the wrong hands. As hackers become more
sophisticated, we cannot discount the possibility that they may one day
seek to intrude on the industrial control systems, disrupting the flow
of oil and natural gas.
Although TSA has the authority to regulate pipeline security, they
have chosen instead to pursue a more collaborative approach with the
industry, that could serve as a model for other parts of the
Government.
However, I am concerned that TSA has not issued an update to the
Pipeline Security Guidelines since 2011. I look forward to learning
more about how TSA and industry stakeholders work together to ensure
the security of our Nation's pipelines.
I would like to thank everyone for being here today. I look forward
to hearing the testimony from our distinguished panel of witnesses.
Mr. Katko. With that I now recognize my Ranking Member of
the subcommittee, the gentlewoman from New York, Miss Rice, for
any statements she may have.
Miss Rice. Thank you, Mr. Chairman. Thank you for convening
this hearing. I would also like to thank the witnesses for
coming to talk with us about the current state of pipeline
security, as well as the major threats facing the industry, and
the biggest vulnerabilities that need to be addressed. I
understand that it has been several years since this committee
last held a hearing on our Nations pipelines. So I think it is
important that we are here today to examine how TSA implements
and enforces policies regarding pipeline security, as well as
the steps the industry takes on their own initiative.
Last week we held a roundtable briefing with stakeholders
in the oil and natural gas pipeline industry. I was impressed
by the confidence they have in their relationship with TSA.
They appreciate that TSA understands there is no one-size-fits-
all approach to pipeline security. I was pleased to hear that
TSA and the pipeline industry have that kind of constructive
partnership with open and honest communication. Because there
is no question that pipelines are a potential target.
With more than 2.5 million miles of pipelines carrying gas,
oil, and other hazard materials across the country, an attack
against a pipeline could cause major commercial and
environmental damage. So it is important that the policies and
procedures we put in place, to secure pipelines, reflect the
magnitude of that threat. I understand that rather than issuing
regulations, TSA has implemented several initiatives like the
Corporate Security Review, during which TSA visits the largest
pipeline operators to examine their facilities and their
security plans. I am interested to learn more about that
process, how often TSA conducts theses reviews, and what
resources they use to inspect pipeline operators.
I would also like to know whether or not TSA receives input
from DHS's National Protection and Programs Directorate when
dealing with pipeline security, both physical and cyber. During
our roundtable discussion last week, it was clear that when it
comes to eliminating vulnerabilities, stakeholders are focused
primarily on cybersecurity. Pipeline operators use supervisory
control and data acquisition systems to remotely control and
observe pipelines.
Cybersecurity is a top priority right now for many
industries and Government agencies. So I hope to hear more from
our witnesses about what pipeline operators are doing to better
protect their cyber infrastructure, and how TSA is supporting
those efforts, and helping to raise awareness about cyber
vulnerabilities. I know that TSA holds regular conference calls
with stakeholders so they can share information and keep open
lines of communication.
I would like to hear from our witnesses about how that
process works, and whether TSA is providing the actionable
information they need to be prepared to identify and address
vulnerabilities.
Thankfully there have not been any successful attacks
against our Nation's pipeline systems. But there have been
attempts, like in 2007 when 3 men were arrested for plotting to
blow up fuel tanks and pipelines at JFK Airport in New York,
which is just outside my district. We must remain cognizant of
the fact that terrorists are always looking to exploit
vulnerabilities, and our pipelines are a major target. So we
have to always stay 2 steps ahead.
Again, I want to thank all of our witnesses for being here
to assist us in that effort. I thank Chairman Katko for
convening this hearing. I look forward to a productive
discussion today. I yield back the balance of my time.
[The prepared statement of Ranking Member Rice follows:]
Statement of Ranking Member Kathleen M. Rice
April 19, 2016
I understand that it's been several years since this committee last
held a hearing on our Nation's pipelines, so I think it's important
that we're here today to examine how TSA implements and enforces
policies regarding pipeline security, as well as the steps the industry
takes on their own initiative.
Last week, we held a roundtable briefing with stakeholders in the
oil and natural gas pipeline industry, and I was impressed by the
confidence they have in their relationship with TSA. They appreciate
that TSA understands there's no one-size-fits-all approach to pipeline
security.
I was pleased to hear that TSA and the pipeline industry have that
kind of constructive partnership with open and honest communication--
because there's no question that pipelines are a potential target. With
more than 2.5 million miles of pipelines carrying gas, oil, and other
hazardous materials across the country, an attack against a pipeline
could cause major commercial and environmental damage. So it's
important that the policies and procedures we put in place to secure
pipelines reflect the magnitude of that threat.
I understand that rather than issuing regulations, TSA has
implemented several initiatives like the Corporate Security Review--
during which, TSA visits the largest pipeline operators to examine
their facilities and security plans. I'm interested to learn more about
that process--how often TSA conducts these reviews, and what resources
they use to inspect pipeline operators.
I'd also like to know whether or not TSA receives input from DHS's
National Protection and Programs Directorate when dealing with pipeline
security--both physical and cyber. During our roundtable discussion
last week, it was clear that when it comes to eliminating
vulnerabilities, stakeholders are focused primarily on cybersecurity.
Pipeline operators use supervisory control and data acquisition systems
to remotely control and observe pipelines.
Cybersecurity is a top priority right now for many industries and
Government agencies--so I hope to hear more from our witnesses about
what pipeline operators are doing to better protect their cyber
infrastructure, and how TSA is supporting those efforts and helping to
raise awareness about cybervulnerabilities.
I know that TSA holds regular conference calls with stakeholders so
they can share information and keep open lines of communication. I'd
like to hear from our witnesses about how that process works, and
whether TSA is providing the actionable information they need to be
prepared to identify and address vulnerabilities.
Thankfully, there have not been any successful attacks against our
Nation's pipeline systems, but there have been attempts--like in 2007,
when 3 men were arrested for plotting to blow up fuel tanks and
pipelines at JFK Airport in New York just outside my district. We must
remain cognizant of the fact that terrorists are always looking to
exploit vulnerabilities, and our pipelines are a major target--so we
have to always stay 2 steps ahead.
Mr. Katko. Thank you, Miss Rice. Other Members of the
committee are reminded that opening statements may be submitted
for the record.
[The statement of Ranking Member Thompson follows:]
Statement of Ranking Member Bennie G. Thompson
April 19, 2016
The Transportation Security Administration is well-known for its
role in commercial aviation security. However, TSA's responsibility
includes oversight of various modes of transportation, including
transportation of natural gasses, hazardous liquids, and toxic
inhalation hazard pipelines across the United States.
This hearing today is long overdue. The subcommittee has not had a
public hearing on pipeline security since 2010. In the past, this
committee has stated its intention to explore pipeline security under
our oversight functions, but time and again, the committee pivoted to
other matters.
Although there have been no successful attacks on U.S. pipelines,
it is important that the United States remain vigilant. Pipelines are
subject to both physical and cyber attacks.
With nearly 3 million miles of pipelines traversing the Nation, it
is important that the committee learns what the both the public and
private sectors are doing to ensure that bad actors who want to cause
devastation to our Nation's economy and critical infrastructure are not
able to do so.
I would like to thank the witnesses for appearing before us today
and providing testimony on this subject. Ms. Proctor, I look forward to
learning more about how TSA works with the private sector to address
pipeline security vulnerabilities.
Mr. Black, I look forward to understanding the perspective of the
owners and operators of pipelines, and particularly hearing about your
concerns with your response plan submissions and the potential impact
of those who wish to do us harm gaining access to the sensitive
information contained within these plans.
Ms. Judge, I was pleased to read in your testimony that you believe
TSA's role in facilitating the public-private partnership to address
pipeline security offers a healthy level of collaboration, support, and
achievement. I look forward to your testimony.
Finally, Mr. Parfomak, your expertise regarding the landscape of
pipeline security and the historical context and possible implications
is greatly appreciated, and we thank you for participating in the
discussion today.
Mr. Katko. We are pleased to have a distinguished panel of
witnesses before us today on this important topic.
The first witness, Ms. Sonya Proctor, currently serves as a
surface division director in the Office of Security Policy and
Industry Engagement at TSA. That must take a very big business
card to fit that title on there. The Chair now recognizes Ms.
Proctor to testify.
STATEMENT OF SONYA PROCTOR, SURFACE DIVISION DIRECTOR, OFFICE
OF SECURITY POLICY AND INDUSTRY ENGAGEMENT, TRANSPORTATION
SECURITY ADMINISTRATION, U.S. DEPARTMENT OF HOMELAND SECURITY
Ms. Proctor. Thank you. Chairman Katko, Ranking Member
Rice, and Members of the subcommittee thank you for the
opportunity to appear before you today to discuss the TSA's
role in securing our Nation's pipelines. The pipeline network
is critical to the U.S. economy. More than 2.5 million miles of
pipelines transport natural gas, refined petroleum products,
and other commercial products throughout the country. As
evidenced by recent attacks in Brussels and elsewhere, the
terrorist threat is increasingly complex and diffuse, with the
potential for actors to become radicalized and carry out an
attack with little warning.
An attack against a pipeline system could result in loss of
life and significant economic effects. To ensure we remain
vigilant, TSA works closely with the pipeline industry which
consists of approximately 3,000 private companies who own and
operate the Nation's pipelines. Pipeline system owners and
operators maintain direct responsibility for securing pipeline
systems.
TSA's role is to support owners and operators by
identifying threats, developing security programs to address
those threats, and encouraging and assisting the implementation
of those security programs. Along with the Department of
Transportation, TSA co-chairs the Pipeline Government
Coordinating Council to facilitate information sharing and
coordinate on security assessments, training, and exercises.
TSA and DOT's Pipeline and Hazardous Materials Safety
Administration, or PHMSA, work together to integrate pipeline
safety and security priorities, as measures installed by
pipeline owners and operators often benefit both safety and
security.
TSA engages pipeline industry stakeholders through the
Pipeline Sector Coordinating Council, which provides a primary
point of entry for industry representatives to discuss a range
of pipeline issues with Government. To assist pipeline owners
and operators in securing their systems, TSA has developed and
distributed security training for industry employees and
partners. Additionally, with the assistance of industry and
Government partners, TSA developed the TSA Pipeline Security
Guidelines to provide a structure for industry to voluntarily
use in developing security plans and programs.
Assessment results show that implementation of this
guidance has enhanced critical infrastructure security
throughout the country. TSA works with industry partners to
assess and mitigate vulnerabilities through exercises,
assessments, and inspections. TSA facilitates intermodal
security training and exercise program, or I-STEP, exercises to
help pipeline operators test their security plans, prevention
and preparedness capabilities, threat response, and cooperation
with first responders. To identify shortfalls in pipeline
security and enhance industry practices, TSA conducts corporate
and physical security reviews with pipeline operators.
Pipeline owners and operators welcome these voluntary
reviews, as they appreciate the value of secure systems. TSA
has conducted over 140 corporate security reviews of operators'
security policies, plans, and programs since 2002, and over 400
physical security reviews of critical facilities since 2008.
TSA supports Department of Homeland Security cybersecurity
efforts in support of the National Institute of Standards and
Technology cybersecurity framework, and is coordinating a
voluntary cyber assessment program, with the Federal Energy
Regulatory Commission, to examine pipeline operators'
cybersecurity programs. TSA works closely with the pipeline
industry to identify and reduce cybersecurity vulnerabilities,
including facilitating Classified briefings to increase
industry's awareness of cyber threats.
In conclusion, TSA works closely with industry and
Government stakeholders to secure the Nation's pipeline systems
from terrorist attacks through the development and
implementation of intelligence-driven, risk-based policies, and
programs.
Thank you for the subcommittee's support of TSA's goals. I
look forward to your questions.
[The prepared statement of Ms. Proctor follows:]
Prepared Statement of Sonya Proctor
April 19, 2016
Good afternoon Chairman Katko, Ranking Member Rice, and
distinguished Members of the subcommittee. I appreciate the opportunity
to appear before you today to discuss the Transportation Security
Administration's (TSA) role in securing our Nation's pipeline systems.
The pipeline network is critical to the economy and security of the
United States. More than 2.5 million miles of pipelines transport
natural gas, refined petroleum products, and other commercial products
throughout the country. In addition to the pipelines themselves, the
system includes critical facilities such as compressor and pumping
stations, metering and regulator stations, breakout tanks, and the
automated systems used to monitor and control them. As evidenced by
recent attacks in Brussels, Paris, and elsewhere, the terrorist threat
has grown increasingly complex and diffuse, with the potential for
terrorist actors to become radicalized and carry out an attack with
little warning. An attack against a pipeline system could result in
loss of life and have significant economic effects.
To ensure we remain vigilant, TSA works closely with the pipeline
industry, which consists of approximately 3,000 private companies who
own and operate the Nation's pipelines. Because they are usually
unstaffed, securing pipeline facilities requires a collaborative
approach across Government and industry. TSA has established effective
working relationships to ensure strong communication and sharing of
intelligence, training resources, best practices, and security
guidelines. Pipeline system owners and operators maintain direct
responsibility for securing pipeline systems. TSA's role is to support
owners and operators by identifying threats, developing security
programs to address those threats, and encouraging and assisting the
implementation of those security programs.
stakeholder engagement
TSA has established a productive public-private partnership with
Government partners and the pipeline industry to secure the transport
of natural gas and hazardous liquids. On behalf of the Department of
Homeland Security (DHS), TSA serves as a co-Sector-Specific Agency
alongside the Department of Transportation (DOT) and the United States
Coast Guard (USCG) for the transportation sector. As part of the DHS-
led Critical Infrastructure Partnership Advisory Council framework, TSA
and DOT co-chair the Pipeline Government Coordinating Council to
facilitate information sharing and coordinate on activities including
security assessments, training, and exercises. TSA and DOT's Pipeline
and Hazardous Materials Safety Administration (PHMSA) work together to
integrate pipeline safety and security priorities, as measures
installed by pipeline owners and operators often benefit both safety
and security.
TSA engages pipeline industry stakeholders through the Pipeline
Sector Coordinating Council (SCC), which provides a primary point of
entry for industry representatives to discuss a range of pipeline
security strategies, policies, activities, and issues with Government.
To eliminate the need for multiple meetings with the same security
partners, TSA worked closely with the Department of Energy to ensure
the Pipeline SCC also functions as the Pipeline Working Group within
the Energy Oil and Natural Gas Sector.
Since the United States imports more petroleum from Canada than any
other nation, much of it through pipelines, TSA works closely with our
Canadian security counterparts to secure the U.S.-Canadian cross-border
pipeline network. TSA and the Canadian National Energy Board coordinate
closely on pipeline security matters to include exchanging information
on assessment procedures, exercises, and security incidents. Since
2005, TSA and Natural Resources Canada have cosponsored the
International Pipeline Security Forum, an annual 2-day conference that
enhances the security domain awareness of hazardous liquid and natural
gas pipeline operators and provides opportunities for discussion of
major domestic and international pipeline security issues.
Administrator Neffenger had the pleasure of attending last year's
Forum, and enjoyed the opportunity to engage with key industry leaders
and learn more about their operations. The Forum presents a unique
opportunity for TSA to directly engage with a large number of pipeline
industry leaders from the United States and Canada, as well as key
government and law enforcement partners. Approximately 160 attendees
participate in the annual Forum, including pipeline system owners and
operators, pipeline trade associations, U.S. and Canadian government
officials, and members of the security, intelligence, and law
enforcement communities from the United States, Canada, and other
countries.
security training and guidelines
To assist pipeline owners and operators in securing their systems,
TSA developed and distributed security training for industry employees
and partners to increase domain awareness and ensure security expertise
is widely shared. TSA's pipeline security training products include a
security awareness training program highlighting signs of terrorism and
each employee's role in reporting suspicious activity, an improvised
explosive device awareness video for employees, and an introduction to
pipeline security for law enforcement officers.
Additionally, TSA developed the TSA Pipeline Security Guidelines to
provide a security structure for pipeline owners and operators to
voluntarily use in developing their security plans and programs. The
guidelines also serve as a standard for TSA's pipeline security
assessments. TSA developed the guidelines with the assistance of
industry and Government members of the Pipeline Sector and Government
Coordinating Councils, pipeline trade associations, cybersecurity
specialists, and other interested parties. Wide-spread implementation
of this guidance by the pipeline industry has enhanced critical
infrastructure security throughout the country. TSA is currently
working with stakeholders to update these guidelines. The guidance has
served as a template for entities establishing a corporate security
program and has resulted in an increase in the quality of those
programs reviewed by TSA. Since the publication of the guidelines, TSA
has also seen an increase in the number of pipeline operators
conducting security drills and exercises, an increase in coordination
with local law enforcement agencies, and an increase in the number of
operators conducting security vulnerability assessments of their
critical facilities, all of which are recommended in the guidelines.
exercises, assessments, and inspections
TSA works with industry partners to assess and mitigate
vulnerabilities, and improve security through collaborative efforts
including exercises, assessments, and inspections. With the support of
Congress, TSA developed the Intermodal Security Training and Exercise
Program (I-STEP). TSA facilitates I-STEP exercises across all surface
modes, including pipelines, to help operators test their security
plans, prevention and preparedness capabilities, threat response, and
cooperation with first responders. TSA uses a risk-informed process to
select the entities that receive I-STEP exercises and updates I-STEP
scenarios as new threats emerge to ensure industry partners are
prepared to exercise the most appropriate countermeasures.
To identify shortfalls in pipeline security and develop programs
and policies to enhance industry security practices, TSA conducts both
corporate and physical security reviews with pipeline operators. While
these reviews are voluntary, they have been welcomed by pipeline owners
and operators who appreciate the value resulting from securing their
systems.
Working with key executives and security personnel, TSA conducts
the Corporate Security Review (CSR) program, which provides a company-
wide assessment of operators' security policies, plans, and programs.
Upon completion of each CSR, TSA provides recommendations to the
company to enhance its physical and cybersecurity policies and plans.
TSA has conducted over 140 CSRs since 2002, including 6 CSRs in fiscal
year 2015 and 4 to date in fiscal year 2016, with an additional 4
scheduled for completion by the end of the fiscal year. TSA has
completed reviews of all 100 highest-risk pipeline systems and is now
conducting return visits to evaluate the implementation status of
previous security recommendations.
TSA conducts field-based physical security reviews to assess
security measures in place at pipeline critical facilities. The
Implementing Recommendations of the 9/11 Commission Act of 2007 (Public
Law 110-53) required TSA to develop and implement a plan for inspecting
the critical facilities of the top 100 pipeline systems in the Nation.
