[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]









         PIPELINES: SECURING THE VEINS OF THE AMERICAN ECONOMY

=======================================================================

                                HEARING

                               before the

                            SUBCOMMITTEE ON
                        TRANSPORTATION SECURITY

                                 of the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED FOURTEENTH CONGRESS

                             SECOND SESSION

                               __________

                             APRIL 19, 2016

                               __________

                           Serial No. 114-64

                               __________

       Printed for the use of the Committee on Homeland Security
                                     

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
                                     

      Available via the World Wide Web: http://www.gpo.gov/fdsys/
                               __________
                               
  
                         U.S. GOVERNMENT PUBLISHING OFFICE 

22-757 PDF                     WASHINGTON : 2016 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Publishing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001                             
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               

                     COMMITTEE ON HOMELAND SECURITY

                   Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas                   Bennie G. Thompson, Mississippi
Peter T. King, New York              Loretta Sanchez, California
Mike Rogers, Alabama                 Sheila Jackson Lee, Texas
Candice S. Miller, Michigan, Vice    James R. Langevin, Rhode Island
    Chair                            Brian Higgins, New York
Jeff Duncan, South Carolina          Cedric L. Richmond, Louisiana
Tom Marino, Pennsylvania             William R. Keating, Massachusetts
Lou Barletta, Pennsylvania           Donald M. Payne, Jr., New Jersey
Scott Perry, Pennsylvania            Filemon Vela, Texas
Curt Clawson, Florida                Bonnie Watson Coleman, New Jersey
John Katko, New York                 Kathleen M. Rice, New York
Will Hurd, Texas                     Norma J. Torres, California
Earl L. ``Buddy'' Carter, Georgia
Mark Walker, North Carolina
Barry Loudermilk, Georgia
Martha McSally, Arizona
John Ratcliffe, Texas
Daniel M. Donovan, Jr., New York
                   Brendan P. Shields, Staff Director
                    Joan V. O'Hara,  General Counsel
                    Michael S. Twinchek, Chief Clerk
                I. Lanier Avant, Minority Staff Director
                                 ------                                

                SUBCOMMITTEE ON TRANSPORTATION SECURITY

                     John Katko, New York, Chairman
Mike Rogers, Alabama                 Kathleen M. Rice, New York
Earl L. ``Buddy'' Carter, Georgia    William R. Keating, Massachusetts
Mark Walker, North Carolina          Donald M. Payne, Jr., New Jersey
John Ratcliffe, Texas                Bennie G. Thompson, Mississippi 
Michael T. McCaul, Texas (ex             (ex officio)
    officio)
             Krista P. Harvey, Subcommittee Staff Director
                   John Dickhaus, Subcommittee Clerk
         Cedric C. Haynes, Minority Subcommittee Staff Director
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable John Katko, a Representative in Congress From the 
  State of New York, and Chairman, Subcommittee on Transportation 
  Security:
  Oral Statement.................................................     1
  Prepared Statement.............................................     2
The Honorable Kathleen M. Rice, a Representative in Congress From 
  the State of New York, and Ranking Member, Subcommittee on 
  Transportation Security:
  Oral Statement.................................................     3
  Prepared Statement.............................................     4
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Ranking Member, Committee on 
  Homeland Security:
  Prepared Statement.............................................     5

                               Witnesses

Ms. Sonya Proctor, Surface Division Director, Office of Security 
  Policy and Industry Engagement, Transportation Security 
  Administration, U.S. Department of Homeland Security:
  Oral Statement.................................................     5
  Prepared Statement.............................................     7
Mr. Andrew J. Black, President and CEO, Association of Oil Pipe 
  Lines:
  Oral Statement.................................................     9
  Prepared Statement.............................................    11
Ms. Kathleen S. Judge, Director of Risk and Compliance for Global 
  Security, National Grid, Testifying on Behalf of the American 
  Gas Association:
  Oral Statement.................................................    13
  Prepared Statement.............................................    15
Mr. Paul W. Parfomak, Specialist in Energy and Infrastructure 
  Policy, Congressional Research Service, Library of Congress:
  Oral Statement.................................................    22
  Prepared Statement.............................................    23

