[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3243 Reported in House (RH)]

<DOC>





                                                  Union Calendar No. 60
117th CONGRESS
  1st Session
                                H. R. 3243

                          [Report No. 117-85]

 To codify the Transportation Security Administration's responsibility 
 relating to securing pipelines against cybersecurity threats, acts of 
   terrorism, and other nefarious acts that jeopardize the physical 
    security or cybersecurity of pipelines, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                              May 14, 2021

Mr. Cleaver (for himself, Mr. Thompson of Mississippi, Mr. Katko, Mrs. 
Watson Coleman, Ms. Clarke of New York, Ms. Jackson Lee, Mr. Langevin, 
Mr. Correa, Mr. Green of Texas, Mr. Swalwell, Ms. Titus, Ms. Barragan, 
  Mrs. Luria, Mr. Torres of New York, and Mr. Gimenez) introduced the 
    following bill; which was referred to the Committee on Homeland 
                                Security

                             July 13, 2021

            Additional sponsors: Mr. Van Drew and Mrs. Axne

                             July 13, 2021

Reported with amendments, committed to the Committee of the Whole House 
          on the State of the Union, and ordered to be printed


_______________________________________________________________________

                                 A BILL


 
 To codify the Transportation Security Administration's responsibility 
 relating to securing pipelines against cybersecurity threats, acts of 
   terrorism, and other nefarious acts that jeopardize the physical 
    security or cybersecurity of pipelines, and for other purposes.


 


    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Pipeline Security Act''.

SEC. 2. PIPELINE SECURITY RESPONSIBILITIES.

    Subsection (f) of section 114 of title 49, United States Code, is 
amended--
            (1) in paragraph (15), by striking ``and'' after the 
        semicolon at the end;
            (2) by redesignating paragraph (16) as paragraph (17); and
            (3) by inserting after paragraph (15) the following new 
        paragraph:
            ``(16) maintain responsibility, in coordination with the 
        Director of the Cybersecurity and Infrastructure Security 
        Agency, as appropriate, relating to securing pipeline 
        transportation and pipeline facilities (as such terms are 
        defined in section 60101 of this title) against cybersecurity 
        threats (as such term is defined in section 102 of the 
        Cybersecurity Information Sharing Act of 2015 (Public Law 114-
        113; 6 U.S.C. 1501)), an act of terrorism (as such term is 
        defined in section 3077 of title 18), and other nefarious acts 
        that jeopardize the physical security or cybersecurity of such 
        transportation or facilities; and''.

SEC. 3. PIPELINE SECURITY SECTION  PIPELINE SECURITY DIVISION.

    (a) In General.--Title XVI of the Homeland Security Act of 2002 (6 
U.S.C. 561 et seq.) is amended by adding at the end the following:

                    ``Subtitle D--Pipeline Security

``SEC. 1631. PIPELINE SECURITY SECTION   PIPELINE SECURITY DIVISION.

    ``(a) Establishment.--There is within the Administration a pipeline 
security section pipeline security division to carry out pipeline 
security programs in furtherance of section 114(f)(16) of title 49, 
United States Code.
    ``(b) Mission.--The mission of the section division referred to in 
subsection (a) is to oversee, in coordination with the Cybersecurity 
and Infrastructure Security Agency of the Department, the security of 
pipeline transportation and pipeline facilities (as such terms are 
defined in section 60101 of title 49, United States Code) against 
cybersecurity threats (as such term is defined in section 102 of the 
Cybersecurity Information Sharing Act of 2015 (Public Law 114-113; 6 
U.S.C. 1501)), an act of terrorism (as such term is defined in section 
3077 of title 18, United States Code), and other nefarious acts that 
jeopardize the physical security or cybersecurity of such 
transportation or facilities.
    ``(c) Leadership; Staffing.--The Administrator shall appoint as the 
head of the section division an individual in the executive service of 
the Administration with knowledge of the pipeline industry and security 
best practices, as determined appropriate by the Administrator. The 
section division shall be staffed by a workforce that includes 
personnel with cybersecurity expertise.
    ``(d) Responsibilities.--The section division shall be responsible 
for carrying out the duties of the section division as directed by the 
Administrator, acting through the head appointed pursuant to subsection 
(c). Such duties shall include the following:
            ``(1) Developing, in consultation with relevant Federal, 
        State, local, Tribal, and territorial entities and public and 
        private sector stakeholders, guidelines for improving the 
        security of pipeline transportation and pipeline facilities 
        against cybersecurity threats, an act of terrorism, and other 
        nefarious acts that jeopardize the physical security or 
        cybersecurity of such transportation or facilities, consistent 
        with the National Institute of Standards and Technology 
        Framework for Improvement of Critical Infrastructure 
        Cybersecurity and any update to such guidelines pursuant to 
        section 2(c)(15) of the National Institute for Standards and 
        Technology Act (15 U.S.C. 272(c)(15)).
            ``(2) Updating such guidelines as necessary based on 
        intelligence and risk assessments, but not less frequently than 
        every three years, unless such guidelines are superseded by 
        directives or regulations.
            ``(3) Sharing of such guidelines and, as appropriate, 
        intelligence and information regarding such security threats to 
        pipeline transportation and pipeline facilities, as 
        appropriate, with relevant Federal, State, local, Tribal, and 
        territorial entities and public and private sector 
        stakeholders.
            ``(4) Conducting voluntary security assessments based on 
        such guidelines to provide recommendations, or mandatory 
        security assessments if required by superseding directives or 
        regulations, to provide recommendations or requirements for the 
        improvement of the security of pipeline transportation and 
        pipeline facilities against cybersecurity threats, an act of 
        terrorism, and other nefarious acts that jeopardize the 
        physical security or cybersecurity of such transportation or 
        facilities, including the security policies, plans, practices, 
        and training programs maintained by owners and operators of 
        pipeline facilities.
            ``(5) Carrying out a program through which the 
        Administrator identifies and ranks the relative risk of 
        pipelines and inspects pipeline facilities designated by owners 
        and operators of such facilities as critical based on such 
        guidelines or superseding directives or regulations.
        <DELETED>    ``(6) Preparing notice and comment regulations for 
        publication, if determined necessary by the 
        Administrator.</DELETED>
            ``(6) Supporting the development and implementation of a 
        security directive or regulation when the Administrator issues 
        such a directive or regulation.
    ``(e) Details.--In furtherance of the section's division's mission, 
as set forth in subsection (b), the Administrator and the Director of 
the Cybersecurity and Infrastructure Security Agency may detail 
personnel between their components to leverage expertise. Personnel 
detailed from the Cybersecurity and Infrastructure Security Agency may 
be considered as fulfilling the cybersecurity expertise requirements in 
referred to in subsection (c).''.
    (b) Updated Guidelines.--Not later than one year after the date of 
the enactment of this Act, the pipeline security section pipeline 
security division of the Transportation Security Administration 
established pursuant to section 1631 of the Homeland Security Act of 
2002, as added by subsection (a), shall publish updated guidelines 
described in subsection (d) of such section, except to the extent such 
guidelines have been superseded by directives or regulations.
    (c) Clerical Amendments.--The table of contents in section 1(b) of 
the Homeland Security Act of 2002 is amended by--
            (1) striking the item relating to section 1617 and 
        inserting the following new item:

``Sec. 1617. Diversified security technology industry marketplace.'';
            (2) by striking the item relating to section 1621 and 
        inserting the following new item:

``Sec. 1621. Maintenance validation and oversight.'';
            (3) inserting after the item relating to section 1621 the 
        following:

                    ``Subtitle D--Pipeline Security

``Sec. 1631.  Pipeline security section Pipeline security division.''.

SEC. 4. PERSONNEL STRATEGY.

    (a) In General.--Not later than 180 days after the date of the 
enactment of this Act, the Administrator of the Transportation Security 
Administration, in coordination with the Director of the Cybersecurity 
and Infrastructure Security Agency of the Department of Homeland 
Security, shall develop a personnel strategy for enhancing operations 
within the pipeline security section  pipeline security division of the 
Transportation Security Administration established pursuant to section 
1631 of the Homeland Security Act of 2002, as added by section 3.
    (b) Contents.--The strategy required under subsection (a) shall 
take into consideration the most recently published versions of each of 
the following documents:
            (1) The Transportation Security Administration National 
        Strategy for Transportation Security.
            (2) The Department of Homeland Security Cybersecurity 
        Strategy.
            (3) The Transportation Security Administration 
        Cybersecurity Roadmap.
            (4) The Department of Homeland Security Balanced Workforce 
        Strategy.
            (5) The Department of Homeland Security Quadrennial 
        Homeland Security Review.
    (c) Cybersecurity Expertise.--The strategy shall include an 
assessment of the cybersecurity expertise determined necessary by the 
Administrator of the Transportation Security Administration and a plan 
for developing such expertise within the Administration.
    (c) (d) Resources.--The strategy shall include an assessment of 
resources determined necessary by the Administrator of the 
Transportation Security Administration to carry out such strategy.
    (d) (e) Submission to Congress.--Upon development of the strategy, 
the Administrator of the Transportation Security Administration shall 
provide to the Committee on Homeland Security of the House of 
Representatives and the Committee on Commerce, Science, and 
Transportation of the Senate a copy of such strategy.

SEC. 5. OVERSIGHT.

    (a) Report to Congress.--The Administrator of the Transportation 
Security Administration shall report to the Committee on Homeland 
Security of the House of Representatives and the Committee on Commerce, 
Science, and Transportation of the Senate not less than annually on 
activities of the pipeline security section  pipeline security division 
of the Administration established pursuant to section 1631 of the 
Homeland Security Act of 2002, as added by section 3, including 
information with respect to guidelines, directives, regulations, 
security assessments, and inspections under such section. Each such 
report shall include a determination by the Administrator regarding 
whether there is a need for new regulations or non-regulatory 
initiatives and the basis for such determination.
    (b) GAO Review.--Not later than two years after the date of the 
enactment of this Act, the Comptroller General of the United States 
shall conduct a review of the implementation of this Act and the 
amendments made by this Act.

SEC. 6. STAKEHOLDER ENGAGEMENT.

    Not later than one year after the date of the enactment of this 
Act, the Administrator of the Transportation Security Administration 
shall convene not less than two industry days to engage with relevant 
pipeline transportation and pipeline facilities stakeholders on matters 
related to the security of pipeline transportation and pipeline 
facilities (as such terms are defined in section 60101 of title 49, 
United States Code).
                                                  Union Calendar No. 60

117th CONGRESS

  1st Session

                               H. R. 3243

                          [Report No. 117-85]

_______________________________________________________________________

                                 A BILL

 To codify the Transportation Security Administration's responsibility 
 relating to securing pipelines against cybersecurity threats, acts of 
   terrorism, and other nefarious acts that jeopardize the physical 
    security or cybersecurity of pipelines, and for other purposes.

_______________________________________________________________________

                             July 13, 2021

Reported with amendments, committed to the Committee of the Whole House 
          on the State of the Union, and ordered to be printed