114 HR 3243 RH: Pipeline Security Act
U.S. House of Representatives
2021-07-13
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.
1.This Act may be cited as the Pipeline Security Act
.2.Pipeline security responsibilitiesSubsection (f) of section 114 of title 49, United States Code, is amended—(1)in paragraph (15), by striking and
after the semicolon at the end;(2)by redesignating paragraph (16) as paragraph (17); and(3)by inserting after paragraph (15) the following new paragraph:(16)maintain responsibility, in coordination with the Director of the Cybersecurity and Infrastructure Security Agency, as appropriate, relating to securing pipeline transportation and pipeline facilities (as such terms are defined in section 60101 of this title) against cybersecurity threats (as such term is defined in section 102 of the Cybersecurity Information Sharing Act of 2015 (Public Law 114–113; 6 U.S.C. 1501)), an act of terrorism (as such term is defined in section 3077 of title 18), and other nefarious acts that jeopardize the physical security or cybersecurity of such transportation or facilities; and.3.Pipeline security section Pipeline security division(a)Title XVI of the Homeland Security Act of 2002 (6 U.S.C. 561 et seq.) is amended by adding at the end the following:D1631.Pipeline security section Pipeline security division(a)There is within the Administration a pipeline security sectionpipeline security division to carry out pipeline security programs in furtherance of section 114(f)(16) of title 49, United States Code.(b)The mission of the sectiondivision referred to in subsection (a) is to oversee, in coordination with the Cybersecurity and Infrastructure Security Agency of the Department, the security of pipeline transportation and pipeline facilities (as such terms are defined in section 60101 of title 49, United States Code) against cybersecurity threats (as such term is defined in section 102 of the Cybersecurity Information Sharing Act of 2015 (Public Law 114–113; 6 U.S.C. 1501)), an act of terrorism (as such term is defined in section 3077 of title 18, United States Code), and other nefarious acts that jeopardize the physical security or cybersecurity of such transportation or facilities.(c)The Administrator shall appoint as the head of the sectiondivisionan individual in the executive service of the Administration with knowledge of the pipeline industry and security best practices, as determined appropriate by the Administrator. The sectiondivision shall be staffed by a workforce that includes personnel with cybersecurity expertise.(d)The sectiondivision shall be responsible for carrying out the duties of the sectiondivision as directed by the Administrator, acting through the head appointed pursuant to subsection (c). Such duties shall include the following:(1)Developing, in consultation with relevant Federal, State, local, Tribal, and territorial entities and public and private sector stakeholders, guidelines for improving the security of pipeline transportation and pipeline facilities against cybersecurity threats, an act of terrorism, and other nefarious acts that jeopardize the physical security or cybersecurity of such transportation or facilities, consistent with the National Institute of Standards and Technology Framework for Improvement of Critical Infrastructure Cybersecurity and any update to such guidelines pursuant to section 2(c)(15) of the National Institute for Standards and Technology Act (15 U.S.C. 272(c)(15)).(2)Updating such guidelines as necessary based on intelligence and risk assessments, but not less frequently than every three years, unless such guidelines are superseded by directives or regulations.(3)Sharing of such guidelines and, as appropriate, intelligence and information regarding such security threats to pipeline transportation and pipeline facilities, as appropriate, with relevant Federal, State, local, Tribal, and territorial entities and public and private sector stakeholders.(4)Conducting voluntary security assessments based on such guidelines to provide recommendations, or mandatory security assessments if required by superseding directives or regulations, to provide recommendations or requirements for the improvement of the security of pipeline transportation and pipeline facilities against cybersecurity threats, an act of terrorism, and other nefarious acts that jeopardize the physical security or cybersecurity of such transportation or facilities, including the security policies, plans, practices, and training programs maintained by owners and operators of pipeline facilities.(5)Carrying out a program through which the Administrator identifies and ranks the relative risk of pipelines and inspects pipeline facilities designated by owners and operators of such facilities as critical based on such guidelines or superseding directives or regulations.(6)Preparing notice and comment regulations for publication, if determined necessary by the Administrator.(6) Supporting the development and implementation of a security directive or regulation when the Administrator issues such a directive or regulation.(e)In furtherance of the section’sdivision’s mission, as set forth in subsection (b), the Administrator and the Director of the Cybersecurity and Infrastructure Security Agency may detail personnel between their components to leverage expertise. Personnel detailed from the Cybersecurity and Infrastructure Security Agency may be considered as fulfilling the cybersecurity expertise requirements in referred to in subsection (c)..(b)Not later than one year after the date of the enactment of this Act, the pipeline security sectionpipeline security division of the Transportation Security Administration established pursuant to section 1631 of the Homeland Security Act of 2002, as added by subsection (a), shall publish updated guidelines described in subsection (d) of such section, except to the extent such guidelines have been superseded by directives or regulations.(c)The table of contents in section 1(b) of the Homeland Security Act of 2002 is amended by—(1)striking the item relating to section 1617 and inserting the following new item:Sec. 1617. Diversified security technology industry marketplace.;(2)by striking the item relating to section 1621 and inserting the following new item:Sec. 1621. Maintenance validation and oversight.;(3)inserting after the item relating to section 1621 the following:Subtitle D—Pipeline Security Sec. 1631. Pipeline security section Pipeline security division..4.(a)Not later than 180 days after the date of the enactment of this Act, the Administrator of the Transportation Security Administration, in coordination with the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security, shall develop a personnel strategy for enhancing operations within the pipeline security section pipeline security division of the Transportation Security Administration established pursuant to section 1631 of the Homeland Security Act of 2002, as added by section 3.(b)The strategy required under subsection (a) shall take into consideration the most recently published versions of each of the following documents:(1)The Transportation Security Administration National Strategy for Transportation Security.(2)The Department of Homeland Security Cybersecurity Strategy.(3)The Transportation Security Administration Cybersecurity Roadmap.(4)The Department of Homeland Security Balanced Workforce Strategy.(5)The Department of Homeland Security Quadrennial Homeland Security Review.(c)The strategy shall include an assessment of the cybersecurity expertise determined necessary by the Administrator of the Transportation Security Administration and a plan for developing such expertise within the Administration.(c) (d)The strategy shall include an assessment of resources determined necessary by the Administrator of the Transportation Security Administration to carry out such strategy.(d) (e)Upon development of the strategy, the Administrator of the Transportation Security Administration shall provide to the Committee on Homeland Security of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate a copy of such strategy.5.(a)The Administrator of the Transportation Security Administration shall report to the Committee on Homeland Security of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate not less than annually on activities of the pipeline security section pipeline security division of the Administration established pursuant to section 1631 of the Homeland Security Act of 2002, as added by section 3, including information with respect to guidelines, directives, regulations, security assessments, and inspections under such section. Each such report shall include a determination by the Administrator regarding whether there is a need for new regulations or non-regulatory initiatives and the basis for such determination.(b)Not later than two years after the date of the enactment of this Act, the Comptroller General of the United States shall conduct a review of the implementation of this Act and the amendments made by this Act.6.Not later than one year after the date of the enactment of this Act, the Administrator of the Transportation Security Administration shall convene not less than two industry days to engage with relevant pipeline transportation and pipeline facilities stakeholders on matters related to the security of pipeline transportation and pipeline facilities (as such terms are defined in section 60101 of title 49, United States Code).July 13, 2021Reported with amendments, committed to the Committee of the Whole House on the State of the Union, and ordered to be printed