TSA conducted these required inspections between 2008 and 2011 through
the Critical Facility Inspection program and is continuing the effort
through TSA's Critical Facility Security Review (CFSR) program. Since
2008, TSA has conducted over 400 physical security reviews of critical
facilities, with 46 CFSRs completed in fiscal year 2015 and 21
completed to date in fiscal year 2016, with 16 more expected to be
completed by the end of this fiscal year.
cybersecurity
In the pipeline mode, TSA supports DHS cybersecurity efforts in
support of the National Institute of Standards and Technology
Cybersecurity Framework. The cybersecurity framework is designed to
provide a foundation that industry to better manage and reduce their
cyber risk. TSA shares information and resources with its industry
stakeholders to support their adoption of the framework. TSA also
distributed a cybersecurity toolkit developed from DHS Critical
Infrastructure Cyber Community C3 Voluntary Program materials and
designed to offer the pipeline industry an array of no-cost resources,
recommendations, and security practices. Additionally, within the
pipeline industry, TSA is coordinating a voluntary cyber-assessment
program with the Federal Energy Regulatory Commission to examine
pipeline operators' cybersecurity programs. TSA works closely with the
pipeline industry to identify and reduce cybersecurity vulnerabilities,
including facilitating Classified briefings to increase industry's
awareness of cyber threats.
conclusion
Through voluntary programs and extensive engagement and
collaboration, TSA works closely with Government and industry
stakeholders to secure the Nation's pipeline systems from terrorist
attacks. TSA shares information with pipeline owners and operators,
develops and distributes training materials and security guidelines,
conducts security exercises, assessments, and inspections, resulting in
an enhanced security posture throughout the pipeline industry. TSA
continues to augment its efforts in the face of an evolving threat
through the development and implementation of intelligence-driven,
risk-based policies and programs. Thank you for the subcommittee's
support of TSA's goals and the opportunity to discuss these important
issues.
Mr. Katko. Thank you, Ms. Proctor. I will note that
oftentimes we are here to deal with problems related to TSA.
But it appears that this program is working remarkably well,
and it is reflective of your efforts so we appreciate that.
Now the next witness is Mr. Andrew Black who currently
serves as president and CEO of the Association of Oil Pipe
Lines. Prior to joining AOPL, Mr. Black served as a director of
Federal Government relations at El Paso Energy, where I served
long ago as a Federal prosecutor in El Paso back in the 1990s,
and deputy staff director for the House Committee on Energy and
Commerce. The Chair now recognizes Mr. Black to testify.
STATEMENT OF ANDREW J. BLACK, PRESIDENT AND CEO, ASSOCIATION OF
OIL PIPE LINES
Mr. Black. Chairman and Ranking Member, thanks for the
invitation. Thanks for your great opening statements, which I
thought you captured very well, the program and its benefits.
AOPL represents the owners and operators of the pipelines
that bring to American workers and consumers crude oil, refined
products like gasoline, diesel fuel, and jet fuel, and natural
gas liquids such as propane and ethane. I am also testifying
today on behalf of the American Petroleum Institute which
represents the broader oil and gas industry, including
pipelines. The security of our pipeline systems is a top
priority for pipeline operators. We share TSA's goal of
pipeline security, and work hard to secure our facilities and
networks. Our members appreciate the constructive approach the
TSA Pipeline Security Division takes.
Pipeline operators carefully review TSA's pipeline security
guidelines and pipeline security smart practice observations
when designing and maintaining security plans. Operators host
TSA for corporate security reviews and pipeline security
inspections, which our members tell us are challenging and
pragmatic. Follow-up discussions often result in specific
improvements to the operator's security program. We do not
today ask for any legislative changes regarding TSA's pipeline
security programs.
We participate in the Oil and Natural Gas Sector
Coordinating Council and the Pipeline Sector Coordinating
Council which provide opportunities for Classified and
Unclassified discussions of pipeline security threats.
Operators participate in TSA pipeline security stakeholder
calls to develop industry-wide awareness of issues seen by TSA
and by pipeline operators.
To defend their systems against cyber attacks, pipeline
operators follow API standard 1164 for pipeline data security.
The standard requires operators to maintain systems for
controlling pipeline operations separate and apart from
business systems with internet access and helps operators
protect systems in a rapidly changing and increasingly complex
cyber environment. The broader oil and natural gas industry has
also created several information sharing forms, including the
oil and natural gas information sharing and analysis center or
ONG-ISAC to share threat indicators, alerts, and information to
identify emerging cyber threats. API has developed several
other standards and programs to promote a culture of security,
both physical and cyber, listed in my written testimony.
I want to bring to the subcommittee's attention a pending
policy issue of significant security implications. Pipeline
operators prepare and submit to the U.S. DOT PHMSA, our safety
regulator, oil spill response plans. These response plans
contain sensitive security information such as worst-case spill
scenarios, first responder operational information, and
pipeline control system locations and information. As Members
of this subcommittee can appreciate, this information would
provide a blueprint for a terrorist attack on pipeline
infrastructure.
In 2012, Congress authorized PHMSA specifically to redact
this sensitive security information when making response plans
public in response to FOIA requests. However, a provision in
the recent Pipeline Safety Reauthorization bill passed by the
Senate could allow the public to gain access to pipeline
security information that terrorists could use to plan an
attack.
An amendment adopted in committee would require PHMSA to
provide to Congress upon request unredacted copies of oil
pipeline response plans. We support Congress exercising its
role over PHMSA, its oversight role, and do not object to
Congressional committees receiving these plans. Unfortunately,
however, as 2276 does not provide clear or specific protections
against public disclosure of security sensitive response plan
information obtained by Congress.
PHMSA has explained this information, ``if disclosed would
be of significant operational utility to a person seeking to
harm the pipeline infrastructure of the U.S.'' Like PHMSA, we
believe this information must be protected from public
disclosure because of the security risks. We are ready to
discuss this with this and other committees as pipeline safety
legislation moves forward.
Finally, there is a growing pipeline security issue that
operators are watching closely. Opponents to pipeline projects
in Canada are breaking into pipeline facilities, tampering with
valves, and locking themselves to equipment as part of theirs
protests. There were 4 recent incidents on 1 pipeline, and a
fifth on another. These actions could harm an operator's
ability to respond to an incident. Could even unintentionally
result in a pipeline release impacting the public and the
environment. Information from unredacted response plans may
have helped some Canadian protestors in choosing where and how
to obstruct a pipeline's activities. Information circulated
for, or by pipeline opponents, can easily reach terrorist
organizations who might intentionally use this information to
harm the public.
I encourage Congress to keep these new threats in mind when
reviewing unredacted response plans and determining how the
important information within them should be withheld from
public disclosure.
I thank the subcommittee for considering these issues and
be happy to respond to any questions.
[The prepared statement of Mr. Black follows:]
Prepared Statement of Andrew J. Black
April 19, 2016
Thank you for holding this hearing and for inviting me to testify.
I am Andy Black, president and CEO of the Association of Oil Pipe
Lines (AOPL). AOPL represents the owners and operators of pipelines
that transport crude oil, refined products like gasoline, diesel fuel,
and jet fuel, and natural gas liquids like propane and ethane, to
American workers and consumers.
I am also testifying today on behalf of the American Petroleum
Institute (API). API represents all facets of the oil and natural gas
industry, with more than 650 members including large integrated
companies, as well as exploration and production, refining, marketing,
pipeline, and marine businesses, and service and supply firms.
pipeline security and tsa
The oil and natural gas industry is committed to achieving zero
incidents throughout our operations. Pipeline operators take
considerable steps to ensure the safety and security of our personnel,
assets, and operations. The security of our pipeline systems is a top
priority for pipeline operators. Liquid pipeline operators share TSA's
goal of pipeline security, and work hard to secure our facilities and
networks. Pipeline operators implement many measures and programs in
pursuit of our goal of zero incidents. Operators assess threats to
pipelines, including security threats, take steps to address them, and
share pipeline security best practices industry-wide.
AOPL and API members appreciate the constructive approach the TSA
Pipeline Security Division takes with its pipeline security program.
Pipeline operators carefully review TSA's Pipeline Security Guidelines
and Pipeline Security Smart Practice Observations when designing and
maintaining security plans. Pipeline operators host TSA for pipeline
security inspections and Corporate Security Reviews, which our members
tell us are challenging, reasonable, and pragmatic. Follow-up
discussions often result in specific improvements to the operator's
security program. We do not ask for any changes in legislation or
regulations regarding TSA's programs and activities in pipeline
security.
Because of the pipeline industry's designation by the Department of
Homeland Security (DHS) as a critical infrastructure subsector, we have
many opportunities to participate in Government programs focusing on
promoting security and identifying threats. We participate in the DHS
Oil and Natural Gas Sector Coordinating Council established under
Presidential Policy Directive 21 on critical infrastructure security
and resilience. These activities provide important opportunities for
both Classified and Unclassified discussions of pipeline security
threats. In addition, pipeline operators participate in the DHS
Regional Resiliency Assessment Program, and regularly participate in
TSA pipeline security stakeholder calls to develop industry-wide
awareness of issues seen by TSA and by operators. We also participate
in the FBI's Infragard process, a Government-industry partnership
dedicated to sharing information and intelligence to prevent hostile
acts against the United States.
While participation in these efforts is critical to the development
of situational awareness, it should be noted that DHS's risk analysis
of all critical infrastructure did not designate any oil or natural gas
infrastructure into its highest tier of risk. This is due to our
industry's diverse geography, redundant systems, and the resilience of
the sector when responding to events.
cybersecurity and api standard 1164
Pipeline operators follow API Standard 1164, Pipeline SCADA
Security, which helps pipeline operators defend their systems from
cyber attacks. The standard requires operators to maintain systems for
controlling pipeline operations separate and apart from business
systems with internet access. It was developed with a broad group of
stakeholders from the public and private sectors, and helps operators
protect systems in a rapidly changing and increasingly complex cyber
environment.
The broader oil and gas industry, including pipeline owners and
operators, have also created several information sharing forums,
including the Oil and Natural Gas Information Sharing and Analysis
Center (ONG ISAC), to share threat indicators, alerts and information
to identify emerging cyber threats. Pipeline operators also participate
in the NIST Cybersecurity Framework Roadmap process. These efforts,
combined with the intelligence and information operators receive from
Government sources, help operators better understand their risk and
prevent incidents.
other industry pipeline security programs
API has also developed several other standards and programs to
promote a culture of security, both physical and cyber. API RP 780,
Security Risk Assessment, defines the recommended approach for
assessing security risk widely applicable to the types of facilities
operated by the industry and the security issues the industry faces.
API RP 781, Facility Security Plan Methodology for the Oil and Natural
Gas Industries, will build on RP 780 and provides the process to factor
risk assessment into the physical and cybersecurity measures used to
secure operations. This recommended practice should be published later
this year. In addition, API has published Utilizing Intelligence to
Secure People [http://www.api.org//media/files/policy/safety/api-
guidance-utilizing-intelligence-in-ong.pdf?la=en], a guidance document
describing some of the resources that are available to the industry to
help attain situational awareness in different operating environments.
API created the Oil and Natural Gas Industry Preparedness Handbook
[http://www.api.org/news-policy-and-issues/safety-and-system-integrity/
oil-gas-industry-preparedness-handbook] with support from members and
associations throughout the industry, to illustrate how local responses
can be aided by established relationships with governments and
communities, local, State, and regional associations, and how corporate
and Federal capabilities can facilitate efficient response and recovery
at the local level. The Handbook provides a common-sense approach for
oil and gas owners and operators, local and State industry
associations, and public-sector partners to build the necessary
capabilities to effectively manage the information flow that so often
becomes congested during disruptive events.
oil spill response plans
I want to bring to the subcommittee's attention a pending pipeline
policy issue with significant security implications. Pipeline operators
prepare and submit to U.S. DOT PHMSA, our safety regulator, oil spill
response plans. These response plans detail facilities and plans for
first responder and operator response to pipeline emergencies. They
contain sensitive security information, such as worst-case spill
scenarios, first responder operational information, pipeline control
system locations and information, and descriptions of high-consequence
areas. As Members of this subcommittee can appreciate, this information
would provide a blueprint for a terrorist attack on pipeline
infrastructure.
In 2012, Congress authorized PHMSA specifically to redact this
sensitive security information when making oil spill response plans
public in response to Freedom of Information Act requests. However, a
provision in the recent pipeline safety program reauthorization bill,
S. 2276, passed by the Senate earlier this year, could allow the public
to gain access to pipeline security information terrorists could use to
plan an attack.
The specific Senate provision, adopted in committee as an amendment
by Senator Markey, would require PHMSA to provide to Congress, upon
request, unredacted copies of oil pipeline response plans. AOPL and API
support Congress exercising its oversight role over PHMSA and the oil
spill response program, and do not object to Congressional committee
leaders receiving these plans. Unfortunately, however, S. 2276 does not
provide clear or specific protections against public disclosure of
security-sensitive oil spill response plan information obtained by
Congress.
PHMSA legal guidance deems the information at issue here, ``if
disclosed, would be of significant operational utility to a person
seeking to harm the pipeline infrastructure of the U.S.'' Like PHMSA,
we believe this information must be protected from public disclosure
because of these security risks. We are ready to discuss this with you
and with Members of this committee, the Transportation and
Infrastructure Committee, and the Energy and Commerce Committee, as
pipeline safety reauthorization legislation moves through the House and
conference in coming months.
new threats and actions against pipelines
Finally, there is a growing pipeline security issue operators are
watching closely. Opponents to pipeline projects in Canada are breaking
into pipeline facilities, tampering with valves, and locking themselves
to equipment as part of their protests. There were 4 incidents \1\
between November and January on 1 pipeline and a fifth incident \2\ on
another in January. These actions could harm a pipeline operator's
ability to respond to an incident and could even unintentionally result
in a pipeline release impacting the public or environment.
---------------------------------------------------------------------------
\1\ ``Pipeline industry concerned about tampering and vandalism'',
CBC News, March 9, 2016, http://www.cbc.ca/news/business/cepa-chris-
bloomer-pipelines-tampering-enbridge-vandalism-target-1.3480857.
\2\ ``Pipeline sabotage: Someone tampered with valve on Enbridge
fuel pipeline near Cambridge'', Hamilton Spectator, January 5, 2016,
http://www.thespec.com/news-story/6219719-pipeline-sabotage-someone-
tampered-with-valve-on-enbridge-fuel-pipeline-near-cambridge/.
---------------------------------------------------------------------------
I understand information from unredacted oil spill response plans
has helped some Canadian protestors in choosing where and how to
obstruct a pipeline's activities. Information circulated for, or by,
pipeline opponents can easily reach terrorist organizations who might
intentionally use this information to harm the public. I encourage
Congress to keep these new threats in mind when reviewing unredacted
response plans and determining how the important information within
them should be withheld from public disclosure.
I thank the subcommittee for considering these issues, and would be
happy to respond to any questions.
Mr. Katko. Thank you, Mr. Black.
Our third witness is Ms. Kathleen Judge, who currently
serves as a director of risk and compliance for global security
at National Grid, which I am proud to say operates in my
hometown of Syracuse and throughout up-State New York. Ms.
Judge also serves as the chair of the Oil and Natural Gas
Sector Coordinating Council. The Chair now recognizes Ms. Judge
to testify.
STATEMENT OF KATHLEEN S. JUDGE, DIRECTOR OF RISK AND COMPLIANCE
FOR GLOBAL SECURITY, NATIONAL GRID, TESTIFYING ON BEHALF OF THE
AMERICAN GAS ASSOCIATION
Ms. Judge. Chairman Katko, Ranking Member Rice, Members of
the committee, thank you the opportunity to provide testimony
on pipeline security, and your commitment to the security of
our Nation's critical infrastructure.
As the Chairman stated, I am Kathy Judge. I work for
National Grid, which is a gas and electric company based in the
United Kingdom and Northeastern United States that serves
nearly 7 million customers in New York, Massachusetts, and
Rhode Island. National Grid is the largest distributor of
natural gas in the Northeast. We are proud to be the energy
provider to the Chair, Ranking Member, and Representative
Keating's district.
My background includes 27 years in the utility industry.
Relevant to this hearing, I have helped lead the American Gas
Association Security Committee. I also am current chair of the
Oil and Natural Gas Sector Coordinating Council and Pipeline
Sector Coordinating Council.
Today I am testifying on behalf of the American Gas
Association which represents more than 200 local gas utilities
that operate 2\1/2\ million miles of distribution pipelines
that deliver gas to 71 million consumers. Providing safe
natural gas delivery is the top priority for natural gas
utilities. This said, here are some important facts about
pipeline security.
One, natural gas utilities have a proven history of
weathering natural disasters, accidental third-party damage,
and intentional assaults. Ironically, the leading risk to
pipelines is third-party excavation damage. Pipeline systems
are resilient with multiple redundant safety and reliability
mechanisms in place. Pipelines must comply with DOT pipeline
safety regulations that also provide some security coverage.
TSA threat assessments have indicated that the threat
against U.S. natural gas pipelines is low. Nevertheless,
because of the impact a successful physical or cyber attack
could have on millions of customers, pipeline security remains
a top industry priority.
Gas utilities employ numerous strategies to ensure pipeline
security, including but not limited to, site-specific security
and crisis management plans, to ensure operations are
reinforced with workplace and system redundancies, embedding
security requirements into pipeline design and construction,
weaving security requirements into corporate governance,
participating with information sharing and analysis centers to
improve on situational awareness, coordinating with Federal,
State, and local first responders to ensure effective incident
prevention and response, and partnering with Federal security
partners at TSA, DOE, and the FBI to better understand the
potential threats.
Pivotal to pipeline security is the partnership industry
has, with TSA's pipeline section of the Office of Security
Policy and Industry Engagement. The TSA pipeline section
recognized early on that collaboration was key because pipeline
security professionals in TSA share the same objective, to
protect critical infrastructure. Fourteen years later, this
approach serves as a model for the public/private partnership.
To sustain that partnership, TSA offers numerous programs to
aid pipeline operators. Those primary tools are the TSA
pipeline security guidelines which are a flexible set of
security smart practices that were developed collaboratively by
the Federal Government and pipeline security professionals. On-
site security reviews which offer TSA the opportunity to engage
in constructive nonregulatory discussions with pipeline
operators, and they also offer security awareness and training
materials. These programs promote security in mutually
beneficial relationships between TSA and the operator cannot be
undervalued. Please note that the TSA pipeline security program
must be protected.
