[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3699 Reported in House (RH)]

<DOC>





                                                 Union Calendar No. 224
116th CONGRESS
  1st Session
                                H. R. 3699

                          [Report No. 116-279]

 To codify the Transportation Security Administration's responsibility 
 relating to securing pipelines against cybersecurity threats, acts of 
   terrorism, and other nefarious acts that jeopardize the physical 
    security or cybersecurity of pipelines, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                             July 11, 2019

 Mr. Cleaver introduced the following bill; which was referred to the 
                     Committee on Homeland Security

                           November 12, 2019

                     Additional sponsor: Mr. Taylor

                           November 12, 2019

Committed to the Committee of the Whole House on the State of the Union 
                       and ordered to be printed


_______________________________________________________________________

                                 A BILL


 
 To codify the Transportation Security Administration's responsibility 
 relating to securing pipelines against cybersecurity threats, acts of 
   terrorism, and other nefarious acts that jeopardize the physical 
    security or cybersecurity of pipelines, and for other purposes.


 


    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Pipeline Security Act''.

SEC. 2. PIPELINE SECURITY RESPONSIBILITIES.

    Subsection (f) of section 114 of title 49, United States Code, is 
amended--
            (1) in paragraph (15), by striking ``and'' after the 
        semicolon at the end;
            (2) by redesignating paragraph (16) as paragraph (17); and
            (3) by inserting after paragraph (15) the following new 
        paragraph:
            ``(16) maintain responsibility, in coordination with the 
        Director of the Cybersecurity and Infrastructure Security 
        Agency, as appropriate, relating to securing pipeline 
        transportation and pipeline facilities (as such terms are 
        defined in section 60101 of this title) against cybersecurity 
        threats (as such term is defined in section 102 of the 
        Cybersecurity Information Sharing Act of 2015 (Public Law 114-
        113; 6 U.S.C. 1501)), an act of terrorism (as such term is 
        defined in section 3077 of title 18), and other nefarious acts 
        that jeopardize the physical security or cybersecurity of such 
        transportation or facilities; and''.

SEC. 3. PIPELINE SECURITY SECTION.

    (a) In General.--Title XII of the Implementing Recommendations of 
the 9/11 Commission Act of 2007 (Public Law 110-53) is amended by 
adding at the end the following new section:

``SEC. 1209. PIPELINE SECURITY SECTION.

    ``(a) Establishment.--There is within the Transportation Security 
Administration a pipeline security section to carry out pipeline 
security programs in furtherance of section 114(f)(16) of title 49, 
United States Code.
    ``(b) Mission.--The mission of the section referred to in 
subsection (a) is to oversee, in coordination with the the 
Cybersecurity and Infrastructure Security Agency of the Department of 
Homeland Security, the security of pipeline transportation and pipeline 
facilities (as such terms are defined in section 60101 of title 49, 
United States Code) against cybersecurity threats (as such term is 
defined in section 102 of the Cybersecurity Information Sharing Act of 
2015 (Public Law 114-113; 6 U.S.C. 1501)), an act of terrorism (as such 
term is defined in section 3077 of title 18, United States Code), and 
other nefarious acts that jeopardize the physical security or 
cybersecurity of such transportation or facilities.
    ``(c) Leadership; Staffing.--The Administrator of the 
Transportation Security Administration shall appoint as the head of the 
section an individual with knowledge of the pipeline industry and 
security best practices, as determined appropriate by the 
Administrator. The section shall be staffed by a workforce that 
includes personnel with cybersecurity expertise.
    ``(d) Responsibilities.--The section shall be responsible for 
carrying out the duties of the section as directed by the Administrator 
of the Transportation Security Administration, acting through the head 
appointed pursuant to subsection (c). Such duties shall include the 
following:
            ``(1) Developing, in consultation with relevant Federal, 
        State, local, Tribal, territorial entities and public and 
        private sector stakeholders, guidelines for improving the 
        security of pipeline transportation and pipeline facilities 
        against cybersecurity threats, an act of terrorism, and other 
        nefarious acts that jeopardize the physical security or 
        cybersecurity of such transportation or facilities, consistent 
        with the National Institute of Standards and Technology 
        Framework for Improvement of Critical Infrastructure 
        Cybersecurity and any update to such guidelines pursuant to 
        section 2(c)(15) of the National Institute for Standards and 
        Technology Act (15 U.S.C. 272(c)(15)).
            ``(2) Updating such guidelines as necessary based on 
        intelligence and risk assessments, but not less frequently than 
        every three years.
            ``(3) Sharing of such guidelines and, as appropriate, 
        intelligence and information regarding such security threats to 
        pipeline transportation and pipeline facilities, as 
        appropriate, with relevant Federal, State, local, Tribal, and 
        territorial entities and public and private sector 
        stakeholders.
            ``(4) Conducting voluntary security assessments based on 
        the guidelines developed pursuant to paragraph (1) to provide 
        recommendations for the improvement of the security of pipeline 
        transportation and pipeline facilities against cybersecurity 
        threats, an act of terrorism, and other nefarious acts that 
        jeopardize the physical security or cybersecurity of such 
        transportation or facilities, including the security policies, 
        plans, practices, and training programs maintained by owners 
        and operators of pipeline facilities.
            ``(5) Carrying out a program through which the 
        Administrator identifies and ranks the relative risk of 
        pipelines and inspects pipeline facilities designated by owners 
        and operators of such facilities as critical based on the 
        guidelines developed pursuant to paragraph (1).
            ``(6) Preparing notice and comment regulations for 
        publication, if determined necessary by the Administrator.
    ``(e) Details.--In furtherance of the section's mission, as set 
forth in subsection (b), the Administrator and the Director of the 
Cybersecurity and Infrastructure Security Agency may detail personnel 
between their components to leverage expertise. Personnel detailed from 
the Cybersecurity and Infrastructure Security Agency may be considered 
as fulfilling the cybersecurity expertise requirements in referred to 
in subsection (c).''.
    (b) Updated Guidelines.--Not later than March 31, 2021, the section 
shall publish updated guidelines pursuant to section 1209 of the 
Implementing Recommendations of the 9/11 Commission Act of 2007, as 
added by subsection (a).
    (c) Clerical Amendment.--The table of contents for the Implementing 
Recommendations of the 9/11 Commission Act of 2007 is amended by 
inserting after the item relating to section 1208 the following new 
item:

``Sec. 1209. Pipeline security section.''.

SEC. 4. PERSONNEL STRATEGY.

    (a) In General.--Not later than 180 days after the date of the 
enactment of this Act, the Administrator of the Transportation Security 
Administration, in coordination with the Director of the Cybersecurity 
and Infrastructure Security Agency of the Department of Homeland 
Security, shall develop a personnel strategy for enhancing operations 
within the pipeline security section of the Transportation Security 
Administration, as established pursuant to section 1209 of the 
Implementing Recommendations of the 9/11 Commission Act of 2007, as 
added by section 3.
    (b) Contents.--The strategy required under subsection (a) shall 
take into consideration the most recently published versions of each of 
the following documents:
            (1) The Transportation Security Administration National 
        Strategy for Transportation Security.
            (2) The Department of Homeland Security Cybersecurity 
        Strategy.
            (3) The Transportation Security Administration 
        Cybersecurity Roadmap.
            (4) The Department of Homeland Security Balanced Workforce 
        Strategy.
            (5) The Department of Homeland Security Quadrennial 
        Homeland Security Review.
    (c) Resources.--The strategy shall include an assessment of 
resources determined necessary by the Administrator.
    (d) Submission to Congress.--Upon development of the strategy, the 
Administrator of the Transportation Security Administration shall 
provide to the Committee on Homeland Security of the House of 
Representatives and the Committee on Commerce, Science, and 
Transportation of the Senate a copy of such strategy.

SEC. 5. OVERSIGHT.

    (a) Report to Congress.--The Administrator of the Transportation 
Security Administration shall report to the Committee on Homeland 
Security of the House of Representatives and the Committee on Commerce, 
Science, and Transportation of the Senate not less than annually on 
activities of the pipeline security section of the Administration, as 
established pursuant to section 1209 of the Implementing 
Recommendations of the 9/11 Commission Act of 2007, as added by section 
3, including information with respect to guidelines, security 
assessments, and inspections. Each such report shall include a 
determination by the Administrator regarding whether there is a need 
for new regulations or non-regulatory initiatives and the basis for 
such determination.
    (b) GAO Review.--Not later than two years after the date of the 
enactment of this Act, the Comptroller General of the United States 
shall conduct a review of the implementation of this Act and the 
amendments made by this Act.

SEC. 6. STAKEHOLDER ENGAGEMENT.

    Not later than one year after the date of the enactment of this 
Act, the Administrator of the Transportation Security Administration 
shall convene not less than two industry days to engage with relevant 
pipeline transportation and pipeline facilities stakeholders on matters 
related to the security of pipeline transportation and pipeline 
facilities (as such terms are defined in section 60101 of title 49, 
United States Code).
                                                 Union Calendar No. 224

116th CONGRESS

  1st Session

                               H. R. 3699

                          [Report No. 116-279]

_______________________________________________________________________

                                 A BILL

 To codify the Transportation Security Administration's responsibility 
 relating to securing pipelines against cybersecurity threats, acts of 
   terrorism, and other nefarious acts that jeopardize the physical 
    security or cybersecurity of pipelines, and for other purposes.

_______________________________________________________________________

                           November 12, 2019

Committed to the Committee of the Whole House on the State of the Union 
                       and ordered to be printed