                                Appendix

Questions From Ranking Member Bennie G. Thompson for Sonya 
  Proctor........................................................    45
Question From Ranking Member Bennie G. Thompson for Kathleen S. 
  Judge..........................................................    45
Questions From Ranking Member Bennie G. Thompson for Paul W. 
  Parfomak.......................................................    46
 
         PIPELINES: SECURING THE VEINS OF THE AMERICAN ECONOMY

                              ----------                              


                        Tuesday, April 19, 2016

             U.S. House of Representatives,
                    Committee on Homeland Security,
                   Subcommittee on Transportation Security,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 2:24 p.m., in 
Room 311, Cannon House Office Building, Hon. John Katko 
[Chairman of the subcommittee] presiding.
    Present: Representatives Katko, Rogers, Carter, Ratcliffe, 
and Rice.
    Mr. Katko. The Committee on Homeland Security, Subcommittee 
on Transportation Security will come to order. The subcommittee 
is meeting today to examine how the Transportation Security 
Administration works with pipeline stakeholders to secure this 
critical infrastructure.
    I now recognize myself for an opening statement. Over 2.6 
million miles of pipeline run through the United States 
carrying oil and natural gas operated by approximately 3,000 
companies. The integrity of this complex network of pipelines 
is critical not only to our economy, but in keeping our cars 
running and our stoves burning. Following the creation of the 
Department of Homeland Security, responsibility for pipeline 
security shifted to the TSA, while the Department of 
Transportation retained responsibility for pipeline safety. 
Although the terms safety and security are often used 
interchangeably, the root causes for concern behind each of 
these concepts are fundamentally different and warrant 
differing approaches.
    While safety focuses on preventing and responding to 
accidents, security aims to thwart malicious actors with ill 
intentions from damaging or disrupting pipeline operations. The 
threat to pipeline security has been deemed relatively low by 
the intelligence community. This is largely due to security 
measures put in place by operators and the extent to which a 
vast majority of the U.S. pipeline network is buried 
underground. However, we must remain diligent. Just because 
terrorists have not yet targeted pipelines for an attack does 
not mean they will not in the future. In addition to physical 
attacks, we must also guard against cyber attacks.
    Our adversaries, including North Korea, China, Russia, and 
Iran have shown a proclivity for launching sophisticated cyber 
attacks against U.S. companies, banks, and critical 
infrastructure. In March the Justice Department indicted 
members of Iran's Revolutionary Guard for hacking the 
operational control system of a small dam in my home State of 
New York.
    While there is no evidence that hackers had been able to 
penetrate the industrial systems of pipelines, there have been 
several high-profile incidents where the systems of global 
energy companies have been compromised and sensitive 
information fell into the wrong hands. As hackers become more 
sophisticated, we cannot discount the possibility that they may 
one day seek to intrude on the industrial control systems, 
disrupting the flow of oil and natural gas. Although TSA has 
the authority to regulate pipeline security, they have chosen 
instead to pursue a more collaborative approach with the 