I would like to share 2 examples of past actions taken with
the best of intentions that proved detrimental. In 2014 TSA
announced the significant organizational realignment that
dismantled the effective programs and processes that were in
place and that we benefitted from as operators. During this
realignment, it was the intent of DHS to have generalists. In
other words, GSA reps who worked across all transportation
modes. This proved ineffective as visits focused more on
educating the generalists about pipelines and pipeline security
than on the bilateral value gained from the prior visits with
specialists. After input from pipeline operators and a decline
in the industry engagement, TSA reversed the realignment and
went back to the way it was.
DOT and TSA security partnership needs greater
collaboration. DOT recently proposed changes to its National
pipeline mapping system that would require operators to provide
on-line, in a single database, detailed pipeline operations'
location information. It is my belief that TSA would have
opposed this had they been collaborated with on this subject.
Natural gas utilities value the effective security
partnership. Compliance does not equal security. The formula
for measurable effectiveness of TSA's pipeline program is a
result of practical guidelines, information exchange, and
trusted private-sector engagements. We also urge the committee
to continue to support the TSA pipeline security program and
encourage interagency collaboration with PHMSA where pipeline
security and pipeline safety overlap.
Thank you. I look forward to your questions.
[The prepared statement of Ms. Judge follows:]
Prepared Statement of Kathleen S. Judge
April 19, 2016
My name is Kathleen S. Judge and I am the director, risk &
compliance, corporate security for National Grid. National Grid is an
international electricity and gas company based in the United Kingdom
and northeastern United States that connects nearly 7 million customers
to vital energy sources through its networks in New York,
Massachusetts, and Rhode Island. It is the largest distributor of
natural gas in the Northeast. National Grid also operates the systems
that deliver gas and electricity across Great Britain.
I have over 27 years of experience in the utility industry, and
since 2007, I have been in physical security. I have been actively
involved with the industry trade association security committees during
my time in security, including serving on the American Gas Association
Security Committee leadership team since 2011. I currently chair the
Oil & Natural Gas Sector Coordinating Council (ONG SCC) and Pipeline
Working Group, which also serves as the Pipeline Sector Coordinating
Council. I am also actively involved in the Edison Electric Institute
(EEI) Security Committee and serve on the Executive Steering Committee
for the Long Island Sound Area Maritime Security Committee. In 2014 and
2015, I was an active member on the NERC CIP 14--Physical Security
Standards Drafting Team.
I am testifying today on behalf of the American Gas Association
(AGA). AGA, founded in 1918, represents more than 200 local energy
companies that deliver clean natural gas throughout the United States.
There are more than 72 million residential, commercial, and industrial
natural gas customers in the United States, of which 95 percent--nearly
69 million customers--receive their gas from AGA members. Natural gas
pipelines, which transport approximately one-fourth of the energy
consumed in the United States, are an essential part of the Nation's
infrastructure. Indeed, natural gas is delivered to customers through a
safe, 2.5 million-mile underground pipeline system. This includes 2.2
million miles of local utility distribution pipelines and 300,000 miles
of transmission pipelines that stretch across the country, providing
service to more than 177 million Americans.
natural gas utilities
Who We Are
Providing safe, reliable, and cost-effective delivery of natural
gas is the top priority of natural gas utilities across America. Given
our strong service record, enviable safety statistics, and inherently
resilient makeup due to the subsurface locations of the majority of our
assets, natural gas utilities work vigilantly to maintain both the
cybersecurity and physical security of the infrastructure. The natural
gas system is a complex, interconnected, and well-protected network of
pipelines and associated facilities, including but not limited to,
compressor stations, pressure regulators, pressure relief valves, and
underground natural gas storage. Natural gas operations have a proven
history of weathering natural events, accidental third-party damage,
and intentional malicious assaults. Crisis management and site-specific
security plans ensure operations are reinforced with well-trained
workforce and system redundancies. Natural gas security professionals
layer security measures within a framework of risk management. Further,
natural gas owner/operators partner with Federal, State, and local
government and law enforcement agencies to ensure effective and
efficient response to events impacting natural gas operations.
The Transportation Security Administration (TSA) annual threat
assessments have indicated that the threat against U.S. natural gas
pipelines is low, and there is no current credible threat information
regarding attacks on U.S. distribution pipelines. Further, the U.S.
Department of Transportation (DOT) Bureau of Transportation Statistics
continue to show pipelines as the safest form of transportation with
very low incident rates, and the DOT Pipeline and Hazardous Materials
Safety Administration (PHMSA), which regulates pipelines under its
Office of Pipeline Safety (OPS), states that pipelines are one of the
safest and most cost-effective means to transport the extraordinary
volumes of natural gas. As such, pipeline safety and physical
infrastructure security remain AGA's top priority.
Pipeline Risks
The primary objective for gas utilities is the safe and reliable
delivery of natural gas to the consumer. As a result, natural gas
utilities evaluate their security risks with public safety and natural
gas interdependencies in mind. Pipeline security risks may be
categorized as physical security risks or cybersecurity risks. In
general, the leading security risks to natural gas utilities include,
gas theft; access control; supply chain integrity; customer information
theft; insider threat; facility and employee protection; and breach of
Supervisory Control And Data Acquisition systems (SCADA), control
systems, or communication systems. In addition, the potential for loss
of telecommunications capability motivates the natural gas industry to
maintain a basic level of manual operations, which adds a layer of
security not afforded sectors that are fully automated.
Ironically, the leading risk to natural gas utility pipelines
continues to be third-party excavation damage. Excavation damage causes
more casualties and service interruptions than any combination of
security incidents.
While specifics may vary across companies, natural gas security
professionals layer security measures in a handful of operational
phases, i.e., planning, preparation, protection, incident response, and
recovery that are framed by the overarching goal of risk management.
The following provides more details about the activities associated
with these phases.
Planning.--Natural gas owner/operators develop written
programs that include methods for vulnerability and risk
assessment, protection of sensitive information, threat
responses, cooperation with public safety personnel, and
physical security and cybersecurity practices.
Preparation Activities.--Natural gas owner/operators
practice and prepare for extraordinary scenarios through
participation in their own drills as well as those coordinated
by industry, regional associations, and Government agencies.
Table-top exercises enhance preparedness efforts and incident
classification, while testing and engaging operators in
restoration and recovery discussions. Finally, the industry
participates in the TSA I-STEP \1\ full-scale training and
exercises designed to provide a forum for personnel to practice
specific plans and procedures in response to security issues
impacting their companies.
---------------------------------------------------------------------------
\1\ I-STEP: The Intermodal Security Training & Exercise Program is
a ``risk-based, intelligence-driven exercise, training, and security
planning solution in collaboration with other security partners to
reduce risks to critical transportation infrastructure, and build and
sustain security preparedness.''
---------------------------------------------------------------------------
Protection Strategies.--Natural gas owner/operators make
significant investments to protect their most critical assets.
These investments focus on improving protection, detection, and
perimeter security at the most critical locations. Examples of
enhanced physical and personnel security measures include:
physical security measures such as, but not limited to and
as appropriate, barriers and buffer zones, access controls,
gates, locks and key controls, facility lighting, vehicle
searches (static guards), surveillance cameras, intrusion
detection, and monitoring.
personnel security measures such as, but not limited to
and as appropriate, biometric identification and badging,
background investigation, training, exercises, and drills.
Incident Response and Recovery.--Gas utilities have long
maintained and been acknowledged for their consistent
commitment to the safety of the natural gas infrastructure,
workers, and processes. The commitment to operational
resiliency is equally substantial. Redundancies along the
delivery system provide operators the flexibility to reduce
pressure and redirect, shut down, or restore gas flow.
Facilities for alternative fuels and natural gas storage
provide additional options to supplement gas supply to minimize
service disruption. Companies also have critical back-up and
replacement equipment and parts stored at key points along a
system. Rapid response teams can be quickly deployed to get the
system up and running in order to reduce down time. Overall,
the industry approaches preparedness and response from the
local level, acknowledging that events impact workers,
businesses, and communities first and foremost. While resources
and information are often held at the regional or National
levels, it is the local facility operators who have the best
ability to assess their systems, identify needs, and execute
the work needed to restore services.
Title 49 of the Code of Federal Regulations governs the response
aspect of security planning. Pipeline companies have years of
experience responding to emergency incidents and are required
by DOT to have effective emergency plans in place. Operators
are also required to report significant incidents--those
resulting in serious injury, loss of life, or property damage
greater than $50,000--to the DOT National Response Center
(NRC). A mechanical failure or unintentional act resulting in
significant damage to a pipeline will be reported to DOT
through the NRC. An intentional act of damage, or act of a
suspicious nature involving a pipeline, will be reported to TSA
through the Transportation Security Operating Center (TSOC).
Responding to a pipeline failure caused by an intentional act
varies little from the response to a mechanical failure or an
unintentional act; except that, operators must exercise caution
recognizing the incident may be criminal in nature. Facility
restoration is the final component of an industry security
initiative. Specific plans will vary among operators based on
the criticality of the pipelines and factors such as location
and time of year.
Security is woven into corporate governance through security
policies, incident procedures, record keeping, communication, security
measures embedded within design and construction practices, as well as
equipment maintenance and testing. To help maintain operational
security, natural gas utilities are careful not to publicize clearly
sensitive information about critical infrastructure that might provoke
new threats, or endanger the safety of the American public or the
integrity of the Nation's gas systems. Gas companies work closely with
law enforcement personnel and first responders on site-specific
security plans and security drills. Additionally, gas utilities
participate in security information-sharing communities such as the
Downstream Natural Gas Information Sharing & Analysis Center, which
provides participants with timely situational awareness, intelligence
analytics, and industry incident information exchange.
Sector Coordinating Council
In 2004, Sector Coordinating Councils were formed to coordinate
security initiatives among the Nation's critical infrastructure assets.
The Oil and Natural Gas Sector Coordinating Council (ONG SCC) was
formed by 19 industry trade associations to provide a forum for
discussion and to coordinate communications between industry security
professionals and representatives of the Energy Sector Government
Coordinating Council (Energy GCC \2\). Subsequent to the formation of
the ONG SCC, the Pipeline Working Group (Pipeline Sector Coordinating
Council) was formed to further enhance communication and collaboration
among pipeline operators and Government entities.
---------------------------------------------------------------------------
\2\ Energy GCC: The Energy Sector Government Coordinating Council
is chaired by a representative of the Department of Energy, and the GCC
includes members of numerous agencies, including TSA and DOT.
---------------------------------------------------------------------------
Cooperation
The pipeline industry takes its responsibility for facility,
system, and network security very seriously. The TSA provides guidance
and expectations for the practices and procedures necessary to secure
the Nation's critical pipeline infrastructure. Members of industry and
trade associations, working together and through the SCCs, have
developed guidelines that are consistent with these expectations. The
typical operator has a developed security program, has conducted
facility risk assessments, and has implemented sound practices that
provide for effective and practical system security.
The natural gas industry supports a process for raising public
awareness about pipelines in a manner that does not jeopardize
security, interstate commerce, or proprietary business information. In
addition to close coordination amongst gas utilities to reinforce
operational resilience, the industry works directly with Government
partners in DHS, DOE, the White House, the Government intelligence
community, and local and State law enforcement agencies to more
thoroughly understand potential threats and to better protect its
systems. AGA and gas industry representatives actively participate in
interdependency initiatives coordinated by Federal and State
governments to enhance preparedness, response, and recovery planning.
For example, in 2010 and in support of the objectives of the National
Infrastructure Protection Plan, owner/operators across the oil and
natural gas sector collaborated with DHS and DOE to present several
cross-sector emergency management workshops aimed at promoting an
integrated private sector and Government response during natural
disasters and terrorist incidents. The gas industry also engaged with
DOE, DHS, electric utility operators, and local law enforcement on a
series of physical security and cybersecurity briefings across the
United States and Canada. These briefings allow Government officials to
provide information on the current threat environment, discuss
mitigation strategies, and encourage participants to further develop
relationships with first responders and industry partners.
Additionally, many utility security personnel hold Government security
clearances, which allow access to Classified threat information to
further develop security strategies.
Resilience
Resilience is an integral element of the gas industry's critical
infrastructure protection mission that is bolstered by multiple layers
of safety and reliability mechanisms to reduce the magnitude and/or
duration of disruptive events and to ensure sufficient backup coverage
exists. Because utilities must ``expect the unexpected,'' they have
all-encompassing contingency plans for dealing with man-made and
natural disasters to help ensure natural gas will flow safely and
reliably. The industry continues to work with Federal agencies to
enhance the physical security and cybersecurity of its critical
infrastructure while remaining firmly committed to taking appropriate
and measured actions to deter threats, mitigate vulnerabilities, and
minimize consequences associated with a terrorist attack and other
disasters.
The National Infrastructure Advisory Council's Critical
Infrastructure Resilience Study found that the oil and natural gas
sector has a significant amount of redundancy and robustness built into
the system. Most pipelines are relatively easy to repair over the short
term and in many cases, alternative routes are also available to move
sufficient amounts of product around the site of an incident, thus
preventing major disruptions. Moreover, redundancies are built into the
pipeline infrastructure, including interconnects between companies.
This planning and interconnect capability ensures consumers with
reliable service.
transportation security administration
Pipeline Security Authority
Under the provisions of the Aviation and Transportation Security
Act (Public Law 107-71), TSA was established on November 19, 2001, with
responsibility for civil aviation security and ``security
responsibilities over other modes of transportation that are exercised
by the Department of Transportation.'' To fulfill this mandate in the
pipeline mode, on September 8, 2002, TSA formed the Pipeline Security
Division, which is now called the Pipeline Section of the Office of
Security Policy and Industry Engagement (TSA Pipeline Section).
Partnership
The vast majority of critical infrastructure is privately owned and
operated. As such, effective public-private partnerships are the
foundation for critical infrastructure protection and resilience
strategies comprising timely, trusted, unguarded information sharing
among stakeholders. The TSA Pipeline Section recognized early on that
the pipeline industry security professionals are charged with a
parallel objective, i.e., protect the critical infrastructure, and this
is best accomplished in a collaborative environment. Historically, TSA
has strategically refrained from executing its regulatory authority
and, instead, pioneered a path of genuine Government partnership with
pipeline owners/operators. Fourteen years later, this approach
continues to serve as a model for public/private partnership that
offers collaboration, mutual support, and measurable achievement
towards a common goal--pipeline security.
The partnership approach has established a bond between industry
and Government that is uncommon across the Government/operator
community and is measurably beneficial for all stakeholders. The
operator knows best his/her operations--what needs to be secured and
how to best achieve this; TSA provides valuable tools, knowledge
resources, insights, and perspectives that advances the operator's
decision-making process. The end result is an improved security posture
that benefits all involved, except the adversary.
Programs/Tools/Products
TSA has many programs, tools, and products available to assist
pipeline operators in addressing security matters. The portfolio
includes, Critical Facility Inspections (CFI), Corporate Security
Reviews (CSR), Critical Facility Security Reviews (CFSR), Blast
Mitigation, Smart Practices, I-STEP, monthly stakeholder
teleconferences, Security Awareness Training Videos, and the
International Pipeline Security Forum. These resources bring Government
and operators together and foster relationships and cooperative efforts
that have been key to advancing industry pipeline security practices.
TSA Pipeline Security Guidelines
The leading tool in the TSA portfolio is the TSA Pipeline Security
Guidelines (Guidelines), a product of collaboration that coalesced the
institutional knowledge and experience of pipeline security
professionals with the resources of the Federal Government. The
Guidelines were developed with the assistance of industry and
Government members of the Pipeline Sector and Government Coordinating
Councils, industry association representatives, and other interested
parties and represent TSA's expectations of industry. TSA released the
Guidelines in December 2010 (re-released in April 2011), and it applies
to natural gas distribution pipelines and liquefied natural gas
facilities. Notably, the partnership between pipelines and TSA
effectively drives industry to advance beyond minimum security
standards to the deployment of smart industry practices. The Guidelines
provides operators the flexibility to secure pipeline infrastructure by
applying practices that are most applicable to their individual
systems.
On-site Reviews/Visits
Equally significant in advancing industry's security posture are
non-regulatory, on-site facility reviews/visits. The CSRs and CFIs have
historically been the program names for these reviews/visits conducted
by the TSA Pipeline Section. The CSRs focused on the operators' overall
security plan. The CFIs focused on security plan implementation and
actual day-to-day security practices at critical facilities. More
recently, CFIs have been renamed as CFSRs.
The CSRs are designed for TSA to focus on an operator's overall
security plan implementation through: (1) Learning more about an
organization's pipeline system, (2) reviewing an organization's listing
of critical facilities, (3) discussing at length the details of an
organization's security plan and programs, and (4) engaging with the
operator to familiarize the operator with TSA and vice-versa prior to
any security-related event or emergency. Following the review, TSA
shares observations with that company, including a security benchmark
so the company can compare itself with similar or peer companies. TSA
discusses areas in which they observe the company excelling in relation
to the industry and smart practices. TSA also identifies areas in which
the company is observed to be lacking and will make recommendations
based on the Guidelines or offer considerations based on their
expertise and industry observations. TSA then follows up with each
organization to see what progress has been made based on their
recommendations.
CFSRs are site-by-site walkthroughs at each critical facility
focused on site-specific security plans and measures. Following each
review, TSA sends a report to the operator including commendations and
recommendations. TSA then follows up with each operator to check in on
the progress of recommendations. TSA also utilizes information obtained
during the reviews to develop security smart practices that are shared
with the industry.
The review/visits offer TSA a unique opportunity to engage in open,
candid, non-punitive discussions with the operator. This affords TSA
with a more holistic view of how the industry can be effective in its
flexible use of the Guidelines and reinforces the fact that
constructive exchange between TSA and the operator is more useful for
security planning than the ``us versus them'' compliance-audit
environment. Results of these reviews have been used to develop
security ``smart practices'' that are shared widely throughout the
industry. These programs have not only been a means of evaluating the
actual security practices of the pipeline operators but have also been
a means of promoting industry familiarity with the responsibilities and
personnel of TSA. Thus, the collaboration between TSA and the pipeline
operator is a mutually beneficial relationship that cannot be
undervalued.
Stakeholder Teleconferences
For wider participation, TSA holds monthly stakeholder calls to
share physical and cyber threat and intelligence information with
industry. Following notable security events, TSA conducts more frequent
calls and sends out relevant information to industry stakeholders.
Additional Engagement Opportunities
Industry and TSA annually convene to go through the Transportation
Sector Security Risk Assessment. This exercise includes evaluating a
list of scenarios and determining the likelihood of such an event. Both
also collaborate on the development of Pipeline Modal Threat Assessment
prepared by the TSA Office of Intelligence and Analysis.
