[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3243 Introduced in House (IH)]

<DOC>






117th CONGRESS
  1st Session
                                H. R. 3243

 To codify the Transportation Security Administration's responsibility 
 relating to securing pipelines against cybersecurity threats, acts of 
   terrorism, and other nefarious acts that jeopardize the physical 
    security or cybersecurity of pipelines, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                              May 14, 2021

Mr. Cleaver (for himself, Mr. Thompson of Mississippi, Mr. Katko, Mrs. 
Watson Coleman, Ms. Clarke of New York, Ms. Jackson Lee, Mr. Langevin, 
Mr. Correa, Mr. Green of Texas, Mr. Swalwell, Ms. Titus, Ms. Barragan, 
  Mrs. Luria, Mr. Torres of New York, and Mr. Gimenez) introduced the 
    following bill; which was referred to the Committee on Homeland 
                                Security

_______________________________________________________________________

                                 A BILL


 
 To codify the Transportation Security Administration's responsibility 
 relating to securing pipelines against cybersecurity threats, acts of 
   terrorism, and other nefarious acts that jeopardize the physical 
    security or cybersecurity of pipelines, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Pipeline Security Act''.

SEC. 2. PIPELINE SECURITY RESPONSIBILITIES.

    Subsection (f) of section 114 of title 49, United States Code, is 
amended--
            (1) in paragraph (15), by striking ``and'' after the 
        semicolon at the end;
            (2) by redesignating paragraph (16) as paragraph (17); and
            (3) by inserting after paragraph (15) the following new 
        paragraph:
            ``(16) maintain responsibility, in coordination with the 
        Director of the Cybersecurity and Infrastructure Security 
        Agency, as appropriate, relating to securing pipeline 
        transportation and pipeline facilities (as such terms are 
        defined in section 60101 of this title) against cybersecurity 
        threats (as such term is defined in section 102 of the 
        Cybersecurity Information Sharing Act of 2015 (Public Law 114-
        113; 6 U.S.C. 1501)), an act of terrorism (as such term is 
        defined in section 3077 of title 18), and other nefarious acts 
        that jeopardize the physical security or cybersecurity of such 
        transportation or facilities; and''.

SEC. 3. PIPELINE SECURITY SECTION.

    (a) In General.--Title XVI of the Homeland Security Act of 2002 (6 
U.S.C. 561 et seq.) is amended by adding at the end the following:

                    ``Subtitle D--Pipeline Security

``SEC. 1631. PIPELINE SECURITY SECTION.

    ``(a) Establishment.--There is within the Administration a pipeline 
security section to carry out pipeline security programs in furtherance 
of section 114(f)(16) of title 49, United States Code.
    ``(b) Mission.--The mission of the section referred to in 
subsection (a) is to oversee, in coordination with the Cybersecurity 
and Infrastructure Security Agency of the Department, the security of 
pipeline transportation and pipeline facilities (as such terms are 
defined in section 60101 of title 49, United States Code) against 
cybersecurity threats (as such term is defined in section 102 of the 
Cybersecurity Information Sharing Act of 2015 (Public Law 114-113; 6 
U.S.C. 1501)), an act of terrorism (as such term is defined in section 
3077 of title 18, United States Code), and other nefarious acts that 
jeopardize the physical security or cybersecurity of such 
transportation or facilities.
    ``(c) Leadership; Staffing.--The Administrator shall appoint as the 
head of the section an individual with knowledge of the pipeline 
industry and security best practices, as determined appropriate by the 
Administrator. The section shall be staffed by a workforce that 
includes personnel with cybersecurity expertise.
    ``(d) Responsibilities.--The section shall be responsible for 
carrying out the duties of the section as directed by the 
Administrator, acting through the head appointed pursuant to subsection 
(c). Such duties shall include the following:
            ``(1) Developing, in consultation with relevant Federal, 
        State, local, Tribal, and territorial entities and public and 
        private sector stakeholders, guidelines for improving the 
        security of pipeline transportation and pipeline facilities 
        against cybersecurity threats, an act of terrorism, and other 
        nefarious acts that jeopardize the physical security or 
        cybersecurity of such transportation or facilities, consistent 
        with the National Institute of Standards and Technology 
        Framework for Improvement of Critical Infrastructure 
        Cybersecurity and any update to such guidelines pursuant to 
        section 2(c)(15) of the National Institute for Standards and 
        Technology Act (15 U.S.C. 272(c)(15)).
            ``(2) Updating such guidelines as necessary based on 
        intelligence and risk assessments, but not less frequently than 
        every three years.
            ``(3) Sharing of such guidelines and, as appropriate, 
        intelligence and information regarding such security threats to 
        pipeline transportation and pipeline facilities, as 
        appropriate, with relevant Federal, State, local, Tribal, and 
        territorial entities and public and private sector 
        stakeholders.
            ``(4) Conducting voluntary security assessments based on 
        such guidelines to provide recommendations for the improvement 
        of the security of pipeline transportation and pipeline 
        facilities against cybersecurity threats, an act of terrorism, 
        and other nefarious acts that jeopardize the physical security 
        or cybersecurity of such transportation or facilities, 
        including the security policies, plans, practices, and training 
        programs maintained by owners and operators of pipeline 
        facilities.
            ``(5) Carrying out a program through which the 
        Administrator identifies and ranks the relative risk of 
        pipelines and inspects pipeline facilities designated by owners 
        and operators of such facilities as critical based on such 
        guidelines.
            ``(6) Preparing notice and comment regulations for 
        publication, if determined necessary by the Administrator.
    ``(e) Details.--In furtherance of the section's mission, as set 
forth in subsection (b), the Administrator and the Director of the 
Cybersecurity and Infrastructure Security Agency may detail personnel 
between their components to leverage expertise. Personnel detailed from 
the Cybersecurity and Infrastructure Security Agency may be considered 
as fulfilling the cybersecurity expertise requirements in referred to 
in subsection (c).''.
    (b) Updated Guidelines.--Not later than one year after the date of 
the enactment of this Act, the pipeline security section of the 
Transportation Security Administration established pursuant to section 
1631 of the Homeland Security Act of 2002, as added by subsection (a), 
shall publish updated guidelines described in subsection (d) of such 
section.
    (c) Clerical Amendments.--The table of contents in section 1(b) of 
the Homeland Security Act of 2002 is amended by--
            (1) striking the item relating to section 1617 and 
        inserting the following new item:

``Sec. 1617. Diversified security technology industry marketplace.'';
            (2) by striking the item relating to section 1621 and 
        inserting the following new item:

``Sec. 1621. Maintenance validation and oversight.'';
            (3) inserting after the item relating to section 1621 the 
        following:

                    ``Subtitle D--Pipeline Security

``Sec. 1631. Pipeline security section.''.

SEC. 4. PERSONNEL STRATEGY.

    (a) In General.--Not later than 180 days after the date of the 
enactment of this Act, the Administrator of the Transportation Security 
Administration, in coordination with the Director of the Cybersecurity 
and Infrastructure Security Agency of the Department of Homeland 
Security, shall develop a personnel strategy for enhancing operations 
within the pipeline security section of the Transportation Security 
Administration established pursuant to section 1631 of the Homeland 
Security Act of 2002, as added by section 3.
    (b) Contents.--The strategy required under subsection (a) shall 
take into consideration the most recently published versions of each of 
the following documents:
            (1) The Transportation Security Administration National 
        Strategy for Transportation Security.
            (2) The Department of Homeland Security Cybersecurity 
        Strategy.
            (3) The Transportation Security Administration 
        Cybersecurity Roadmap.
            (4) The Department of Homeland Security Balanced Workforce 
        Strategy.
            (5) The Department of Homeland Security Quadrennial 
        Homeland Security Review.
    (c) Resources.--The strategy shall include an assessment of 
resources determined necessary by the Administrator of the 
Transportation Security Administration to carry out such strategy.
    (d) Submission to Congress.--Upon development of the strategy, the 
Administrator of the Transportation Security Administration shall 
provide to the Committee on Homeland Security of the House of 
Representatives and the Committee on Commerce, Science, and 
Transportation of the Senate a copy of such strategy.

SEC. 5. OVERSIGHT.

    (a) Report to Congress.--The Administrator of the Transportation 
Security Administration shall report to the Committee on Homeland 
Security of the House of Representatives and the Committee on Commerce, 
Science, and Transportation of the Senate not less than annually on 
activities of the pipeline security section of the Administration 
established pursuant to section 1631 of the Homeland Security Act of 
2002, as added by section 3, including information with respect to 
guidelines, security assessments, and inspections under such section. 
Each such report shall include a determination by the Administrator 
regarding whether there is a need for new regulations or non-regulatory 
initiatives and the basis for such determination.
    (b) GAO Review.--Not later than two years after the date of the 
enactment of this Act, the Comptroller General of the United States 
shall conduct a review of the implementation of this Act and the 
amendments made by this Act.

SEC. 6. STAKEHOLDER ENGAGEMENT.

    Not later than one year after the date of the enactment of this 
Act, the Administrator of the Transportation Security Administration 
shall convene not less than two industry days to engage with relevant 
pipeline transportation and pipeline facilities stakeholders on matters 
related to the security of pipeline transportation and pipeline 
facilities (as such terms are defined in section 60101 of title 49, 
United States Code).
                                 <all>