industry. That could serve as a model for other parts of the 
Government. However, I am concerned that TSA has not issued any 
updates to the pipeline security guidelines since 2011.
    I look forward to learning more about how TSA and industry 
stakeholders work together to ensure the security of our 
Nation's pipelines. Although I must say I am preliminarily 
encouraged that all sides seem to be happy with the current 
arrangement.
    I would like to thank everyone for being here today, and I 
look forward to hearing the testimony from our distinguished 
panel of witnesses.
    With that I now recognize my Ranking Member of the 
subcommittee, the gentlewoman from New York, Miss Rice, for any 
statements she may have.
    [The statement of Chairman Katko follows:]
                    Statement of Chairman John Katko
                             April 19, 2016
    Over 2.6 million miles of pipeline run through the United States 
carrying oil and natural gas operated by approximately 3,000 companies. 
The integrity of this complex network of pipelines is critical not only 
to our economy, but in keeping our cars running and our stoves burning.
    Following the creation of the Department of Homeland Security, 
responsibility for pipeline security shifted to the Transportation 
Security Administration while the Department of Transportation retained 
responsibility for pipeline safety. Although, the terms ``safety'' and 
``security'' are often used interchangeably, the root causes for 
concern behind each of these concepts are fundamentally different and 
warrant differing approaches. While safety focuses on preventing and 
responding to accidents, security aims to thwart malicious actors with 
ill intentions from damaging or disrupting pipeline operations.
    The threat to pipeline security has been deemed relatively low by 
the intelligence community. This is largely due to security measures 
put in place by operators and the extent to which a vast majority of 
the U.S. pipeline network is buried underground. However, we must 
remain diligent. Just because terrorists have not yet targeted 
pipelines for an attack does not mean they will not in the future.
    In addition to physical attacks, we must also guard against cyber 
attacks. Our adversaries, including North Korea, China, Russia, and 
Iran, have shown a proclivity for launching sophisticated cyber attacks 
against U.S. companies, banks, and critical infrastructure.
    In March, the Justice Department indicted members of Iran's 
Revolutionary Guard Corps for hacking the operational control system of 
a small dam in my home State of New York. While there is no evidence 
that hackers have been able to penetrate the industrial control systems 
of pipelines, there have been several high-profile incidents where the 
systems of global energy companies have been compromised and sensitive 
information fell into the wrong hands. As hackers become more 
sophisticated, we cannot discount the possibility that they may one day 
seek to intrude on the industrial control systems, disrupting the flow 
of oil and natural gas.
    Although TSA has the authority to regulate pipeline security, they 
have chosen instead to pursue a more collaborative approach with the 
industry, that could serve as a model for other parts of the 
Government.
    However, I am concerned that TSA has not issued an update to the 
Pipeline Security Guidelines since 2011. I look forward to learning 
more about how TSA and industry stakeholders work together to ensure 
the security of our Nation's pipelines.
    I would like to thank everyone for being here today. I look forward 
to hearing the testimony from our distinguished panel of witnesses.

