TSA support for pipeline, cybersecurity grows exponentially

Thursday, August 19, 2021
Pipeline photo

As TSA follows through on a pledge to bring the frontline airport screening workforce up to full capacity, the agency is also making a strong commitment to expand another critical piece of the nation’s transportation security network – pipeline security.

“Since the passage of the TSA Modernization Act of 2018, TSA has expanded our pipeline security staff over six-fold from six to 39 full-time equivalents,” said Administrator David Pekoske during testimony before the Senate Committee on Commerce, Science, and Transportation. “These resources, both in our headquarters and in the field, have allowed us to substantially increase our surface transportation security capacity.”

Pekoske said in fiscal year 2020, TSA established and trained a 20-member field-based Pipeline Security Assessment Team (PSAT) comprised of surface transportation security inspectors from across the country to expand TSA’s support and engagement with pipeline owners and operators.

To enhance cybersecurity, TSA Surface Operations has trained eight members from the PSAT and TSA headquarters teams who completed comprehensive cybersecurity training from Idaho National Labs in partnership with the DHS Cybersecurity and Infrastructure Security Agency.

Mike Madrigal photo
Pipeline Security Assessment Team Cybersecurity team member Mike Madrigal (left) from Los Angeles International Airport receives cybersecurity and network architecture instruction from Idaho National Lab staff in March 2021. Validated Architecture Design Review Program Manager Chris Masters (right) is also hard at work. (Photo by Raymond Reese)

“TSA has the responsibility for the oversight of physical and cybersecurity on all operational pipelines in the U.S.,” described TSA Policy, Plans and Engagement (PPE) Surface Division Executive Director Scott Gorton. “These additional resources (people and budget) clearly show TSA’s commitment to strengthening our oversight of this critical sector. This is especially critical given the threats this industry faces.”

In response to those threats, TSA over the last few months has issued two security directives requiring pipeline owners and operators who transport hazardous liquids and natural gas to implement a number of urgently needed security measures to protect against cyber intrusions.

Chuck Phillips photo
TSA Pipeline Industry Engagement Manager Chuck Phillips poses in the ‘bear cage’ where pipeline operators working on the North Slope in Alaska can seek protection when a polar bear happens to cross their facility. (Photo courtesy of Chuck Phillips)

“This is a major change in how TSA works with the pipeline industry,” TSA PPE Surface Division Pipeline Industry Engagement Manager Chuck Phillips emphasized. “We will continue to conduct security assessments based on TSA pipeline security guidelines, but the guidelines were voluntary. Now, the industry has to comply with specific requirements in the security directives. Compliance will significantly improve the cybersecurity posture of the industry.”

Phillips said the ransomware attack on Colonial Pipeline earlier this year was a big wake-up call for the industry.

“We have traditionally focused on the security of operational technology (OT), which is the technology that actually controls the flow of the product on a pipeline,” said Phillips. “The Colonial ransomware attack was on their information technology (IT) system, and the company shut down their pipeline to ensure the attack did not spread to their OT. Cyber attackers are looking for access to OT by first accessing the IT system and then ‘jumping’ to the OT system. So, what has really changed is our emphasis on securing IT systems as well as OT systems.”

TSA began working with the nation’s pipeline industry when the agency was established in 2001, partnering with owners and operators to assess and mitigate vulnerabilities and improve security through collaborative efforts such as intelligence briefings, exercises, assessments and on-site reviews.

“With the establishment of Surface Operations within Security Operations (in October 2019), TSA headquarters and the field has not only been able to bolster our pipeline work, but also substantially increase the number of people directly supporting the surface transportation security mission as a whole,” said Raymond Reese, TSA Security Operations pipeline program manager.

“The increased emphasis on pipeline security is a reminder that TSA has responsibilities for all modes of transportation, not only aviation,” said Gorton. “While cybersecurity is nothing new, there is now a heightened level of awareness of cyber-related risks across all modes of transportation and across all critical infrastructure. TSA is increasing its cyber resources to help industry reduce the risks and create a pathway for others to follow.”