In addition to the Guidelines and TSA products, the pipeline
industry references and implements multiple resources, programs, and
standards from wellhead to the meter as appropriate for the company's
operations. Such resources include American Petroleum Institute
Recommended Practices and standards, DOE Oil & Natural Gas
Cybersecurity Capability Maturity Model, SANS Institute cybersecurity
standards, and the North American Electric Reliability Corporation
Critical Infrastructure Protection Committee standards. The pipeline
industry also coordinates initiatives with other critical
infrastructure sectors, including but not limited to Chemical, Energy,
Communications, and Financial Sectors as well as other modes within the
Transportation Sector.
To Regulate or Not To Regulate
The formula that promotes on-going improvements to the pipeline
industry's security posture consists of the partnership, the
Guidelines, and the operator facility visits by TSA.
The Guidelines has a common goal with the pipeline operator to
promote the security pipeline infrastructure while recognizing
operational, structural, and commodity differences across the pipeline
industry. This performance-based approach supports the flexibility
needed for operators to address the dynamic security threats specific
to their operations in different operating settings.
The CSRs, CFIs, and CFSRs demonstrate the owner/operators' actions
to follow the Guidelines. According to TSA, there have been 347 CFIs,
154 CSRs, and 151 CFSRs to date. Each of the visits resulted in TSA
recommendations to the operator to which 85-90% of the recommendations
have already been addressed by the operator, and the remaining
recommendations are in the process of being addressed, or the operator
found a better way of achieving the objective of the recommendation.
TSA has gone on record stating that based on its CSRs and other
information, pipeline operators already employ most of these
recommendations in their security plans and programs.
In addition to partnering with TSA, pipelines must comply with DOT
pipeline safety regulations, which require the incorporation of system
fail-safes that in many cases protect against the goals of the
adversary; in the case of natural gas utilities, this would apply to
system over-pressurization. Intrastate pipeline must also comply with
State pipeline safety regulations that go above and beyond DOT's
regulations.
Improving on TSA's Role
In January 2014, TSA announced a significant organizational
realignment that dismantled effective programs (previously highlighted)
and processes both the Government and the operators had benefited from.
During the realignment, it was the intent of DHS to have generalists
(i.e., TSA representatives who work all transportation modes) to
conduct the CFSRs. In practice, this proved ineffective as the visits
focused more on educating the TSA generalist about pipeline security
than on bilateral value gained. Ostensibly, the impetus for the
realignment was to sustain TSA's effectiveness and to remove the stove-
piping amongst the various modes. Industry representatives expressed
concern over the reorganization, as this realignment was done without
engagement of the operator community.
AGA worked with Congressional staff and TSA staff to facilitate a
meeting between TSA leadership and industry to discuss the
reorganization. After extensive pressure from pipeline operators and a
measurable decline in TSA's engagement with industry, TSA reversed the
realignment and returned to a model similar to the original. Because
most of the original well-trained TSA pipeline staff had been
reassigned elsewhere, the program is slowly rebuilding. AGA credits the
leadership of Ms. Sonya Proctor, director, surface division, office of
security policy and industry engagement, for recognizing the
ineffectiveness of the realignment, the need to return to the original
model, and the need to fill open pipeline security positions with
qualified candidates. TSA is strongly encouraged to ramp up the CFSR
program with reviewers who already understand pipeline operations, as
was the case prior to the realignment efforts.
Further, industry has invested a great deal of resources working
with the Government intelligence community to ensure the timely sharing
of actionable information. Though certain groups, such as DHS
Industrial Control Systems Cyber Emergency Response Team (ICS-CERT),
recognize the value of this, others within the intelligence community
(outside of DHS) do not necessarily agree. TSA should be positioned and
empowered to be a conduit of threat information that has implications
to pipeline operations. This would include information that could
impact sectors/infrastructure upon which pipeline operations are
dependent or which have operations similar to pipelines, e.g., SCADA.
Along these same lines, more Government resources should be invested to
provide well-trained and -equipped pipeline security professionals
across the Nation to conduct more facility reviews and noncompliance
visits.
phmsa
Security and safety go hand-in-hand. As prescribed in Title 49 of
the Code of Federal Regulations, pipeline safety, including emergency
management, has been the purview of DOT through PHMSA's Office of
Pipeline Safety. Prior to events of September 11, 2001, the Homeland
Security Act of 2002, Homeland Security Presidential Directive 7
(December 17, 2003), and the Aviation & Transportation Security Act of
2001, pipeline security was under the purview of DOT, where it played a
less prominent role than pipeline safety. In September of 2004, a
Memorandum of Understanding (MOU) was signed by representatives of DHS
and DOT memorializing an agreement of respective pipeline security
roles and responsibilities; ``DOT and DHS will collaborate in
regulating the transportation of hazardous materials by all modes
(including pipelines).'' Additionally, in August 2006, an MOU was
signed by TSA and PHMSA to clarify that TSA has primary responsibility
for pipeline security and formalize coordination between TSA and PHMSA
to ensure that pipeline security and pipeline safety complement one
another: ``PHMSA is responsible for administering a National program of
safety in natural gas and hazardous liquid pipeline transportation
including identifying pipeline safety concerns and developing uniform
safety standards.''
The emergency response practices prescribed by DOT are used in the
event of any incident, whether intentional or accidental. All involved
parties must work cooperatively with law enforcement, local agencies,
and first responders to minimize damage and danger to local communities
and critical facilities.
Coordination
For a number of years following the 2006 MOU, PHMSA was actively
engaged with TSA activities, including the development of the
Guidelines. However, more recent experiences suggest that PHMSA has
lost its focus on cybersecurity. For example, PHMSA has proposed
significant changes to its National Pipeline Mapping System that would
require operators to provide very detailed pipeline operations and
location information, including information on critical valves, on-line
in a single database, and this information would be made widely
available. PHMSA's actions suggest pipeline cybersecurity is an
afterthought rather than part of the evaluation process.
summary
Natural gas utilities value the collaborative security relationship
they have with TSA. TSA is to be commended for choosing the more
constructive path, i.e., partnering with owners/operators, to improving
the pipeline sector's security posture. Furthermore, compliance does
not equate to security. The formula for the measurable effectiveness of
TSA is the result of practical guidelines, smart practices, information
exchange, and trusted engagement with the private sector. TSA should
continue the process of reversing its earlier realignment efforts and
return to the model of a dedicated group of TSA staff with knowledge
and experience in pipeline operations specifically assigned to pipeline
security. TSA should also continue to coordinate with PHMSA where
pipeline security and pipeline safety overlap. Along the same lines,
PHMSA should be more proactive in consulting with TSA on pipeline
safety matters, in particular regarding regulations that have security
implications and may increase pipeline vulnerability.
Mr. Katko. Thank you, Ms. Judge for your testimony. We
appreciate you being here today.
Our fourth and final witness is Dr. Paul Parfomak. Did I
say that correctly?
Mr. Parfomak. Perfect.
Mr. Katko [continuing]. Who currently serves as a
specialist in the energy and infrastructure policy at the
Congressional Research Service. The Chair now recognizes Dr.
Parfomak to testify.
STATEMENT OF PAUL W. PARFOMAK, SPECIALIST IN ENERGY AND
INFRASTRUCTURE POLICY, CONGRESSIONAL RESEARCH SERVICE, LIBRARY
OF CONGRESS
Mr. Parfomak. Good afternoon, Chairman Katko, Ranking
Member Rice, and Members of the subcommittee. My name is Paul
Parfomak, specialist in energy and infrastructure policy at the
Congressional Research Service. CRS appreciates the opportunity
to testify about the Federal role in pipeline security. Please
note that CRS does not advocate policy or take a position on
any legislation.
Nearly 3 million miles of pipeline transport natural gas,
oil, and other hazardous liquids across the continental United
States. Due to their scale and reliance on computer controls,
the Nation's pipelines are vulnerable to attack, and repeatedly
have been a focus of malicious activity. Major incidents
include a plot by Islamist terrorists to attack jet fuel
pipelines at JFK Airport, attempted bombings of natural gas
pipelines in Texas and Oklahoma, and a coordinated campaign of
cyber intrusions among pipeline operator computer systems.
Over the last 15 years, there have been no successful
pipeline attacks in the United States. But the threat remains
credible. The Department of Transportation has statutory
authority to regulate pipeline safety. The Clinton
administration gave the DOT lead responsibility for pipeline
security as well. In 2001, however, President Bush placed
pipeline security authority within the newly-established
Transportation Security Administration. Since its inception,
TSA has administered a multifaceted pipeline security program
centered around its corporate security reviews. The agency also
inspects critical facilities, participates in security
committees, and provides training, among many other activities.
While TSA has been engaged in a broad range of activities
to help secure pipelines, questions remain about the overall
structure and effectiveness of its pipeline security program.
Three specific issues may warrant Congressional attention. No.
1, TSA's pipeline security resources. No. 2, voluntary versus
mandatory standards. No. 3, uncertainty about pipeline security
risks.
TSA's budget funds on the order of 10 to 15 full-time
equivalent staff to support the various aspects of its pipeline
security program. There is concern by some that this level of
resources may not support rigorous and timely review of
security plans and inspection of facilities Nation-wide. TSA's
handful of pipeline staff accomplish a great deal, but they
stand in contrast to over 700 staff in the other surface
transportation modes at TSA, which excludes aviation. Over 500
pipeline safety staff available to the DOT. Given this
disparity, it is logical to consider whether TSA's pipeline
security resources should be increased, or whether DOT staff
who inspect the same pipeline systems as TSA could somehow be
deployed to help meet security objectives.
Although TSA has the statutory authority to regulate
pipeline security, the agency has not promulgated such
regulations. TSA asserts that its voluntary approach is more
effective than mandatory standards. Canadian regulators,
however, have come to a different conclusion. They do regulate
pipeline security. Likewise, the U.S. Federal Energy Regulatory
Commission has ordered mandatory cyber and physical security
standards for the bulk electric power system which faces
threats and vulnerabilities similar to pipelines. Canada's and
FERC's decisions to regulate security raise questions as to the
relative merits of a voluntary versus a regulatory approach to
pipeline security.
TSA's pipeline threat assessment published in 2011
concluded with high confidence that the terrorist threat to the
U.S. pipeline industry was low. No subsequent assessments are
publicly available. However, recent events have increased
concerns about pipeline system threats, especially cyber
threats because the pipeline industry security risk assessments
rely upon information from the Federal Government, uncertain or
outdated threat information may lead to inconsistent security
plans, inefficient spending of security resources, or
deployment of security measures against the wrong threat.
In conclusion, the Nation's pipelines have proven to be
both vulnerable to attacks and attractive to malicious actors.
A strong Federal pipeline security program is clearly
necessary. Real bombs have been planted, computer systems have
been attacked, and perpetrators have been imprisoned. TSA
identifies many activities under its Pipeline Security Program.
But they are performed with constrained resources. While both
the TSA and industry are engaged in pipeline security,
questions have been raised as to their level of capability and
how effective their efforts have actually been. Under TSA's
current approach, it is difficult to know for certain.
Furthermore, while there have been no publicly-reported
successful attacks on U.S. pipelines in recent years, existing
security measures did not prevent attackers from planting
explosive devices along U.S. pipelines on 2 separate occasions.
If Congress concludes that TSA's current efforts are
insufficient, it may decide to provide additional resources to
support them, or specifically, direct TSA to develop pipeline
security regulations. Congress also may direct TSA to focus
additional attention on understanding pipeline threats, and to
assess how the various elements of U.S. pipeline safety and
security fit together.
Thank you for the opportunity to appear before the
committee. I will be happy to answer any questions.
[The prepared statement of Mr. Parfomak follows:]
Prepared Statement of Paul W. Parfomak
April 19, 2016
Good morning Chairman Katko, Ranking Member Rice, and Members of
the subcommittee. My name is Paul Parfomak, Specialist in Energy and
Infrastructure Policy at the Congressional Research Service (CRS). CRS
appreciates the opportunity to testify here today about the evolution
of and current Federal role in pipeline security. Please note that, in
accordance with our enabling statutes, CRS does not advocate policy or
take a position on any related legislation.
introduction
Nearly 3 million miles of pipeline transporting natural gas, oil,
and other hazardous liquids crisscross the United States. While an
efficient and comparatively safe means of transport, these pipelines
carry materials with the potential to cause public injury, destruction
of property, and environmental damage. The Nation's pipeline network is
also widespread, running alternately through remote and densely-
populated regions. Pipelines are operated by increasingly sophisticated
computer systems which manage their product flows and provide
continuous information on their status. Due to their scale, physical
exposure, and reliance on computer controls, pipelines are vulnerable
to accidents, operating errors, and malicious attacks.
Congress has had long-standing concern about the security of the
Nation's pipeline network. Beginning with the Aviation and
Transportation Security Act of 2001 (Pub. L. 107-71), which established
the Transportation Security Administration, and continuing through the
PIPES Act of 2006 (Pub. L. 109-468) and the Implementing
Recommendations of the 9/11 Commission Act of 2007 (Pub. L. 110-53),
Congress has enacted specific statutory provisions to help secure
pipelines. Likewise, successive Presidential administrations have
promulgated executive orders establishing a Federal framework for the
security of pipelines, among other critical infrastructure. The 114th
Congress is overseeing the implementation of the Federal pipeline
security program and considering new legislation related to the
Nation's pipeline systems. In particular, the SAFE PIPES Act (S. 2776),
which reauthorizes the Federal pipeline safety program, would also
mandate a report to Congress on the staffing, resource allocation,
oversight strategy, and management of the Federal pipeline security
program (� 20).
Physical Threats to Pipeline Security
Pipelines are vulnerable to intentional attacks using firearms,
explosives, or other physical means. Oil and gas pipelines, globally,
have been a favored target of terrorists, militant groups, and
organized crime. For example, in 1996, London police foiled a plot by
the Irish Republican Army to bomb gas pipelines and other utilities
across the city.\1\ In Colombia, rebels have bombed the Canon Lemon oil
pipeline and other pipelines hundreds of times since 1993, most
recently last March.\2\ Likewise, militants in Nigeria have repeatedly
attacked oil pipelines, including coordinated bombings of 3 pipelines
in 2007 and the sophisticated bombing of an underwater pipeline in
2016.\3\ A rebel group detonated bombs along Mexican oil and natural
gas pipelines in July and September 2007.\4\ Natural gas pipelines in
British Columbia, Canada, were bombed 6 times between October 2008 and
July 2009 by unknown perpetrators in acts classified by authorities as
environmentally motivated ``domestic terrorism.''\5\ In 2009, the
Washington Post reported that over $1 billion of crude oil had been
stolen directly from Mexican pipelines by organized criminals and drug
cartels.\6\
---------------------------------------------------------------------------
\1\ President's Commission on Critical Infrastructure Protection,
Critical Foundations: Protecting America's Infrastructures, Washington,
DC, October 1997.
\2\ Luis Jaime Acosta, ``Colombia's Cano Limon Pipeline Suspended
After Rebel Attacks,'' Reuters, March 14, 2016; Government
Accountability Office (GAO), Security Assistance: Efforts to Secure
Colombia's Cano Limon-Covenas Oil Pipeline Have Reduced Attacks, but
Challenges Remain, GAO-05-971, September 2005.
\3\ Maggie Fick and Anjil Raval, ``Bombed Pipeline to Hit Nigeria
Oil Output,'' Financial Times, March 8, 2016; Katherine Houreld,
``Militants Say 3 Nigeria Pipelines Bombed,'' Associated Press, May 8,
2007.
\4\ Reed Johnson, ``Six Pipelines Blown Up in Mexico,'' Los Angeles
Times, September 11, 2007. p. A-3.
\5\ Ben Gelinas, ``New Letter Threatens Resumption of `Action'
against B.C. Pipelines,'' Calgary Herald, April 15, 2010.
\6\ Steve Fainaru and William Booth, ``Mexico's Drug Cartels Siphon
Liquid Gold,'' Washington Post, December 13, 2009.
---------------------------------------------------------------------------
Pipelines in the United States have also been targeted by
terrorists and other malicious individuals. In 1999, Vancouver police
arrested a man planning to bomb the Trans Alaska Pipeline System (TAPS)
for personal profit in oil futures.\7\ In 2005 a U.S. citizen sought to
conspire with al-Qaeda to attack TAPS and a major natural gas pipeline
in the eastern United States.\8\ In 2006 Federal authorities
acknowledged the discovery of a detailed posting on a website
purportedly linked to al-Qaeda that reportedly encouraged attacks on
U.S. pipelines, especially TAPS, using weapons or hidden explosives.\9\
In 2007, the U.S. Department of Justice arrested members of a terrorist
group planning to attack jet fuel pipelines and storage tanks at the
John F. Kennedy International Airport.\10\ In 2011, a man planted a
bomb, which did not detonate, along a natural gas pipeline in
Oklahoma.\11\ In 2012, a man who reportedly had been corresponding with
``Unabomber'' Ted Kaczynski unsuccessfully bombed a natural gas
pipeline in Plano, Texas.\12\ To date, there have been no successful
bombings of U.S. pipelines, but the threat of physical attacks remains
credible.
---------------------------------------------------------------------------
\7\ David S. Cloud, ``A Former Green Beret's Plot to Make Millions
Through Terrorism,'' Ottawa Citizen, December 24, 1999, p. E15.
\8\ U.S. Attorney's Office, Middle District of Pennsylvania, ``Man
Convicted of Attempting to Provide Material Support to Al-Qaeda
Sentenced to 30 Years' Imprisonment,'' Press release, November 6, 2007;
A. Lubrano and J. Shiffman, ``Pa. Man Accused of Terrorist Plot,''
Philadelphia Inquirer, February 12, 2006, p. A1.
\9\ Wesley Loy, ``Web Post Urges Jihadists to Attack Alaska
Pipeline,'' Anchorage Daily News, January 19, 2006.
\10\ U.S. Department of Justice, ``Four Individuals Charged in Plot
to Bomb John F. Kennedy International Airport,'' press release, June 2,
2007.
\11\ U.S. Attorney's Office, ``Konawa Man Sentenced for Attempting
to Destroy or Damage Property Using an Explosive,'' press release,
December 5, 2012.
\12\ Valerie Wigglesworth, ``Plano Blast Suspect Corresponded with
Unabomber,'' Dallas Morning News, June 29, 2014; U.S. Attorney's
Office, ``Plano Man Guilty in Pipeline Bombing Incident,'' press
release, June 3, 2013.
