Securing U.S. Surface Transportation from Cyber Attacks

Sonya Proctor, Director of Surface Division
Tuesday, February 26, 2019
As Delivered

Thank you. And good morning Chairman Thompson, Chairman Correa, and Richmond, and Ranking Member Lesko, and distinguished members of the subcommittee. Thank you for the opportunity to appear before you this morning to discuss the Transportation Security Administration's efforts to secure Surface Transportation Systems including Oil and Natural Gas Pipelines from cyber-security risks. I also want to thank you for the TSA Modernization Act and the support of that.

TSA is committed to securing the Transportation Sector which includes Pipelines against evolving and emerging risks such as cyber attacks; partnering with the private sector partners to secure Surface Transportation from cyber attacks is a critically important and complex undertaking. The U.S. Surface Transportation System is a complex interconnected and largely open network comprised of Mass Transit Systems, Passenger and Freight Railroads, over-the-road Bus operators, Motor Carrier operators, Pipelines, and Maritime facilities. The various modes that make up the system operate daily in close coordination with and proximity (ph) (inaudible) Transportation System, operating securely and safely.

Every year more than 10 billion trips are taken on 6,800 U.S. Mass Transit Systems which range from small-bus only systems in rural areas to large multi-modal systems in urban areas. Over-the-road bus operators carry approximately 604 million inter-city bus passengers each year; over 3,300 commercial bus companies travel on the 4 million miles of roadway in the U.S. and on more than 600,000 highway bridges and through over 470 tunnels. Those same roads, bridges, and tunnels support the movement of goods throughout the country by 8 million large-capacity commercial trucks.

As for our railroads and pipelines, more than 570 individual freight railroads carrying essential goods, operate on nearly 140,000 miles of track and 2.75 million miles of pipelines owned and operated by approximately 3,000 private companies, transporting natural gas, refined petroleum products, and other commercial products.

TSA's functions and authorities as a security agency are uniquely structured to tackle the challenges at the intersections of Surface Transportation and cyber risks. To secure these networks, TSA leverages its mature intelligence and analysis capability along with its Vetting and Credentialing Programs to ensure it can quickly develop and promulgate risk mitigation guidelines and measures to effectively (inaudible) bolstered by strong partnerships, trust, and collaboration with our federal industry and partners.

In this regard industry works with TSA to share their own unique vulnerabilities and security needs. Through this open communication we collaboratively develop programs and guidelines for industry to voluntarily adopt to increase their overall security posture an approach that has yielded significant security investments and improvements beyond what the agency would have achieved from a regulatory approach alone. We believe that this voluntary and collaborative approach to developing and implementing security measures has been successful.

However, we also recognize that should arise based on an eminent threat or real-world event the TSA administrator has unique authority to require immediate implementation of certain security measures through the issuance of security directives.

In December of 2018 the TSA administer -- the TSA administrator issued the Agency's Cybersecurity Roadmap which will guide efforts to prioritize cyber-security measures within TSA and across the Transportation System over the next five years. TSA approaches both cyber-security and physical security by identifying, assessing, and mitigating the risk. TSA helps surface owners and operators identify vulnerabilities and risks in their operations and works with them to develop and implement risk mitigating solutions.

In closing TSA has been able to support the improvement of both physical and cyber-security across all surface modes of transportation, including pipelines, thanks to the trust and relationships we have cultivated with our federal partners and industry as evidenced by the programs and resources TSA has collaboratively developed and implementing for our Surface Transportation stakeholders. TSA is committed to securing the nation's Surface Transportation System from terrorist activities and cyber attacks.

TSA looks forward to working with Congress on these efforts and thank you for the opportunity to discuss these issues here with you today. I look forward to the subcommittee's questions.