[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 9469 Introduced in House (IH)]

<DOC>






118th CONGRESS
  2d Session
                                H. R. 9469

To amend the Homeland Security Act of 2002 to codify the Transportation 
Security Administration's responsibility relating to securing pipeline 
 transportation and pipeline facilities against cybersecurity threats, 
    acts of terrorism, and other nefarious acts that jeopardize the 
    physical security or cybersecurity of pipelines, and for other 
                               purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                           September 6, 2024

 Mr. Robert Garcia of California introduced the following bill; which 
           was referred to the Committee on Homeland Security

_______________________________________________________________________

                                 A BILL


 
To amend the Homeland Security Act of 2002 to codify the Transportation 
Security Administration's responsibility relating to securing pipeline 
 transportation and pipeline facilities against cybersecurity threats, 
    acts of terrorism, and other nefarious acts that jeopardize the 
    physical security or cybersecurity of pipelines, and for other 
                               purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Pipeline Security Act''.

SEC. 2. PIPELINE TRANSPORTATION AND PIPELINE FACILITIES SECURITY 
              RESPONSIBILITIES.

    (a) In General.--Section 114 of title 49, United States Code, is 
amended--
            (1) in subsection (f)--
                    (A) in paragraph (15), by striking ``and'' after 
                the semicolon at the end;
                    (B) by redesignating paragraph (16) as paragraph 
                (17); and
                    (C) by inserting after paragraph (15) the following 
                new paragraph:
            ``(16) maintain responsibility, in coordination with the 
        Director of the Cybersecurity and Infrastructure Security 
        Agency, as appropriate, for securing pipeline transportation 
        and pipeline facilities (as such terms are defined in section 
        60101 of this title) against cybersecurity threats (as such 
        term is defined in section 2200 of the Homeland Security Act of 
        2002 (6 U.S.C. 650)), acts of terrorism (as such term is 
        defined in section 3077 of title 18), and other security 
        threats; and'';
            (2) in subsection (w)(2)(B)--
                    (A) in clause (iii), by striking ``and'' after the 
                semicolon at the end;
                    (B) in clause (iv), by striking the period and 
                inserting ``; and''; and
                    (C) by adding at the end the following new clause:
    ``(v) ensuring the security of pipeline transportation and pipeline 
facilities (as such terms are defined in section 60101 of this title) 
against cybersecurity threats (as such term is defined in section 2200 
of the Homeland Security Act of 2002 (6 U.S.C. 650)), acts of terrorism 
(as such term is defined in section 3077 of title 18), and other 
security threats.''; and
            (3) by adding at the end the following new subsection:
    ``(y) Pipeline Transportation and Pipeline Facilities 
Responsibilities.--
            ``(1) In general.--In carrying out responsibilities to 
        secure pipeline transportation and pipeline facilities (as such 
        terms are defined in section 60101 of this title) pursuant to 
        subsection (f)(16), the Administrator of the Transportation 
        Security Administration shall carry out the following:
                    ``(A) Develop, in consultation with relevant 
                Federal, State, local, Tribal, and territorial entities 
                and public and private sector stakeholders, guidelines 
                for improving the security of pipeline transportation 
                and pipeline facilities against cybersecurity threats 
                (as such term is defined in section 2200 of the 
                Homeland Security Act of 2002 (6 U.S.C. 650)), acts of 
                terrorism (as such term is defined in section 3077 of 
                title 18), and other security threats, consistent with 
                the National Institute of Standards and Technology 
                Framework for Improvement of Critical Infrastructure 
                Cybersecurity, any update to such guidelines pursuant 
                to section 2(c)(15) of the National Institute for 
                Standards and Technology Act (15 U.S.C. 272(c)(15)), 
                and any other standard the Administrator considers 
                appropriate.
                    ``(B) Promulgate a security directive or regulation 
                that applies to pipeline transportation or pipeline 
                facilities, as appropriate.
                    ``(C) Share, as appropriate, with relevant Federal, 
                State, local, Tribal, and territorial entities and 
                public and private sector stakeholders, such 
                guidelines, security directives, and regulations and, 
                as appropriate, intelligence and information regarding 
                such security threats to pipeline transportation and 
                pipeline facilities.
                    ``(D) Conduct security assessments, as appropriate, 
                based on such guidelines, security directives, or 
                regulations to provide recommendations or requirements 
                for the improvement of the security of pipeline 