---------------------------------------------------------------------------
Cyber Threats to Pipelines
Although physical attacks on pipelines have been a focus in North
America and elsewhere, the sophisticated computer systems used to
operate pipeline systems are also vulnerable to cyber attacks. Cyber
infiltration of supervisory control and data acquisition (SCADA)
systems could allow ``hackers'' to disrupt pipeline service and cause
spills, explosions, or fires--all from remote locations via the
internet or other communication pathways. Such an approach reportedly
was used to cause the 2008 explosion of the Baku-Tbilisi-Ceyhan oil
pipeline in Turkey.\13\
---------------------------------------------------------------------------
\13\ Jordan Robertson and Michael Riley, ``Mysterious '08 Turkey
Pipeline Blast Opened New Cyberwar,'' Bloomberg, December 10, 2014.
---------------------------------------------------------------------------
In March 2012, the Industrial Control Systems Cyber Emergency
Response Team housed within the Department of Homeland Security
identified an on-going series of cyber intrusions among U.S. natural
gas pipeline operators dating back to December 2011. According to the
agency, various pipeline companies described targeted spear-phishing
\14\ attempts and intrusions into multiple natural gas pipeline sector
organizations ``positively identified . . . as related to a single
campaign.''\15\ In 2011, computer security company McAfee reported
similar ``coordinated covert and targeted'' cyber attacks originating
primarily in China against global energy companies. The attacks began
in 2009 and involved spear-phishing, exploitation of Microsoft software
vulnerabilities, and the use of remote administration tools to collect
sensitive competitive information about oil and gas fields.\16\ In
2010, the Stuxnet computer worm was first identified as a threat to
industrial control systems. Although the Stuxnet software initially
spreads indiscriminately, the software includes a highly specialized
industrial process component targeting specific industrial SCADA
systems built by the Siemens company.\17\ The increased vulnerability
of pipeline SCADA systems due to their modernization, taken together
with the emergence of SCADA-specific malicious software and the recent
cyber attacks, suggests that cybersecurity threats to pipelines have
been increasing.
---------------------------------------------------------------------------
\14\ ``Spear-phishing'' involves sending official-looking e-mails
to specific individuals to insert harmful software programs (malware)
into protected computer systems; to gain unauthorized access to
proprietary business information; or to access confidential data such
as passwords, social security numbers, and private account numbers.
\15\ Industrial Control Systems Cyber Emergency Response Team (ICS-
CERT), ``Gas Pipeline Cyber Intrusion Campaign,'' ICS-CERT Monthly
Monitor, April 2012, p.1, http://www.us-cert.gov/control_systems/pdf/
ICS-CERT_Monthly_Monitor_Apr2012.pdf.
\16\ McAfee Foundstone Professional Services and McAfee Labs,
Global Energy Cyberattacks: ``Night Dragon,'' white paper, February 10,
2011, p. 3, http://www.mcafee.com/us/resources/white-papers/wp-global-
energy-cyberattacks-night-dragon.pdf.
\17\ Tobias Walk, ``Cyber-attack Protection for Pipeline SCADA
Systems,'' Pipelines International Digest, January 2012, p. 7.
---------------------------------------------------------------------------
Potential Consequences of Pipeline Releases
Although there have been no intentional releases from U.S.
pipelines due to bombing or cyber attacks, accidental releases may
illustrate the potential consequences of a successful attack. Pipeline
accidents in the United States, on the whole, cause few fatalities
compared to other product transportation modes, but such accidents have
been catastrophic in several cases. For example, a 1999 gasoline
pipeline accident in Bellingham, WA, killed 3 people and caused $45
million in damage to a city water plant and other property.\18\ In
2000, a natural gas pipeline accident near Carlsbad, NM, killed 12
campers.\19\ A 2010 natural gas pipeline explosion in San Bruno, CA,
killed 8 people, injured 60 others, and destroyed 37 homes.\20\ A 2010
pipeline spill released 819,000 gallons of crude oil into a tributary
of the Kalamazoo River near Marshall, MI.\21\ A 2014 natural gas
distribution pipeline explosion in New York City killed 8 people,
injured 50 others, destroyed 2 5-story buildings, and caused the
temporary closure of a transit line due to debris.\22\ Such accidents
demonstrate the potential risk to human life, property, and the
environment. Disruption of service from these pipelines also caused
economic and operational impacts among the pipelines' customers. Such
accidents have generated substantial scrutiny of pipeline regulation
and increased State and community activity related to pipeline safety
and security.\23\
---------------------------------------------------------------------------
\18\ National Transportation Safety Board, Pipeline Rupture and
Subsequent Fire in Bellingham, Washington June 10, 1999, NTSB/PAR-02/
02, October 8, 2002.
\19\ National Transportation Safety Board, Natural Gas Pipeline
Rupture and Fire Near Carlsbad, New Mexico August 19, 2000, NTSB/PAR-
03-01, February 11, 2003.
\20\ National Transportation Safety Board, Pacific Gas and Electric
Company Natural Gas Transmission Pipeline Rupture and Fire, San Bruno,
California, September 9, 2010, NTSB/PAR-11/01, August 30, 2011.
\21\ National Transportation Safety Board, Enbridge, Inc. Hazardous
Liquid Pipeline Rupture, Board meeting summary, July 25, 2010, http://
www.ntsb.gov/news/events/2012/marshall_mi/index.html.
\22\ National Transportation Safety Board, Natural Gas-Fueled
Building Explosion and Resulting Fire New York City, New York March 12,
2014, NTSB/PAR-15/01, June 9, 2015.
\23\ See, for example: Jim Lynch and Jonathan Oosting, ``Opposition
Grows to Straits of Mackinac Oil Lines,'' Detroit News, April 13, 2016;
Bellingham Herald Editorial Board, ``Citizens Need Panel To Monitor
Pipeline Safety,'' Bellingham Herald (WA), January 24, 2010; Janet
Zink, ``Fueling the Resistance,'' St. Petersburg Times, December 16,
2007; J. Nesmith and R.K.M. Haurwitz, ``Pipelines: The Invisible
Danger,'' Austin American-Statesman, July 22, 2001.
---------------------------------------------------------------------------
the federal role in pipeline security
Federal pipeline security efforts originated in the pipeline safety
program. The Natural Gas Pipeline Safety Act of 1968 (Pub. L. 90-481)
and the Hazardous Liquid Pipeline Act of 1979 (Pub. L. 96-129) are 2 of
the principal early acts establishing the Federal role in pipeline
safety. Under both statutes, the Transportation Secretary is given
primary authority to regulate key aspects of inter-State pipeline
safety: Design, construction, operation and maintenance, and spill
response planning. At the end of fiscal year 2015, the Department of
Transportation (DOT) employed 234 pipeline safety staff in its Pipeline
and Hazardous Materials Safety Administration (PHMSA).\24\ In addition
to its own staff, PHMSA's enabling legislation allows the agency to
delegate authority to intra-State pipeline safety offices, and allows
State offices to act as ``agents'' administering inter-State pipeline
safety programs (excluding enforcement) for those sections of inter-
State pipelines within their boundaries.\25\ There were approximately
330 full-time equivalent State pipeline safety inspectors in 2015.\26\
---------------------------------------------------------------------------
\24\ Artealia Gilliard, PHMSA, personal communication, September
18, 2015. Employees as of September 18, 2015.
\25\ 49 U.S.C. 60107.
\26\ Artealia Gilliard, September 9, 2015.
---------------------------------------------------------------------------
Presidential Decision Directive 63, issued by the Clinton
administration in 1998, assigned to the DOT lead responsibility for
pipeline security as well as safety.\27\ Under this authority, after
the terrorist attacks of September 11, 2001, the DOT conducted a
vulnerability assessment to identify critical pipeline facilities and
worked with industry groups and State pipeline safety organizations to
assess the industry's readiness to prepare for, withstand, and respond
to a terrorist attack.\28\ Together with the Department of Energy and
State pipeline agencies, the DOT promoted the development of consensus
standards for security measures \29\ tiered to correspond with the 5
levels of threat warnings issued by the Office of Homeland
Security.\30\ The DOT also developed protocols for inspections of
critical facilities to ensure that operators implemented appropriate
security practices. To convey emergency information and warnings, the
DOT established a variety of communication links to key staff at the
most critical pipeline facilities throughout the country. The DOT also
began identifying near-term technology to enhance deterrence,
detection, response, and recovery, and began seeking to advance public
and private-sector planning for response and recovery.\31\
---------------------------------------------------------------------------
\27\ Presidential Decision Directive 63, Protecting the Nation's
Critical Infrastructures, May 22, 1998.
\28\ Research and Special Programs Administration (RSPA), RSPA
Pipeline Security Preparedness, December 2001.
\29\ See: American Petroleum Institute and National Petrochemical
and Refiners Association, Security Vulnerability Assessment Methodology
for the Petroleum and Petrochemical Industries, March 2002; Interstate
Natural Gas Association of America (INGAA) and American Gas Association
(AGA), Security Guidelines for the Natural Gas Industry, September
2002.
\30\ Ellen Engleman, Administrator, Research and Special Programs
Administration (RSPA), statement before the Subcommittee on Energy and
Air Quality, House Energy and Commerce Committee, March 19, 2002.
\31\ Ellen Engleman, Administrator, Research and Special Programs
Administration (RSPA), statement before the Subcommittee on Highways
and Transit, House Transportation and Infrastructure Committee,
February 13, 2002.
---------------------------------------------------------------------------
In September 2002, the DOT circulated formal guidance developed in
cooperation with the pipeline industry associations defining the
agency's security program recommendations and implementation
expectations. This guidance recommended that operators identify
critical facilities, develop security plans consistent with prior trade
association security guidance, implement these plans, and review them
annually.\32\ While the guidance was voluntary, the DOT expected
compliance and informed operators of its intent to begin reviewing
security programs within 12 months, potentially as part of more
comprehensive safety inspections.\33\
---------------------------------------------------------------------------
\32\ James K. O'Steen, Research and Special Programs Administration
(RSPA), Implementation of RSPA Security Guidance, presentation to the
National Association of Regulatory Utility Commissioners, February 25,
2003.
\33\ James K. O'Steen, Office of Pipeline Safety (OPS), personal
communication, June 10, 2003.
---------------------------------------------------------------------------
Transferring Pipeline Security to TSA
In November 2001, President Bush signed the Aviation and
Transportation Security Act (Pub. L. 107-71) establishing the
Transportation Security Administration (TSA) within the DOT. According
to TSA, the act placed the DOT's pipeline security authority (under
PDD-63) within TSA. The act specified for TSA a range of duties and
powers related to general transportation security, such as intelligence
management, threat assessment, mitigation, and security measure
oversight and enforcement, among others. On November 25, 2002,
President Bush signed the Homeland Security Act of 2002 (Pub. L. 107-
296) creating the Department of Homeland Security (DHS). Among other
provisions, the act transferred to DHS the Transportation Security
Administration from the DOT (� 403). On December 17, 2003, President
Bush issued Homeland Security Presidential Directive 7 (HSPD-7),
clarifying executive agency responsibilities for identifying,
prioritizing, and protecting critical infrastructure.\34\ HSPD-7
maintains DHS as the lead agency for pipeline security (par. 15), and
instructs the DOT to ``collaborate in regulating the transportation of
hazardous materials by all modes (including pipelines)'' (par. 22h).
The order requires that DHS and other Federal agencies collaborate with
``appropriate private sector entities'' in sharing information and
protecting critical infrastructure (par. 25). TSA joined both the
Energy Government Coordinating Council and the Transportation
Government Coordinating Council under provisions in HSPD-7. The
missions of the councils are to work with their industry counterparts
to coordinate critical infrastructure protection programs in the energy
and transportation sectors, respectively, and to facilitate the sharing
of security information.
---------------------------------------------------------------------------
\34\ HSPD-7 supersedes PDD-63 (par. 37).
---------------------------------------------------------------------------
HSPD-7 also required DHS to develop a National plan for critical
infrastructure and key resources protection (par. 27), which the agency
issued in 2006 as the National Infrastructure Protection Plan (NIPP).
The NIPP, in turn, required each critical infrastructure sector to
develop a Sector-Specific Plan (SSP) that describes strategies to
protect its critical infrastructure, outlines a coordinated approach to
strengthen its security efforts, and determines appropriate funding for
these activities. Executive Order 13416 further required the
transportation sector SSP to prepare annexes for each mode of surface
transportation.\35\ In accordance with the above requirements the TSA
issued its Transportation Systems Sector-Specific Plan and Pipeline
Modal Annex in 2007 with an update on 2010.
---------------------------------------------------------------------------
\35\ Executive Order 13416, ``Strengthening Surface Transportation
Security,'' December 5, 2006.
---------------------------------------------------------------------------
tsa's pipeline security activities
Although the TSA has regulatory authority for pipeline security
under Pub. L. 107-71 and Pub. L. 110-53, its activities to date have
relied upon voluntary industry compliance with the agency's security
guidance and best practice recommendations.\36\ TSA has administered a
multifaceted program to facilitate these efforts. In 2003, TSA
initiated its on-going Corporate Security Review (CSR) program, wherein
the agency visits the largest pipeline and natural gas distribution
operators to review their security plans and inspect their facilities.
During the reviews, TSA evaluates whether each company is following the
intent of the DOT's voluntary security guidance, as updated by TSA, and
seeks to maintain the list of assets each company has identified
meeting the criteria established for critical facilities. In 2008, the
TSA initiated its Critical Facility Inspection Program (CFI), under
which the agency conducted in-depth inspections of all the critical
facilities of the 125 largest pipeline systems in the United States.
The agency estimated that these 125 pipeline systems collectively
included approximately 600 distinct critical facilities.\37\ TSA
concluded the initial round of CFI inspections in 2011, having
completed a total of 347 site visits throughout the United States.\38\
---------------------------------------------------------------------------
\36\ Transportation Security Administration, Pipeline Security
Guidelines, April 2011, and Pipeline Security Smart Practice
Observations, September 19, 2011.
\37\ Department of Homeland Security, ``Extension of Agency
Information Collection Activity Under OMB Review: Critical Facility
Information of the Top 100 Most Critical Pipelines,'' 76 Federal
Register 62818, October 11, 2011.
\38\ Jack Fox, General Manager, Pipeline Security Division,
Transportation Security Administration, personal communication,
February 24, 2012.
---------------------------------------------------------------------------
Over the last decade, TSA has engaged in a number of additional
pipeline security initiatives, including:
Developing a statistical tool used for relative risk ranking
and prioritization,
Completing a security incident and recovery protocol plan
mandated under Pub. L. 110-53,
Initiating a program to address risks from pipeline
transportation of hazardous materials other than oil and
natural gas,
Assessing U.S. and Canadian security and planning for
critical cross-border pipelines,
Convening international pipeline security forums for U.S.
and Canadian governments and pipeline industry officials,
Facilitating pipeline security drills and exercises
including those under the Intermodal Security Training Exercise
Program (I-STEP),
Developing pipeline security awareness training materials,
Convening periodic information-sharing conference calls
between key pipeline security stakeholders, and
Participating in Sector Coordinating Councils and Joint
Sector Committees.\39\
---------------------------------------------------------------------------
\39\ Jack Fox, Pipeline Industry Engagement Manager, TSA, Pipeline
Security: An Overview of TSA Programs, slide presentation, May 5, 2014;
Transportation Security Administration, Transportation Systems Sector-
Specific Plan, 2010, p. 326.
---------------------------------------------------------------------------
In addition to these activities, TSA has also conducted regional
supply studies for key natural gas markets, has conducted training on
cybersecurity awareness, has participated in pipeline blast mitigation
studies, and has joined in ``G-8'' multinational security assessment
and planning.\40\
---------------------------------------------------------------------------
\40\ Transportation Security Administration, Pipeline Modal Annex,
June 2007, pp. 10-11. G8=Group of Eight (the United States, the United
Kingdom, Canada, France, Germany, Italy, Japan, and Russia).
---------------------------------------------------------------------------
Pipeline Cybersecurity Initiatives
Pipeline cybersecurity is an element of several Federal initiatives
within DHS.\41\ For example, TSA has included a number of general
cybersecurity provisions in its industry security guidance \42\ and has
encouraged industry compliance with the National Institute of Standards
and Technology (NIST) Framework for Improving Critical Infrastructure
Cybersecurity.\43\ TSA has also employed the http://www.nist.gov/
cyberframework/upload/cybersecurity-framework-021214.pdf.
---------------------------------------------------------------------------
\41\ The Interstate Natural Gas Association of America (INGAA), a
trade association for gas pipeline companies, maintains its own
extensive cybersecurity guidelines for natural gas pipeline control
systems: INGAA, Control Systems Cyber Security Guidelines for the
Natural Gas Pipeline Industry, Washington, DC, January 31, 2011.
Likewise, the American Petroleum Institute (API), a trade association
within the oil industry, maintains a standard for oil pipeline control
system security: API, Pipeline SCADA Security, Second Edition, API Std.
1164, Washington, DC, June 2009.
\42\ For example, TSA's guidance advises operators to ``conduct a
risk assessment to weigh the benefits of implementing wireless
networking against the potential risks for exploitation.'' TSA, April
2011, p. 18.
\43\ Jack Fox, Pipeline Industry Engagement Manager, TSA, personal
communication, October 29, 2015. See: National Institute of Standards
and Technology, Framework for Improving Critical Infrastructure
Cybersecurity, Version 1.0, February 12, 2014, http://www.nist.gov/
cyberframework/upload/cybersecurity-framework-021214.pdf.
---------------------------------------------------------------------------
Cybersecurity Assessment and Risk Management Approach (CARMA) in
collaborating with key stakeholders to identify pipeline industry value
chains, critical functions, and supporting cyber infrastructure.\44\
The agency has also coordinated with DHS and the Department of Energy
to harmonize existing cybersecurity risk management programs. Pipelines
are also included in DHS's multi-modal cybersecurity initiatives, such
as its Industrial Control Systems Cyber Emergency Response Team (ICS-
CERT).\45\ The TSA also has established a public/private partnership-
based cybersecurity program supporting the National Infrastructure
Protection Plan. Pipeline operators have participated in DHS-sponsored
control systems cybersecurity training and also participate in the DHS
Industrial Control Systems Joint Working Group.\46\
---------------------------------------------------------------------------
\44\ Jack Fox, May 5, 2014.
\45\ Department of Homeland Security, ``Industrial Control Systems
Cyber Emergency Response Team (ICS-CERT),'' web page, April 13, 2106,
https://ics-cert.us-cert.gov/.
