When you think about TSA, chances are you think about airports and checkpoints and don’t normally envision surface transportation, especially the nation’s hazardous liquid and natural gas pipeline systems. However, TSA is also primarily responsible for the federal oversight of pipeline physical security and cybersecurity.
During a presentation for the American Public Gas Association, TSA Surface Operations Assistant Administrator Sonya Proctor said TSA’s role in pipeline security started shortly after the agency was created. “We work with our Department of Transportation partners in the Pipeline and Hazardous Materials Administration (PHMSA). They have the safety side of pipeline operations, and we have the security side. We work hand-in-hand.”
Proctor said TSA’s role is focused on two areas – developing guidance for pipeline security and conducting assessments in the field. “Conducting assessments opposed to inspections,” she emphasized. “What we do with assessments is non-regulatory. We are applying security guidelines that have been developed in collaboration with industry when we conduct assessments.”
Protecting our nation’s pipelines is accomplished through an essential partnership between TSA, PHMSA and pipeline operators. Proctor said TSA teams with industry stakeholders to develop these guidelines and successful pipeline security initiatives, including assessments. “Everything we do in the pipeline environment with our pipeline partners has been collaborative. Now, we are building upon this legacy partnership to address emerging cybersecurity threats.”
The first pipeline security guidelines were developed in 2011 and updated in 2018 when TSA included an expanded section for cybersecurity.
“Cybersecurity is a huge focus right now across the transportation industry,” said Proctor. “The intelligence community has reported that nation-state actors have the ability to launch cyberattacks that can cause disruptive effects on critical infrastructure. It is anticipated that our adversaries and strategic competitors will increasingly build and integrate cyber espionage and attack and influence our capabilities.”
About 3,000 pipeline companies operate in the U.S. According to the DHS Cybersecurity and Infrastructure Security Agency (CISA), pipelines are part of the National Critical Function set and are so vital to the U.S. that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, and national public health or safety.
Congress has allocated $8.2 million to TSA to conduct cybersecurity assessments of pipeline Industrial Control Systems. “These assessments are at no cost to any company,” Proctor said. “No owner-operator pays for any [cybersecurity review]. TSA will continue to partner with CISA to do these assessments because we recognize their security value, and we look at this as a way owner-operators can ensure they are closing security gaps on the cyber side of their operation.”
Proctor added, “Truly the security of pipelines is of great importance to us all.”
She also said TSA continues to assess and evaluate the threat environment to the nation’s critical infrastructure across all surface transportation modes (including mass transit, freight rail, highways and pipelines). “Through established mechanisms already in place, TSA advises private industry companies of time-sensitive and relevant intelligence information.”
For more information on TSA’s pipeline security program and other surface transportation security efforts, visit the TSA.gov Surface Transportation webpage.