TSA's pipeline security team has five employees

The Transportation Security Administration oversees 2.7 million miles of gas pipeline with 5 full-time employees -- none of whom have cyber experience.

Shutterstock ID  1060101578 By Sundry Photography pipeline san jose
 

The Transportation Security Administration division responsible for securing the nation's 2.7 million miles of pipeline currently has just five dedicated full-time employees, none with cybersecurity expertise, according to a TSA official.

Sonya Proctor, director of the Surface Division for the Office of Security Policy and Industry Engagement at TSA, told lawmakers at a Feb. 26 House Homeland Security Committee hearing that her pipeline security workforce is largely reliant on other federal entities within TSA and the Department of Homeland Security for cybersecurity resources.

"We have [no employees] that have specific cybersecurity expertise," Proctor said. "They do have pipeline expertise, but not cybersecurity expertise."

Proctor said that TSA coordinates with the Cybersecurity and Infrastructure Security Agency (CISA) for cybersecurity assessments and technical guidance. A planned merger with the Security Operations Office will allow the Pipeline Security Program to draw support from a 200-strong pool of transportation security field inspectors. However, those inspectors will be responsible for working on all surface transportation security. Proctor could not provide any figures around how many would be assigned to work on pipeline security full-time or part-time.

"We think the pipeline section is going to require specialized training, so we are going to put those people in there, provide the training and make sure that they are qualified to go out and do those assessments," said Proctor. "We've not arrived at a final number yet, we're still working on the some of the staffing issues for the shifting of personnel."

A 2018 Government Accountability Office report found that staffing levels at the Pipeline Security Program have fluctuated between as high as 14 and as low as one since 2010. It also found the TSA did not have a strategic workforce plan to identify skills and competencies -- such as cybersecurity expertise -- needed to carry out its mission.

Neil Chatterjee, chairman of the Federal Energy Regulatory Committee, has publicly called for an agency with stronger rule-making authority than TSA to take over the pipeline security function, although he recently told a Senate panel that he's since adopted a wait-and-see attitude.

In December 2018, TSA rolled out a cybersecurity road map to guide the organization's strategy over the next five years that calls for the organization's IT personnel to conduct more targeted risk assessment and mitigation for internal systems, embrace information sharing and develop detailed response and recovery plans based on past experience.

The road map also indicates the organization views CISA as a major partner in any information security efforts, something Proctor reiterated to reporters after the hearing.

"The cyber piece is going to reside primarily with CISA. They are the experts for DHS," said Proctor, adding that a hiring blitz for cyber-focused workers at TSA was not "in the immediate plans."

During the hearing, Rep. Jim Langevin (D-R.I.) called the lack of employees with cybersecurity background in the Pipeline Security Program "troubling." In a statement to FCW after the hearing, Langevin said that support from CISA was "appropriate," but as a transportation-specific agency, TSA "needs to have some level of in-house cybersecurity expertise."

"It is incumbent on TSA to come to the table with an understanding of the unique cybersecurity challenges faced in the sector," Langevin said. "I hope TSA will take the opportunity provided by the Cybersecurity Road Map and the forthcoming implementation plan to reassess what resources, including personnel, it needs to adequately coordinate protection of our pipelines, rail networks, and other surface transportation infrastructure."

Bob Kolasky, director of the National Risk Management Center at CISA, said the center's work defining national critical functions throughout the United States is expected to be finalized in April, and it has already flagged pipeline security as one area requiring higher prioritization from the federal government. He said his organization works with TSA to plan and implement validated architecture design reviews for pipeline networks and systems and that both groups rely on each other for specialized knowledge.

We're "having [both groups] work together to plan the assessment and then go out and do that collectively, so the teams that are doing the assessments are our experts on the assessments and control systems and business processes related to cyber and they're the experts on pipelines," Kolasky said.

Some lawmakers would rather shift responsibility for pipeline security out of TSA. Sens. John Cornyn (R-Texas) and Martin Heinrich (D-N.M.) are co-sponsoring a bill that would give the Department of Energy ultimate responsibility for pipelines.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.