\46\ Department of Homeland Security, ``Industrial Control Systems
Joint Working Group (ICSJWG),'' web page, April 13, 2016, https://ics-
cert.us-cert.gov/Industrial-Control-Systems-Joint-Working-Group-ICSJWG.
---------------------------------------------------------------------------
Outside DHS, the Department of Energy operates the National SCADA
Test Bed Program, a partnership with Idaho National Laboratory, Sandia
National Laboratories, and other National laboratories which addresses
control system security challenges in the energy sector. Among its key
functions, the program performs control systems testing, research and
development; control systems requirements development; and industry
outreach.\47\ Sandia Laboratories also performs authorized defensive
cybersecurity assessments for Government, military, and commercial
customers through its Information Design Assurance Red Team (IDART)
program.\48\
---------------------------------------------------------------------------
\47\ U.S. Department of Energy, ``National SCADA Test Bed,'' web
page, August 13, 2016, http://energy.gov/oe/technology-development/
energy-delivery-systems-cybersecurity/national-scada-test-bed.
\48\ Sandia National Laboratories, ``The Information Design
Assurance Red Team (IDART),'' web page, August 13, 2016, http://
www.idart.sandia.gov/.
---------------------------------------------------------------------------
The Relationship Between DOT and TSA
Since TSA was established, Congress has had a continuing interest
in the appropriate division of pipeline security authority between the
DOT and TSA.\49\ Both the DOT and TSA have played important roles in
the Federal pipeline security program, with TSA the designated lead
agency since 2002. In 2004, the DOT and DHS entered into a memorandum
of understanding (MOU) concerning their respective security roles in
all modes of transportation. The MOU notes that DHS has the primary
responsibility for transportation security with support from the DOT,
and establishes a general framework for cooperation and coordination.
On August 9, 2006, the departments signed an annex ``to delineate clear
lines of authority and responsibility and promote communications,
efficiency, and nonduplication of effort through cooperation and
collaboration between the parties in the area of transportation
security.''\50\
---------------------------------------------------------------------------
\49\ For example, see Hon. William J. Pascrell, Jr., statement at
the House Committee on Transportation and Infrastructure, Subcommittee
on Highways, Transit, and Pipelines, hearing on Pipeline Safety, March
16, 2006.
\50\ Transportation Security Administration and Pipelines and
Hazardous Materials Safety Administration, ``Transportation Security
Administration and Pipelines and Hazardous Materials Safety
Administration Cooperation on Pipelines and Hazardous Materials
Transportation Security,'' August 9, 2006.
---------------------------------------------------------------------------
In January 2007, DOT officials testified before Congress that the
agency had established a joint working group with TSA ``to improve
interagency coordination on transportation security and safety matters,
and to develop and advance plans for improving transportation
security,'' presumably including pipeline security.\51\ According to
TSA, the working group developed a multi-year action plan specifically
delineating roles, responsibilities, resources, and actions to execute
11 program elements: Identification of critical infrastructure/key
resources and risk assessments; strategic planning; developing
regulations and guidelines; conducting inspections and enforcement;
providing technical support; sharing information during emergencies;
communications; stakeholder relations; research and development;
legislative matters; and budgeting.\52\ Nonetheless, a DOT Inspector
General (IG) assessment published May 2008 was not satisfied with this
plan. The IG report stated that, although the agencies
---------------------------------------------------------------------------
\51\ Barrett, T.J., Administrator, Pipeline and Hazardous Materials
Safety Administration (PHMSA), Testimony before the Senate Committee on
Commerce, Science, and Transportation hearing on Federal Efforts for
Rail and Surface Transportation Security, January 18, 2007.
\52\ Transportation Security Administration, Pipeline Security
Division, personal communication, July 6, 2007.
``have taken initial steps toward formulating an action plan to
implement the provisions of the pipeline security annex . . . further
actions need to be taken with a sense of urgency because the current
situation is far from an `end state' for enhancing the security of the
Nation's pipelines.''\53\
---------------------------------------------------------------------------
\53\ U.S. Dept. of Transportation, Office of Inspector General,
Actions Needed to Enhance Pipeline Security, Pipeline and Hazardous
Materials Safety Administration, Report No. AV-2008-053, May 21, 2008,
p. 3.
The assessment recommended that the DOT and TSA finalize and execute
their security annex action plan, clarify their respective roles, and
jointly develop a pipeline security strategy that maximizes the
effectiveness of their respective capabilities and efforts.\54\
According to TSA, working with the DOT ``improved drastically'' after
the release of the IG report; the 2 agencies began maintaining daily
contact, sharing information in a timely manner, and collaborating on
security guidelines and incident response planning.\55\
---------------------------------------------------------------------------
\54\ Ibid. pp. 5-6.
\55\ Jack Fox, TSA, Pipeline Security Division, personal
communication, February 2, 2010.
---------------------------------------------------------------------------
key policy issues
While the Federal Government has been engaged in various efforts to
protect the Nation's oil and natural gas pipelines from deliberate
attacks since September 11, 2001, questions remain regarding the
structure and effectiveness of these efforts. Three specific issues, in
particular, may warrant further Congressional consideration: (1) TSA's
pipeline security resources, (2) voluntary versus mandatory security
standards, and (3) uncertainty about security risks to the Nation's
pipeline network.
TSA Pipeline Security Resources
Some Members of Congress have been critical in the past of TSA's
level of funding of non-aviation security activities, including
pipeline activities. For example, as one Member remarked in 2005,
``aviation security has received 90% of TSA's funds and virtually all
of its attention. There is simply not enough being done to address . .
. pipeline security.''\56\ At a Congressional hearing in 2010, another
Member expressed concern that TSA's pipeline division did not have
sufficient staff to carry out a Federal pipeline security program on a
National scale.\57\ With respect to pipeline security funding, little
may have changed since 2005. The President's fiscal year 2017 budget
request for DHS does not include a separate line item for TSA's
pipeline security activities. The budget does request $110.8 million
for ``Surface Transportation Security,'' which encompasses security
activities in non-aviation transportation modes, including pipelines.
The budget would fund 761 full-time equivalent (FTE) employees.\58\
TSA's pipeline branch has traditionally received from the agency's
general operational budget an allocation for routine operations,
travel, and outreach. The budget historically has funded on the order
of 10 to 15 FTE staff to carry out the agency's pipeline security
program.\59\
---------------------------------------------------------------------------
\56\ Sen. Daniel K. Inouye, opening statement before the Senate
Committee on Commerce, Science, and Transportation, hearing on the
President's Fiscal Year 2006 Budget Request for the Transportation
Security Administration (TSA), February 15, 2005.
\57\ Congressman Gus M. Billirakis, Remarks before the House
Committee on Homeland Security, Subcommittee on Management,
Investigations, and Oversight hearing on ``Unclogging Pipeline
Security: Are the Lines of Responsibility Clear?'', Plant City, FL,
April 19, 2010.
\58\ U.S. Office of Management and Budget, Budget of the United
States Government, Fiscal Year 2017: Appendix, February 2016, p. 537.
\59\ Jack Fox, October 29, 2015.
---------------------------------------------------------------------------
At its current staffing level, TSA's pipelines branch has limited
field presence for pipeline site visits, and has constrained
capabilities for updating standards, interacting in the various
stakeholder groups with which it collaborates, analyzing security
information, and fulfilling other administrative responsibilities. In
conducting a pipeline corporate security review, for example, TSA
typically sends 1 to 3 staff to hold a 3- to 4-hour interview with the
operator's security representatives followed by a visit to only 1 or 2
of the operator's pipeline assets.\60\ There is concern by some that
the agency's CSRs (as currently structured) may not allow for rigorous
security plan verification nor a credible threat of enforcement, so
operator compliance with security guidance is uncertain. The limited
number of CSR's the agency can complete in a year has also been a
concern to some, even within TSA. According to a 2009 Government
Accountability Office report, ``TSA's pipeline division stated that
they would like more staff in order to conduct its corporate security
reviews more frequently,'' in part because other staff responsibilities
such as ``analyzing secondary or indirect consequences of a terrorist
attack and developing strategic risk objectives required much time and
effort.''\61\
---------------------------------------------------------------------------
\60\ Department of Homeland Security, ``Intent to Request Approval
from OMB of One New Public Collection of Information: Pipeline
Corporate Security Review,'' 74 Federal Register 42086, August 20,
2009.
\61\ U.S. Government Accountability Office, Transportation
Security: Comprehensive Risk Assessments and Stronger Internal Controls
Needed to Help Inform TSA Resource Allocation, GAO-09-492, March 2009,
p. 30, http://www.gao.gov/new.items/d09492.pdf.
---------------------------------------------------------------------------
TSA's handful of field inspection staff stands in contrast to the
hundreds of pipeline safety inspection staff available to the DOT at
the Federal and State levels. Furthermore, in the face of an expanding
U.S. pipeline network and evolving safety requirements, DOT's budget
authority for pipeline safety has more than doubled over the last 10
years.\62\ Given this disparity, it may be logical to consider whether
DOT's field staff, who are charged with inspecting the same pipeline
systems as TSA, could somehow be deployed to help fulfill the Nation's
pipeline security objectives. The question also arises whether having
separate inspections of the same pipeline systems for safety and
security may be inherently inefficient, or may miss an opportunity for
more frequent or thorough examination of pipeline security. Presumably
many of the jurisdictional, operational, or administrative issues that
were considered in the drafting of the 2004 MOU between DOT and TSA
remain unchanged, but new factors--such as the evolving threat
environment or greater experience with pipeline company security
efforts--could warrant a reconsideration of the relationship between
the agencies.
---------------------------------------------------------------------------
\62\ U.S. Office of Management and Budget, Budget of the United
States Government, Appendix, Fiscal Years 2006 through 2017, ``Pipeline
Safety,'' Line 1900 ``Budget authority (total).''
---------------------------------------------------------------------------
Voluntary vs. Mandatory Pipeline Security Standards
Federal pipeline security activities to date have relied upon
voluntary industry compliance with DOT's original security guidance,
which later became TSA's security best practices. By initiating this
voluntary approach in 2002, DOT sought to speed adoption of security
measures by industry and avoid the publication of sensitive security
information (e.g., critical asset lists) that would normally be
required in public rulemaking.\63\ However, a key subject of debate is
the adequacy of the TSA's voluntary approach to pipeline security,
generally, and cybersecurity, in particular. For example, provisions in
the Pipeline Inspection, Protection, Enforcement, and Safety Act of
2006 (Pub. L. 109-468) required the DOT Inspector General (IG) to
``address the adequacy of security standards for gas and oil
pipelines'' (� 23(b)(4)). The 2008 IG's report stated that:
---------------------------------------------------------------------------
\63\ GAO, Pipeline Security and Safety: Improved Workforce Planning
and Communication Needed, GAO-02-785, August 2002, p. 22.
``TSA's current security guidance is not mandatory and remains
unenforceable unless a regulation is issued to require industry
compliance . . . [DOT] and TSA will need to conduct covert tests of
pipeline systems' vulnerabilities to assess the current guidance as
well as the operators' compliance.''\64\
---------------------------------------------------------------------------
\64\ U.S. Dept. of Transportation, Office of Inspector General, May
21, 2008, p. 6.
Although the IG report did not elaborate on this recommendation,
covert testing of vulnerabilities would likely include testing of both
physical security measures and cybersecurity measures. The latter would
be in place to protect pipeline SCADA systems and sensitive operating
information such as digital pipeline maps, system design data, and
emergency response plans. Consistent with the IG's recommendation, an
April 2011 White House proposal \65\ and the Cybersecurity Act of 2012
(S. 2105) both would have mandated the promulgation of cybersecurity
regulations for pipelines, among other provisions, although these
proposals would not necessarily have conferred upon TSA any authority
it does not already have to regulate pipeline security.
---------------------------------------------------------------------------
\65\ The White House, ``Legislative Language, Cybersecurity
Regulatory Framework for Covered Critical Infrastructure,'' April 2011,
p. 33, http://www.whitehouse.gov/sites/default/files/omb/legislative/
letters/law-enforcement-provisions-related-to-computer-security-full-
bill.pdf.
---------------------------------------------------------------------------
In contrast to the IG's conclusions and the legislative proposals
above, the pipeline industry has consistently expressed concern that
security regulations could be ``redundant'' and ``may not be necessary
to increase pipeline security.''\66\ Echoing this sentiment, a DOT
official testified in 2007 that enhancing security ``does not
necessarily mean that we must impose regulatory requirements.''\67\
---------------------------------------------------------------------------
\66\ American Gas Association (AGA), American Petroleum Institute
(API), Association of Oil Pipe Lines (AOPL), and American Public Gas
Association (APGA), joint letter to Members of the Senate Commerce
Committee providing views on S. 1052, August 22, 2005.
\67\ T.J. Barrett, Administrator, Pipeline and Hazardous Materials
Safety Administration, Department of Transportation, Testimony before
the Senate Committee on Commerce, Science, and Transportation hearing
on Federal Efforts for Rail and Surface Transportation Security,
January 18, 2007.
---------------------------------------------------------------------------
TSA officials have similarly questioned the need for new pipeline
security regulations, particularly the IG's call for covert testing of
pipeline operator security measures. The TSA has argued in the past
that the agency is complying with the letter of Pub. L. 110-53 and that
its pipeline operator security reviews are more than paper reviews.\68\
TSA officials assert that security regulations could be
counterproductive because they could establish a general standard below
the level of security already in place at many pipeline companies based
on their company-specific security assessments. Because the TSA
believes the most critical U.S. pipeline systems generally meet or
exceed industry security guidance, the agency asserts that it achieves
better security with voluntary guidelines, and maintains a more
cooperative and collaborative relationship with its industry partners
as well.\69\
---------------------------------------------------------------------------
\68\ John Sammon, Transportation Security Administration, Testimony
before the House Transportation and Infrastructure Committee, Railroad,
Pipelines, and Hazardous Materials Subcommittee hearing on
Implementation of the Pipeline Inspection, Protection, Enforcement, and
Safety Act of 2006, June 24, 2008.
\69\ John Pistole, Administrator, TSA, testimony before the Senate
Committee on Commerce, Science, and Transportation hearing on
Transportation Security Administration Oversight: Confronting America's
Transportation Security Challenges, April 30, 2014; Jack Fox, General
Manager, Pipeline Security Division, TSA, Remarks before the Louisiana
Gas Association Pipeline Safety Conference, New Orleans, LA, July 25,
2012.
---------------------------------------------------------------------------
The Energy Sector Control Systems Working Group makes related
assertions in its Roadmap to Achieve Energy Delivery Systems
Cybersecurity about the effectiveness of cybersecurity standards alone:
``Although standards may elevate cybersecurity across the energy
sector, they do so by requiring the implementation of minimum security
measures that set a baseline for cybersecurity across an industry.
These minimum security levels may not be sufficient to secure the
sector against new and quickly evolving risks. Asset owners compliant
with standards may still be vulnerable to cyber intrusion.''\70\
---------------------------------------------------------------------------
\70\ Energy Sector Control Systems Working Group, Roadmap to
Achieve Energy Delivery Systems Cybersecurity, September 2011, p. 15.
Thus, in addition to cybersecurity requirements, pipeline companies
may also need appropriate management practices, performance metrics,
access to intelligence, and other support measures to maximize the
effectiveness of their cybersecurity programs.
Although the TSA believes a voluntary approach to pipeline security
is most effective, Canadian pipeline regulators have come to a
different conclusion. In 2010 the National Energy Board (NEB) of Canada
mandated security regulations for jurisdictional Canadian petroleum and
natural gas pipelines, some of which are cross-border pipelines
entering the United States. Many companies operate pipelines in both
countries. In announcing these new regulations, the board stated that
it had considered adopting the existing cybersecurity standards ``as
guidance'' rather than an enforceable standard, but ``taking into
consideration the critical importance of energy infrastructure
protection,'' the board decided to adopt the standard into the
regulations.\71\ Establishing pipeline security regulations in Canada
is not completely analogous to doing so in the United States as the
Canadian pipeline system is much smaller and operated by far fewer
companies than the U.S. system. Nonetheless, Canada's choice to
regulate pipeline security may raise questions as to why the United
States has not.
---------------------------------------------------------------------------
\71\ National Energy Board of Canada, Proposed Regulatory Change
(PRC) 2010-01, Adoption of CSA Z246.1-09 Security Management for
Petroleum and Natural Gas Industry Systems, File Ad-GA-SEC-SecGen 0901,
May 3, 2010, p. 1, https://www.neb-one.gc.ca/ll-eng/livelink.exe/fetch/
2000/90463/409054/614444/A1S7H7_Proposed_Regulatory__Change_(PRC)_2010-
01.pdf?nodeid=614556&vernum=0.
---------------------------------------------------------------------------
The Federal Energy Regulatory Commission (FERC), which regulates
the U.S. bulk electric power system, has also taken a more directive
approach to infrastructure security. The Energy Policy Act of 2005
(Pub. L. 109-58) gave the commission authority to oversee the
reliability of the bulk power system, including authority to approve
mandatory security standards. FERC approved mandatory Critical
Infrastructure Protection cybersecurity reliability standards in
2008.\72\ The commission approved mandatory physical security standards
in 2014 \73\ after a successful physical attack on a high-voltage
transformer facility in California. While it differs in important ways
from the pipeline system, the bulk power system faces the same threat
environment and has many similar security vulnerabilities related to
asset exposure and reliance on SCADA systems for network operations.
---------------------------------------------------------------------------
\72\ Federal Energy Regulatory Commission, Mandatory Reliability
Standards for Critical Infrastructure Protection, Docket No. RM06-22-
000, Order No. 706, January 18, 2008.
\73\ Federal Energy Regulatory Commission, Physical Security
Reliability Standard, Docket No. RM14-15-000, Order No. 802, Issued
November 20, 2014.
---------------------------------------------------------------------------
In addition to examining the regulatory motivations of the NEB and
FERC, consideration of mandatory pipeline security standards within TSA
would have to account for the requirements to implement such standards.
Unlike maintaining voluntary standards, developing pipeline security
regulations--with provisions for pipeline operations, inspection,
reporting, and enforcement--would involve a complex and potentially
contentious rulemaking process involving multiple stakeholders. Should
Congress choose to mandate the promulgation of such regulations, it is
not clear that TSA's pipeline security division as currently configured
would be up to the task. Developing specific cybersecurity regulations
may pose a particular challenge as the TSA's pipeline branch has
limited existing capability to do so, although such capabilities may
reside elsewhere in DHS. If mandatory standards were to be imposed,
there may also be questions as to whether the agency as currently
structured would have sufficient resources to implement the new
security regulations, conduct rigorous security plan verification, and
pose a credible threat of enforcement.
