Lawmakers probe TSA's pipeline cyber role
- By Mark Rockwell
- Feb 14, 2019
Responsibility for oversight of 2.7 million miles of U.S. pipeline infrastructure falls to the Transportation Security Administration, but an oversight report from December 2018 found that TSA needs to get a better handle on this role.
According to Government Accountability Office, the agency hasn't maintained needed staffing levels in its pipeline security operations or kept its risk assessment methodology up to date.
China has the ability to launch disruptive cyberattacks on U.S. critical infrastructure including gas pipelines, according to a recent public intelligence assessment. That possibility has lawmakers concerned.
At a Feb. 14 Senate hearing, Sen. Martin Heinrich (D-N.M.) asked Neil Chatterjee, chairman of the Federal Energy Regulatory Committee, if TSA was the right agency to oversee gas pipeline security.
Chatterjee co-authored an Axios column in June 2018 calling for an agency with more stringent rulemaking authority, possibly the Department of Energy, to take over to take over pipeline security. Since then the energy regulator has changed his tune a bit.
"I've been impressed with industry's and TSA's response" to working on protections, Chatterjee said, adding he wanted to "give industry and TSA the opportunity to work in good faith" to improve pipeline security.
"It's clear TSA has a greater focus" on protecting pipelines, which have become crucial in supporting the electrical grid, said Chatterjee.
Chatterjee reminded the committee that moving TSA's authority to another agency would take an act of Congress.
Heinrich and Sen. John Cornyn (R-Texas) are looking to accomplish that. The two introduced a bill in late January to shift oversight of physical and cybersecurity of oil and gas pipelines to the energy secretary.
Sen. Angus King (I-Maine) took issue with voluntary security standards for the pipeline industry.
"Natural gas pipelines should have mandated standards" similar to those that apply to the electrical grid, he said. "We are in a dangerous place. This should be an urgent situation."
Chatterjee wouldn't respond directly when asked by King if mandatory cyber and physical security standards should be applied to pipelines. "Mandatory standards are one way," he said, adding that he was working with industry and TSA to strengthen protections and oversight.
Days before the GAO report was released, TSA Administrator David Pekoske announced an agency cybersecurity roadmap that called for transportation- and pipeline-sector stakeholders to go beyond sharing threat indicators and look at lessons learned, potential consequences and vulnerability-related details, as well as response and recovery plans after a cyber incident.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at [email protected] or follow him on Twitter at @MRockwell4.