                transportation and pipeline facilities against 
                cybersecurity threats, acts of terrorism, and other 
                security threats, including the security policies, 
                plans, practices, and training programs maintained by 
                owners and operators of pipeline transportation and 
                pipeline facilities.
                    ``(E) Carry out a program through which the 
                Administrator identifies and ranks the relative 
                security risks to certain pipeline transportation and 
                pipeline facilities, and inspects pipeline 
                transportation and pipeline facilities based in part on 
                the designation by owners and operators of such 
                facilities as critical based on such guidelines, 
                security directives, or regulations.
            ``(2) Details.--The Administrator of the Transportation 
        Security Administration and the Director of the Cybersecurity 
        and Infrastructure Security Agency may detail personnel between 
        their components to leverage expertise.''.
    (b) Personnel Strategy.--
            (1) In general.--Not later than 180 days after the date of 
        the enactment of this Act, the Administrator of the 
        Transportation Security Administration, in consultation with 
        the Director of the Cybersecurity and Infrastructure Security 
        Agency of the Department of Homeland Security, shall develop a 
        personnel strategy (in this subsection referred to as the 
        ``strategy'') for carrying out the Administrator's 
        responsibilities to secure pipeline transportation and pipeline 
        facilities (as such terms are defined in section 60101 of title 
        49, United States Code), pursuant to paragraph (16) of section 
        114(f), and subsection (y) of section 114, of title 49, United 
        States Code, as added by subsection (a).
            (2) Contents.--The strategy may take into consideration the 
        most recently published versions of each of the following 
        documents:
                    (A) The Transportation Security Administration 
                National Strategy for Transportation Security.
                    (B) The Department of Homeland Security 
                Cybersecurity Strategy.
                    (C) The Transportation Security Administration 
                Cybersecurity Roadmap.
                    (D) The Department of Homeland Security Balanced 
                Workforce Strategy.
                    (E) The Department of Homeland Security Quadrennial 
                Homeland Security Review.
                    (F) Other relevant strategies or plans, as 
                appropriate.
            (3) Cybersecurity expertise.--The strategy shall include an 
        assessment of the cybersecurity expertise determined necessary 
        by the Administrator of the Transportation Security 
        Administration and a plan for expanding such expertise within 
        the Transportation Security Administration.
            (4) Resources.--The strategy shall include an assessment of 
        resources determined necessary by the Administrator of the 
        Transportation Security Administration to carry out such 
        strategy.
            (5) Submission to congress.--Upon development of the 
        strategy, the Administrator of the Transportation Security 
        Administration shall provide to the Committee on Homeland 
        Security of the House of Representatives and the Committee on 
        Commerce, Science, and Transportation and the Committee on 
        Homeland Security and Governmental Affairs of the Senate a copy 
        of such strategy.
    (c) Oversight.--
            (1) Report to congress.--The Administrator of the 
        Transportation Security Administration shall report to the 
        Committee on Homeland Security of the House of Representatives 
        and the Committee on Commerce, Science, and Transportation and 
        the Committee on Homeland Security and Governmental Affairs of 
        the Senate not less frequently than biennially on activities of 
        the of the Administration to carry out responsibilities to 
        secure pipeline transportation and pipeline facilities (as such 
        terms are defined in section 60101 of title 49, United States 
        Code) pursuant to paragraph (16) of section 114(f), and 
        subsection (y) of section 114, of title 49, United States Code, 
        as added by subsection (a), including information with respect 
        to guidelines, directives, regulations, security assessments, 
        and inspections. Each such report shall include a determination 
        by the Administrator regarding whether there is a need for new 
        regulations or non-regulatory initiatives and the basis for 
        such determination.
            (2) GAO review.--Not later than two years after the date of 
        the enactment of this Act, the Comptroller General of the 
        United States shall conduct a review of the implementation of 
        this Act.
    (d) Stakeholder Engagement.--Not later than one year after the date 
of the enactment of this Act, the Administrator of the Transportation 
Security Administration shall convene at least one industry day to 
engage with relevant pipeline transportation and pipeline facilities 
stakeholders on matters related to the security of pipeline 
transportation and pipeline facilities (as such terms are defined in 
section 60101 of title 49, United States Code).
                                 <all>