Uncertainty About Security Risks
A January 2011 Federal threat assessment concluded ``with high
confidence that the terrorist threat to the U.S. pipeline industry is
low.''\74\ However, subsequent events may have increased concerns about
pipeline system threats, especially cyber threats. In a 2016 Federal
Register notice, TSA stated that it expects pipeline companies will
report approximately 30 ``security incidents'' annually--both physical
and cyber.\75\ The agency has not publicly released a more current
pipeline threat assessment.
---------------------------------------------------------------------------
\74\ Transportation Security Administration, Office of
Intelligence, Pipeline Threat Assessment, January 18, 2011, p. 3.
\75\ 81 Fed. Reg. 37, February 25, 2016, p. 94-95.
---------------------------------------------------------------------------
The pipeline industry's security risk assessments rely upon
information about security threats provided by the Federal Government
and by pipeline operators themselves. The quantity, quality, and
timeliness of this threat information is a key determinant of what
pipeline companies need to be protecting against, and what security
measures to take. Incomplete or ambiguous threat information--
especially from the Federal Government--may lead to inconsistency in
physical and cybersecurity among pipeline owners, inefficient spending
of limited security resources at facilities (e.g., that may not really
be under threat), or deployment of security measures against the wrong
threat.
Concerns about the quality and specificity of Federal threat
information have long been an issue across all critical infrastructure
sectors.\76\ Threat information continues to be an uncertainty in the
case of pipeline network security. There may be agreement among
Government and industry stakeholders that oil and natural gas pipelines
in the United States are vulnerable to attack, and that such attacks
potentially could have catastrophic consequences. But the most serious,
damaging attacks could require operational information and a certain
level of sophistication, especially in the cyber regime, on the part of
potential attackers. Consequently, despite the technical arguments,
without more specific information about potential targets and attacker
capabilities, the true risk of a serious attack on the pipeline system
remains an open question.
---------------------------------------------------------------------------
\76\ See, for example, Philip Shenon, ``Threats and Responses:
Domestic Security,'' New York Times, June 5, 2003, p. A15.
---------------------------------------------------------------------------
conclusion
The Nation's pipeline network is attractive to malicious actors and
vulnerable to both physical and cyber attacks. Based on recent history,
a strong Federal pipeline security program is clearly necessary; there
has been a series of unrelated terrorist plots and attempted attacks on
U.S. pipelines since at least the 1990s. Real bombs have been planted,
computers systems have been infiltrated, and perpetrators have been
imprisoned. Such threats to the pipeline system are likely to continue.
Both Government and industry have taken numerous steps to improve
pipeline security since 2001. On their face, these measures have been
expansive and seem to address the full range of activities and
priorities Congress intended when it embarked upon a National strategy
for protecting critical infrastructure. However, while TSA and industry
may be engaged in appropriate pipeline security activities, questions
remain as to their level of commitment to those activities and how
effective they have been in protecting the pipeline system. TSA's
pipeline staff would account for less than 2% of the agency's surface
transportation security staff under the proposed fiscal year 2017
budget, and just over 2% of the staff available to DOT under its
pipeline safety program. Pipeline company expenditures on security are
not generally reported, so their level of financial commitment is
unknown. Furthermore, while there have been no publicly reported
successful attacks on the U.S. pipeline system since 2001, existing
physical security measures did not prevent 2 attackers from planting
the live explosive devices along 2 different U.S. pipelines in 2011 and
2012 discussed earlier. Their failure to detonate was fortunate.
The TSA maintains that its pipeline security program, administered
as it is and relying upon voluntary standards, has been effective in
protecting U.S. pipelines from physical and cyber attacks. Based on the
agency's corporate security reviews, TSA believes security among major
U.S. pipeline systems is good, and pipeline operators agree. However,
without formal security plans and reporting requirements, it is
difficult for Congress and the general public to know for certain. To a
great extent, the public must therefore rely on the pipeline industry's
self-interest to protect itself from malicious threats. Whether this
self-interest is sufficient to generate the level of security
appropriate for a critical infrastructure sector, and whether imposing
mandatory standards would be a better approach, is open to debate.
Faced with this uncertainty, legislators must rely upon their own best
judgment to reach conclusions about the Federal pipeline security
program. If Congress concludes that current voluntary measures are
insufficient to protect the pipeline system, it may decide to provide
specific direction to the TSA to develop regulations and provide
additional resources to support them, as such an effort may be beyond
the TSA pipeline branch's existing capabilities.
Congress also may assess how the various elements of U.S. pipeline
safety and security activity fit together in the Nation's overall
strategy to protect critical infrastructure. For example, diverting
pipeline resources away from safety to enhance security might further
reduce terror risk, but not overall pipeline risk, if safety programs
become less effective as a result. Pipeline safety and security
necessarily involve many groups: Federal and State agencies, oil and
gas pipeline associations, large and small pipeline operators, and
local communities. Reviewing how these groups work together to achieve
common goals could be an oversight challenge for Congress.
Mr. Katko. Thank you, Dr. Parfomak for your testimony. We
appreciate you being here as well.
I now recognize myself for 5 minutes of questions.
I want to start by saying I understand the overall setup
here. The Department of Transportation is in charge of and
oversees the safety aspects of the pipelines, which includes
making sure when a guy has a backhoe and, you know, digs where
he shouldn't dig, that they respond properly and they have the
right procedures in place to cut off that pipeline.
I also understand that on the other side you have security
aspects which is TSA's oversight. At first glance it looks like
kind-of an odd setup. But it, by all indications from the
industry, it does seem to work. But there are things that I
want to talk about. While I am happy that you are all happy, I
just want to make sure that we are not missing something here.
So I will be checking on some of the things I have concerns
with.
The first thing is probably the easiest thing. That is for
Mr. Black. That is with respect to PHMSA and the oil pipeline
response plans. What would be your suggestion of a way to make
sure that those things don't get disclosed to the public when
they are submitted to Congress?
Mr. Black. PHMSA has done the right thing. PHMSA's chief
counsel has issued guidance to PHMSA staff that the information
in part 60138, of the last pipeline safety law, can be
redacted. They have said that it should be. So what we are
looking for is Congress, when enacting legislation to receive
these response plans, to make sure you have clear and
consistent procedures.
I am happy to follow up with a specific proposal. But a
couple of principles. No. 1, there needs to be a clear
statement that this information should remain confidential and
should not be transmitted to anybody outside of Congressional
staff in any form.
Second, there need to be some specific procedures applied
to that. I am sure this committee has some specific procedures
for certain types of information. Those need to be connected.
For example, a secure reading room, tracking who goes in and
who goes out of that reading room with information.
Then, third, we suggest a penalty or some type of a
disciplinary mechanism for those people that violate it. We
need to make sure that this information is secured and is not
put into the wrong hands while you conduct that oversight that
you need to do.
Mr. Katko. Okay. Thank you very much.
Now, the other areas I am concerned about, and if I don't
hit on them I hope my colleagues on the panel do, are whether
the 2011 guidelines issued by TSA need to be upgraded, the
sharing and use of actionable information and how sometimes
when TSA gets secret information that may be helpful, how they
are able to share that and how can we make that process better
sharing it with the private sector. Then of course the things
that CRS raised, the resources issue, the voluntary versus
mandatory guidelines issue, and what is a level of risk. So
let's just start at the top of the list here, and I will work
through as much as I can.
The 2011 guidelines were promulgated prior to the dramatic
rise of ISIS and the new and dynamic threat that they propose.
So given that and all the other factors, I know that it doesn't
seem to be a high level of threat in the United States where
pipeline attacks, but they have shown a propensity to do those
attacks elsewhere, including even Canada.
So given all that and given the rise of ISIS, do you think
it is time for TSA to issue an updated guidelines?
Ms. Proctor. Mr. Chairman, yes. We do agree with you. The
pipeline security guidelines which were published in 2011, and
as you know, were a product of the collaboration with our
security partners and our Federal partners, and we are in the
process of updating those guidelines right now. We have already
started the process. The process, though, is a collaborative
one.
So we will be continuing our work with our security
partners in the pipeline industry. So that work has already
started. We have already started looking at the cyber portions,
as a matter of fact, and we will be continuing that work so
that we have an updated version of those guidelines.
Mr. Katko. Okay. Thank you. Also now with respect to the
actionable information and use of it, and proper use of it, I
presume that oftentimes TSA gets information from the secret
side.
I want to--you know, anybody can chime in here. I just want
to make sure that we have the right mechanisms in place. If we
don't now, what do we need to put those mechanisms in place so
that the private sector can be briefed in properly about what
the nature of those threats are without wrongfully disclosing
the sensitive information. But we can't have this gulf, I don't
think, where we have this information but we can't tell them
about it.
So anyone care to address that? I would be happy to hear
it.
Ms. Judge. Yeah. There are several operators that do hold
secret clearances. Clearances are either issued--are either
sponsored by TSA themselves. Some of our clearances are through
DHS infrastructure protection. Some are from the FBI, and some
are from Department of Energy. At last check there appeared to
be over 300 clearance holders in the oil and natural gas
sectors as of a little while back.
Mr. Katko. But we do have 3,000 companies involved. So that
is--might be a small percentage overall. So how do we--is that
adequate, the number of people with the clearances to get this
information?
Ms. Judge. It would depend on how many people from each--
you know, are we covering each company's--each sector in the
industry well enough? That I wouldn't be able to answer.
Mr. Katko. Okay.
Ms. Judge. I know, for example, we have 3 clearance holders
just at my company, 1 physical, 1 cyber, and 1 executive.
Mr. Katko. Okay.
Ms. Proctor. Mr. Chairman, it would certainly depend on the
nature of the information. If the information is specific, we
would ensure that the appropriate systems are briefed on that
information. If we need to get a tear line on that information,
we will do that. We will ensure that if there is actionable
information, that that information gets to the people who need
to have it.
We do have a process with our Office of Intelligence and
Analysis to ensure that the briefings occur wherever they need
to occur across the country. We have field intelligence
officers that are located at our airports. We have
relationships with the FBI field offices or for those who are
in the vicinity of the National Capital Region, we can ensure
that they are appropriately briefed at TSA headquarters. So we
have ensured that we have the ability to brief wherever that
brief needs to be conducted.
Mr. Katko. Thank you very much. My time has expired, but I
will maybe come back to some of these questions.
The Chair now recognizes Ranking Member Rice for 5 minutes
of questions.
Miss Rice. Thank you, Mr. Chairman.
I think I will ask Mr. Black, I guess start with you. There
is--actually, I should say your study, Mr. Parfomak, there is a
paragraph that is pretty small in comparison to the rest of the
report talking about cybersecurity risks. The last statement
ends with the statement that there is a suggestion that
cybersecurity threats to pipelines have been increasing. So
what specifically has the industry, both private and public,
been doing to address this issue?
Mr. Black. Well, Dr. Parfomak mentioned rightly there is a
great concern about cyber, about being prepared for cyber
releases--cyber attacks. Excuse me.
The first element is this API standard on pipeline's data
security. You have to keep your control system completely
separate and apart from any business system that uses the
internet. Then there is a number of Government programs that we
participate in with industry. There is the FBI's InfraGuard
process which is dedicated to sharing information. There is the
NIST cybersecurity framework roadmap, and the--generally the
ICS Cert process, the industrial control system Cyber Emergency
Response Team, a partnership dealing with identifying threats,
talking about how to prevent them. Then also talking about how
to recover from those.
A couple of other API recommended practices. So cyber is on
the minds of many of our members. When I asked in anticipation
of this hearing what is the No. 1 security issue that you are
thinking about, cyber is what I got. So it is on the minds of
our security professionals.
Miss Rice. So when they say that, what do they give by way
of example as to why that is their No. 1 concern? Is there
enough--and I am not asking you to release any--or talk in this
public setting about any kind of confidential or, you know,
confidential information, but what----
Mr. Black. Well, in this space I think we are very aware of
nation states and private actors trying to penetrate control
systems and business systems. Oil and gas and beyond oil and
gas. So that is something that we are focusing on. I can make
sure that you get a Classified briefing on that or maybe that
is a question for Director Proctor.
Miss Rice. Well, my question is, is it a--you know, we talk
about having to stay 2 steps ahead. Right? Is it a technology
issue? Is it a resource issue? I mean, what is the biggest
challenge to ensuring that we are doing everything that we can
because this cybersecurity is--I mean, obviously, as noted in
this report, is an area of great concern. It just doesn't sound
like there is--unless there is and you can't talk about it
publicly. I get too, but----
Mr. Black. The threats are evolving and evolving quickly.
So the industry and Government have to evolve and evolve
quickly in terms of adapting to this. That is what these
information-sharing programs are about. Thankfully it is not a
prescriptive regulation that is outdated. This is real-time
sharing of information, Government, what they are seeing, and
industry personnel together discussing best practices. They
might compete on commercial issues, but the industry can
collaborate very heavily on safety and security. And they do.
Miss Rice. There is no obstacle to that? They are--because,
I mean, I think everyone understands that it is in everyone's
interest to have the same--the best technology, the best
controls in place.
Mr. Black. Absolutely. Yes.
Miss Rice. So the informational sharing, with your
Governmental partners, do you think that that is accurate? I
mean, do you think that they give you accurate information, or
do they--do you think that they withhold any information? Are
there any issues related to information sharing that need to be
addressed?
Mr. Black. I am not hearing of any concern. I am hearing
that the Government personnel that are working on these issues
are very well tied into the threats and the ways to address
them. I hear a successful collaboration.
Miss Rice. Great. Thank you. I yield back the balance of my
time.
Mr. Katko. Thank you, Miss Rice.
The Chair now recognizes the gentleman from Georgia, Mr.
Carter for 5 minutes of questioning.
Mr. Carter. Thank you, Mr. Chairman. Thank each of you for
being here. This is extremely important.
Ms. Proctor, I will start with you. I wanted to ask you, it
is my understanding that TSA measures the risk to pipelines
based on the amount of energy that is transported. Is that
correct?
Ms. Proctor. Yes, sir. That is one of the criteria.
Mr. Carter. What are the other criteria? I am sure the type
of energy that it is or----
Ms. Proctor. We also look at the number of miles in high-
consequence areas, which are designated by PHMSA. We look at
the number of pipeline miles in high-threat urban areas, which
are designated by DHS. We look at those pipelines that serve
military bases, that serve the Department of Energy strategic
petroleum reserves. We look at those that serve electric power
plants. So there--the energy throughput is not the only
consideration.
Mr. Carter. But it is one of the primary ones?
Ms. Proctor. It is one. Yes, sir.
Mr. Carter. Yes. Well, let me ask you. After that is done,
then the operators identify critical facilities based on what
is called the pipeline security guidelines. Is that correct?
Ms. Proctor. Yes, sir.
Mr. Carter. What is done after that? After the pipeline
owners identify those critical facilities, what happens after
that?
Ms. Proctor. TSA then schedules reviews of the facilities.
So we have identified the top 100 or so most critical pipeline
systems by those criteria that we just named; the energy
throughput, their pipeline mileage in the high-threat urban
areas, and in the high-consequence areas. We go out and conduct
assessments on-site.
Corporate security reviews are conducted at the pipeline
headquarters where they review the actual corporate security
plan. They conduct interviews of key security personnel on
site. They also determine the extent to which the system is
adhering to the agreed-upon process in the pipeline security
guidelines.
Mr. Carter. Okay. So they are essentially trying to
mitigate as much risk as they can.
Ms. Proctor. Yes, sir.
Mr. Carter. Okay. Let me move on. Ms. Judge, Mr. Black, I
will direct these toward you-all. Do you feel like the biggest
threats that the pipeline owners are facing right now, that
they have been identified by TSA, they have changed any? Are
they still the same?
Mr. Black. Correct.
Mr. Carter. So you would feel like it is up-to-date as far
as the biggest threats go?
Mr. Black. Right. It is physical and cyber and all
different types of threats. The last security guidelines were
issued in 2011, but what I hear consistently is that it is not
static, is that the know-how and the information sharing and
the intel that we get from TSA and our Federal partners is
constantly evolving. It is 2016. It is----
Mr. Carter. You are updating them as you go along as well?
Mr. Black. Yes.
Mr. Carter. Okay. I want to ask you about--do you feel like
that industry has gotten the tools that they need in order to
mitigate as many risks as they can? Do you feel like there is
anything else we could be doing to assist them?
Ms. Judge. I believe we have the tools we need. If we
realize--we come along and we are like--we realize that there
is something we may need, we just reach out, and usually they
are more than happy to--you know, we would like a briefing on
1, 2, 3. They arrange to give us a briefing on 1, 2, 3. So
there is that constant open communication through both one-on-
one and through the sector coordinating councils, through the
security committees that----
Mr. Carter. Okay.
Ms. Judge [continuing]. When we express needs, we usually
get what we need.
Mr. Carter. Well, let me ask you collaboration. Because
that is extremely important. Do you ever give security
clearance to any of these pipeline companies, to any of their
personnel to possibly share any kind of threats with them that
you might have heard of?
Mr. Black. They have Classified and Unclassified briefings
on these TSA pipeline security calls. There is some For-
Official-Use-Only information that is in Unclassified settings
that you can get to more people. Some things have to be shared
only in a Classified briefing, and they are.
Mr. Carter. Okay. So you would rate the collaboration as
being good at this point?
Mr. Black. Yes.
Mr. Carter. Okay. I am sorry. I can't--the glare is too
bad, Dr. Parfomak. Would you agree with that?
Mr. Parfomak. Excuse me. Could you repeat the question?
Mr. Carter. Would you agree that the collaboration between
private industry and TSA has been good?
Mr. Parfomak. As I mentioned in my opening statement, CRS
doesn't advocate policy or take a position on that. Whether the
collaboration has been good, as I said in my opening statement,
is a debatable point. Others have raised the issue of, for
instance, DOT's and TSA's collaboration, and that may have been
evolving over the last number of years.
Mr. Carter. Okay. Well, obviously, you-all understand how
important collaboration is. So I would certainly hope we are
making a concerted effort at doing the best we can with that.
Thank you, Mr. Chairman.
Mr. Katko. Thank you, Mr. Carter.
The Chair now recognizes the gentleman from Texas, Mr.
Ratcliffe, for 5 minutes of questioning.
Mr. Ratcliffe. Thank you, Mr. Chairman, Ranking Member.
This is an important hearing today, not just for the
country but particularly my home State of Texas. Texas has the
largest pipeline infrastructure in the Nation, more than
425,000 miles of pipeline in our State, which is roughly, I
believe, one-sixth of the total pipeline mileage in the United
States. Many of those pipelines do actually run through the
Fourth Congressional District that I am privileged to
represent.
So I appreciate all of you being here today to talk about
the on-going efforts to secure our pipeline infrastructure and
what can be done to enhance the partnership between TSA and
industry.
Director Proctor, in your written testimony you referenced
the recent attacks in Brussels to illustrate the fact that
terrorist threats have grown incredibly complex, we know that,
and that terrorist actors can become radicalized to carry out
these attacks with little or no warning. I agree with your
assessment of the current threats posed by these terrorists. I
was also pleased to hear that TSA and the pipeline industry
have a good working relationship to protect our critical
infrastructure.
I am curious, though, with roughly 3,000 private companies
who own and operate the Nation's pipelines, how does TSA
communicate threat assessments to these companies and recommend
improved measures in the wake of potential threats made against
a specific pipeline?
Ms. Proctor. Thank you for that question.
Our Office of Intelligence and Analysis conducts an
assessment, an annual assessment, of the threats to the
pipeline industry. One of those assessments is an Unclassified
assessment that we can share with industry. We do share that.
We share that with the pipeline industry and we continually
communicate information that we get from our intelligence and
analysis office if there is any information that could indicate
a possible threat, a generalized threat.
If it is a specific threat and it is Classified
information, we arrange for a Classified briefing with that
particular entity. We do have the means to do that through our
partners either with the FBI at a local field office, with a
field intelligence officer at an airport, or through a meeting
at TSA headquarters. We can provide Classified information.
Mr. Ratcliffe. So in addition to the briefing, though, in a
Classified setting, are you making specific recommendations? If
so, are you finding that industry is receptive to those?
Ms. Proctor. We do make specific recommendations. We
conduct both corporate security reviews and critical facility
security reviews. At the conclusion of that review, and they
are done on-site at the pipeline facility, there are
recommendations, if it is appropriate, there are
recommendations that are made and provided to the security
director of the pipeline organization. They are provided at the
time. They are followed up with written recommendations.
So we do those on-site assessments and provide those
recommendations that are specific to that company. We provide
more generalized recommendations for security in our monthly
conference calls or calls that may be generated by some issue
that has occurred in the news. If we feel it appropriate, we
will have a conference call just to share information that we
have, and to share any recommendations that we think would help
enhance the security in the pipeline industry.
Mr. Ratcliffe. Thank you. Very quickly, I want to move to
the industry side, because I know Mr. Black, Ms. Judge, that,
you know, with the evolution of technology and the need to keep
your technology updated to protect infrastructure from bad
actors, I am curious about your perspectives on the partnership
between TSA and industry in advancing proactive security
measures.
Specifically I want your perspectives on whether TSA, from
your, again, perspective, is timely sharing cyber threat
information and intelligence information in such a way that is
allowing you to bolster your defenses against these threats?
Mr. Black. From liquids pipelines, I am not hearing any
concerns about timeliness. I am hearing that, just as you and
Director Proctor discussed, that we get company-specific
guidance on company-specific issues. The concern that I am
hearing is the TSA has some important vacancies in the pipeline
security division that need to be filled. We are looking
forward to those being filled with good quality people so that
we can have more people to collaborate with.
Mr. Ratcliffe. Great. Ms. Judge, do you want to weigh in?
Ms. Judge. Yes. We haven't heard of any in the natural gas
pipeline side of things not getting timely information. We
actually get very timely information, oftentimes from several
different departments and at the same time. So we are getting
timely information sometimes 3 or 4 times being the same
information. So no issues there.
Mr. Ratcliffe. Okay. Well. My time has expired, but if the
Chairman will indulge just very quickly, because I want to give
you an opportunity, and maybe this has been asked. But if you
could alter the relationship between TSA and industry in one
specific way or a specific way to better secure our pipeline
infrastructure, what change would you recommend?
Ms. Judge. As of this minute, the one change I would make
would be to fill, as Andy said, fill the open positions so that
we can start collaborating more closely again with whomever is
coming in. Part of that is, as Sonya said, we are currently
reviewing the pipeline guidelines, and that is a collaborative
effort with TSA and with the industry through the Pipeline
Sector Coordinating Council. It would be really great once they
do hire and on-board the new replacement for the head of this
group, we can, you know, work real closely with them to get
these guidelines updated and get them out there so people can
implement any changes they need to.
Mr. Ratcliffe. Terrific. Thank you.
Mr. Black. It is people. It is leadership roles that have
been filled that--we would be remiss if we didn't praise Jack
Fox who recently retired from TSA. That is big shoes to fill.
Jack did a nice job at helping us all be focused on pipeline
security. If they can find the right type of people to succeed
Jack and a couple of the other positions, we will be better off
and ready to collaborate more intensely.
Mr. Ratcliffe. Terrific. Thank you all for being here.
Chairman, thanks for your indulgence.
Mr. Katko. Thank you. Excellent questions. Thank you, Mr.
Ratcliffe.
All right. I just have few more questions, and of course
any of my other colleagues that are here can follow up if they
wish.
With respect to resources--I want to follow--what is the
reason, Ms. Proctor, for some of those openings? How--when do
you plan on filling them?
Ms. Proctor. Mr. Chairman, we have recently had the
retirement of Mr. Jack Fox, the long-time manager and leader of
our pipeline office. They are very big shoes to fill. We
recognize the importance of having industry experience in our
pipeline office. So we have recruited heavily from the
industry. I am very happy to say that I have interviews
scheduled in the next week to actually make a selection on the
position for the manager of our pipeline office.
The other positions that we have there have been posted. I
have received Cert lists on those. We have interviews that are
being scheduled for those. So we will have a full house in our
pipeline section.
Mr. Katko. Okay. How long have those positions been open?
Ms. Proctor. Mr. Fox actually retired in February. One
other gentleman just left last month. So they are fairly
recent.
Mr. Katko. Okay. Now that kind of bleeds into my next
concern. That is what Dr. Parfomak pointed out, and that was
potential for resource issues. Now, a fiscal conservative like
me and someone who likes smaller government, it is troublesome
to ask a question like this. But do you need more resources?
Ms. Proctor. Mr. Chairman, I don't know anyone who
wouldn't----
Mr. Katko. Such an easy question. Oh my gosh.
Ms. Proctor [continuing]. Who wouldn't acknowledge loving
more resources. Certainly if those resources were available, we
would invest them and put them to good use. We would invest in
additional training with our pipeline industry partners, and we
would also invest in conducting additional assessments at
critical facilities.
Mr. Katko. Do you have in mind what exactly the type of
positions you would like to enhance? Do you have a plan as to
what you would do with the additional resources that we could
look at and assess?
Ms. Proctor. I could certainly provide that, Mr. Chairman.
Mr. Katko. I would appreciate that. I would like to take a
look at that. Because I think that, you know, with the emerging
threat, it may be when you are updating your 2011 guidelines,
that might impact your thought process too. So perhaps when you
submit those, I would like to see those, maybe we can have an
update as to what you think you could do if you had additional
resources and why you need the additional resources. That would
be helpful. I would appreciate input from the industry as well
on that.
Now, most of the guidelines and suggestions you issue on
the security side are voluntary. Is that correct?
Ms. Proctor. Yes, Mr. Chairman, they are voluntary.
Mr. Katko. Okay. Now, the cynic in me would say that is why
the industry likes you so much. Because they are voluntary, not
mandatory. So would it be helpful to have some of those
things--or do you ever find any frustration, I should say, with
issuing guidelines and them not following them, and then you
think it is really important for them to do so?
Ms. Proctor. No, sir. I believe the environment in which we
operate now allows a great deal of flexibility. Certainly in
the current environment with the evolving threats, the ability
to be flexible I think is very important. We have had great
success with voluntary guidelines. We have not had any pipeline
industry partners to balk at complying with the guidelines that
we have agreed upon. So we are pleased to have this kind of
collaboration and this partnership with the industry. It allows
us to have open discussion, and it allows us to work in a
collaborative way to solutions. So we are very pleased with the
arrangement.
Mr. Katko. I must say in going through this hearing and,
again, preparing for this hearing as well and talking to some
of the individuals who were going to testify that the spirit of
public/private cooperation is encouraging. I am a very big
advocate of the private sector working collaboratively with the
Government instead of at odds with them. It helps us leverage
the finite Government resources that we have.
So I applaud all of you for working collaboratively
together. It is very important. In this age of budget
constraints, the private sector has to play a role. It is an
increasingly important role. I don't think we should ever be in
a situation where the Government is telling industry what to
do. That is when we have problems. It seems like more
collaboration here is a very good thing. I applaud all of you
for what you are doing in keeping our country safe with respect
to that.
If you have additional input you want to provide, some
things you wish we asked you today, please feel free to do so.
Please get it to us because we will listen and we will take a
look at it. But this seems like an area, unlike many other
areas we have oversight of with respect to TSA, that this seems
to be working pretty well. I am happy to say that.
So in accordance with our committee rules and practice, I
plan to recognize--oh, excuse me. All done with that. Pardon
me.
I do want to thank the panel for the thoughtful testimony.
Members of the committee may have some additional questions for
the record. We ask that you respond to those in writing.
The hearing record will stay open for 10 days. Without
objection the subcommittee stands adjourned.
[Whereupon, at 3:24 p.m., the subcommittee was adjourned.]
A P P E N D I X
----------
Questions From Ranking Member Bennie G. Thompson for Sonya Proctor
Question 1. Given that pipeline systems are within the
Transportation System sector, one of the 16 critical infrastructure
sectors under PPD-21, and that these pipelines often depend on computer
and communications networks used for automated control, please
describe, with specificity, what type of coordination, if any, there is
between TSA and National Protection and Program Directorate to
strengthen and make more resilient this critical infrastructure.
Answer. Response was not received at the time of publication.
Question 2. NPPD has a network of Protective Service Advisors
across the country who are charged with proactively engaging with the
private sector to protect critical infrastructure.
Does your office work with the network of PSAs?
Answer. Response was not received at the time of publication.
Question 3. Does TSA or NPPD provide training programs to private
industry employees that provide security certifications? If so, please
elaborate.
Answer. Response was not received at the time of publication.
Question 4a. In the planning phases of a pipeline system project,
what role, if any, does TSA play in decision making regarding security
concerns that may arise?
Question 4b. To your knowledge, are any other agencies involved in
making security decisions during the planning phases of pipelines?
Answer. Response was not received at the time of publication.
Question 5a. Your testimony states that TSA works closely with
DOT's Pipeline and Hazardous Materials Safety Administration (PHMSA).
PHMSA handles the safety aspect of pipelines, while TSA handles the
security aspect.
Question 5b. Since safety and security are closely associated,
could you detail for us how TSA works with PHMSA to address both
issues?
Answer. Response was not received at the time of publication.
Question 6. Ms. Proctor, please detail TSA's role in providing
guidelines to industry for individuals seeking positions with
unrestricted access at critical pipeline assets.
Answer. Response was not received at the time of publication.
Question 7. TSA has regulatory authority over pipeline systems for
purposes of security. To date, TSA has not exercised this authority.
How often do you evaluate the security risk to these systems and do
you have internal criteria for what might trigger regulatory action?
Answer. Response was not received at the time of publication.
Question 8. As among the various security risks to pipeline
systems, where does interference with SCADA control systems factor?
Do you have risk-modeling to understand what cascading effects may
be triggered by a cyber or physical attack on a pipeline?
Answer. Response was not received at the time of publication.
Question 9a. When are they updating the 2 key 2011 documents and
what changes should we expect to see?
Question 9b. Will protection of control systems factor be more
prominent?
Answer. Response was not received at the time of publication.
Question From Ranking Member Bennie G. Thompson for Kathleen S. Judge
Question. Ms. Judge, in your testimony you stated that gas
companies work closely with law enforcement personnel and first
responders on site-specific plans and security drills.
How often do these security plans and security drills take place,
and how often are these plans updated?
Answer. The question posed relates to how often security plans are
updated and how often security drills take place. Corporate Security
Plans are typically reviewed annually and updated as required and as
circumstances warrant. Site-Specific Plans include measures tailored
for each specific critical facility and include specific actions to be
taken at the elevated and imminent levels of the National Terrorism
Alert System. As stated in the TSA Pipeline Security Guidelines these
plans should be reviewed and updated on a periodic basis, not to exceed
18 months. As threats evolve, so does security. Typically there is one
major security drill or exercise per year. Also, periodic security
drills or exercises are performed either independently or in
conjunction with other regularly-scheduled required company drills or
exercises.
Questions From Ranking Member Bennie G. Thompson for Paul W. Parfomak
Question 1. When we think of possible attacks on all sectors, we
often quantify the damage in terms of the potential loss of life.
Throughout testimony, we saw repeatedly that the consequences of an
attack on our Nation's pipeline systems could cause severe consequences
to our economy, environment, as well as the loss of human life. Would
you please explain to us the possible effects of an attack on our
pipeline systems in regard to these 3 factors?
Answer. Because energy pipelines carry volatile, flammable, or
toxic materials, they have the potential to cause public injury,
economic damage, and environmental damage in the event of an
uncontrolled release--be it the result of an accident or deliberate
attack. The nature and severity of such consequences in any particular
incident depend upon many factors, including the product involved, the
scale of the release, proximity to a population or environmentally-
sensitive area, the emergency response, and other factors. For example,
a natural gas release may present a greater risk to people than crude
oil because it is more volatile, but it presents less environmental
risk because it burns off quickly or dissipates in air. Crude oil, on
the other hand, may cause much more extensive environmental harm,
particularly when released into water where it can spread quickly.
Nonetheless, crude oil may still cause personal injury, especially if
it ignites. The economic impacts of any pipeline release involve both
damages in the vicinity of the incident and damages due to lost
commodity and to disruption of the pipeline supplies to customers that
depend upon them--such as power plants, factories, and refineries.
As I stated in my written testimony, although there have been no
successful terrorist attacks on pipelines in the United States, notable
safety incidents over the last 15 years or so illustrate the potential
damages from uncontrolled releases.
1999.--A gasoline pipeline explosion in Bellingham,
Washington, killed 3 people and caused $45 million in damage to
a city water plant and other property.
2000.--A natural gas pipeline explosion near Carlsbad, New
Mexico killed 12 campers.
2006.--Pipelines on the North Slope of Alaska leaked over
200,000 gallons of crude oil in an environmentally-sensitive
area and temporarily shut down Prudhoe Bay oil production.
2007.--A release from a propane pipeline near Carmichael,
Mississippi killed 2 people, injured several others, destroyed
4 homes, and burned over 70 acres of land.
2010.--A pipeline spill in Marshall, Michigan released
819,000 gallons of crude oil into a tributary of the Kalamazoo
River. Expenses to clean up the spill exceeded $1.2 billion.
The pipeline operator also lost $16 million in revenue while
the line was out of service.
2010.--A natural gas pipeline explosion in San Bruno,
California, killed 8 people, injured 60 others, and destroyed
37 homes. California regulators imposed on the operator a fine,
penalties, and other remedies totaling $1.6 billion.
2011.--A natural gas pipeline explosion in Allentown, PA,
killed 5 people, damaged 50 buildings, and caused 500 people to
be evacuated.
2011.--A pipeline spill near Laurel, MT, released an
estimated 42,000 gallons of crude oil into the Yellowstone
River.
2014.--A natural gas distribution pipeline explosion in New
York City killed 8 people, injured 50 others, destroyed 2 5-
story buildings, and caused the temporary closure of a transit
line due to debris.
2015.--A pipeline in Santa Barbara County, CA, spilled
143,000 gallons of crude oil, including 21,000 gallons reaching
Refugio State Beach on the Pacific Ocean.
These incidents may have imposed additional economic damages among
pipeline users to the temporary disruption of pipeline supplies, but
such ``downstream'' economic impacts are generally not quantified in
accident investigations.
Question 2. It seems as though a wide array of Government actors
have responsibilities regarding the safety of pipelines. In your view,
are there any areas of overlap or redundancy in the Government's
efforts to ensure that pipelines are secure?
Answer. Three Federal agencies play the most significant roles in
the formulation, administration, and oversight of pipeline safety
regulations in the United States. The Department of Transportation's
(DOT) Pipeline and Hazardous Materials Safety Administration (PHMSA)
has the primary responsibility for the promulgation and enforcement of
Federal pipeline safety standards. PHMSA regulates key aspects of
safety for energy product pipelines in the United States: Design,
construction, operation and maintenance, and spill response planning
(see Title 49 of the Code of Federal Regulations). PHMSA's enabling
legislation also allows the agency to delegate authority to intra-State
pipeline safety offices, and allows State offices to act as ``agents''
administering inter-State pipeline safety programs (excluding
enforcement) for those sections of inter-State pipelines within their
boundaries. The Federal Energy Regulatory Commission is not
operationally involved in pipeline safety, but it examines safety
issues under its siting authority for inter-State natural gas
pipelines. The National Transportation Safety Board investigates
transportation accidents--including pipeline accidents--and issues
associated safety recommendations.
As stated in my written testimony, Federal oversight of pipeline
security falls under the jurisdiction of the Transportation Security
Administration (TSA) within the Department of Homeland Security.
Although the TSA has regulatory authority for pipeline security, its
activities rely upon voluntary industry compliance with the agency's
security guidance and best practice recommendations.
Since TSA was established, Congress has had a continuing interest
in the appropriate division of pipeline security authority between the
DOT and TSA. In 2004, the DOT and DHS entered into a memorandum of
understanding (MOU) concerning their respective security roles in all
modes of transportation. The MOU notes that DHS has the primary
responsibility for transportation security with support from the DOT,
and establishes a general framework for cooperation and coordination.
On August 9, 2006, the Congressional Research Service departments
signed an annex ``to delineate clear lines of authority and
responsibility and promote communications, efficiency, and
nonduplication of effort through cooperation and collaboration between
the parties in the area of transportation security.''\1\ According to
TSA, the 2 agencies maintain daily contact, share information in a
timely manner, and collaborate on security guidelines and incident
response planning. Although pipeline safety and security, in some
cases, may be operationally related, CRS is not aware of any recent
reports or industry comments suggesting that there is overlap or
redundancy between TSA's activities in pipeline security and PHMSA's
activities in pipeline safety.
---------------------------------------------------------------------------
\1\ Transportation Security Administration and Pipelines and
Hazardous Materials Safety Administration, ``Transportation Security
Administration and Pipelines and Hazardous Materials Safety
Administration Cooperation on Pipelines and Hazardous Materials
Transportation Security,'' August 9, 2006.
---------------------------------------------------------------------------
[all]