    Mr. Katko. With that I now recognize my Ranking Member of 
the subcommittee, the gentlewoman from New York, Miss Rice, for 
any statements she may have.
    Miss Rice. Thank you, Mr. Chairman. Thank you for convening 
this hearing. I would also like to thank the witnesses for 
coming to talk with us about the current state of pipeline 
security, as well as the major threats facing the industry, and 
the biggest vulnerabilities that need to be addressed. I 
understand that it has been several years since this committee 
last held a hearing on our Nations pipelines. So I think it is 
important that we are here today to examine how TSA implements 
and enforces policies regarding pipeline security, as well as 
the steps the industry takes on their own initiative.
    Last week we held a roundtable briefing with stakeholders 
in the oil and natural gas pipeline industry. I was impressed 
by the confidence they have in their relationship with TSA. 
They appreciate that TSA understands there is no one-size-fits-
all approach to pipeline security. I was pleased to hear that 
TSA and the pipeline industry have that kind of constructive 
partnership with open and honest communication. Because there 
is no question that pipelines are a potential target.
    With more than 2.5 million miles of pipelines carrying gas, 
oil, and other hazard materials across the country, an attack 
against a pipeline could cause major commercial and 
environmental damage. So it is important that the policies and 
procedures we put in place, to secure pipelines, reflect the 
magnitude of that threat. I understand that rather than issuing 
regulations, TSA has implemented several initiatives like the 
Corporate Security Review, during which TSA visits the largest 
pipeline operators to examine their facilities and their 
security plans. I am interested to learn more about that 
process, how often TSA conducts theses reviews, and what 
resources they use to inspect pipeline operators.
    I would also like to know whether or not TSA receives input 
from DHS's National Protection and Programs Directorate when 
dealing with pipeline security, both physical and cyber. During 
our roundtable discussion last week, it was clear that when it 
comes to eliminating vulnerabilities, stakeholders are focused 
primarily on cybersecurity. Pipeline operators use supervisory 
control and data acquisition systems to remotely control and 
observe pipelines.
    Cybersecurity is a top priority right now for many 
industries and Government agencies. So I hope to hear more from 
our witnesses about what pipeline operators are doing to better 
protect their cyber infrastructure, and how TSA is supporting 
those efforts, and helping to raise awareness about cyber 
vulnerabilities. I know that TSA holds regular conference calls 
with stakeholders so they can share information and keep open 
lines of communication.
    I would like to hear from our witnesses about how that 
process works, and whether TSA is providing the actionable 
information they need to be prepared to identify and address 
vulnerabilities.
    Thankfully there have not been any successful attacks 
against our Nation's pipeline systems. But there have been 
attempts, like in 2007 when 3 men were arrested for plotting to 
blow up fuel tanks and pipelines at JFK Airport in New York, 
which is just outside my district. We must remain cognizant of 
the fact that terrorists are always looking to exploit 
vulnerabilities, and our pipelines are a major target. So we 
have to always stay 2 steps ahead.
    Again, I want to thank all of our witnesses for being here 
to assist us in that effort. I thank Chairman Katko for 
convening this hearing. I look forward to a productive 
discussion today. I yield back the balance of my time.
    [The prepared statement of Ranking Member Rice follows:]
              Statement of Ranking Member Kathleen M. Rice
                             April 19, 2016
    I understand that it's been several years since this committee last 
held a hearing on our Nation's pipelines, so I think it's important 
that we're here today to examine how TSA implements and enforces 
policies regarding pipeline security, as well as the steps the industry 
takes on their own initiative.
    Last week, we held a roundtable briefing with stakeholders in the 
oil and natural gas pipeline industry, and I was impressed by the 
confidence they have in their relationship with TSA. They appreciate 
that TSA understands there's no one-size-fits-all approach to pipeline 
security.
    I was pleased to hear that TSA and the pipeline industry have that 
kind of constructive partnership with open and honest communication--
because there's no question that pipelines are a potential target. With 
more than 2.5 million miles of pipelines carrying gas, oil, and other 
hazardous materials across the country, an attack against a pipeline 
could cause major commercial and environmental damage. So it's 
important that the policies and procedures we put in place to secure 
pipelines reflect the magnitude of that threat.
    I understand that rather than issuing regulations, TSA has 
implemented several initiatives like the Corporate Security Review--
during which, TSA visits the largest pipeline operators to examine 
their facilities and security plans. I'm interested to learn more about 
that process--how often TSA conducts these reviews, and what resources 
they use to inspect pipeline operators.
    I'd also like to know whether or not TSA receives input from DHS's 
National Protection and Programs Directorate when dealing with pipeline 
security--both physical and cyber. During our roundtable discussion 
last week, it was clear that when it comes to eliminating 
vulnerabilities, stakeholders are focused primarily on cybersecurity. 
Pipeline operators use supervisory control and data acquisition systems 
to remotely control and observe pipelines.
    Cybersecurity is a top priority right now for many industries and 
Government agencies--so I hope to hear more from our witnesses about 
what pipeline operators are doing to better protect their cyber 
infrastructure, and how TSA is supporting those efforts and helping to 
raise awareness about cybervulnerabilities.
    I know that TSA holds regular conference calls with stakeholders so 
they can share information and keep open lines of communication. I'd 
like to hear from our witnesses about how that process works, and 
whether TSA is providing the actionable information they need to be 
prepared to identify and address vulnerabilities.
    Thankfully, there have not been any successful attacks against our 
Nation's pipeline systems, but there have been attempts--like in 2007, 
when 3 men were arrested for plotting to blow up fuel tanks and 
pipelines at JFK Airport in New York just outside my district. We must 
remain cognizant of the fact that terrorists are always looking to 
exploit vulnerabilities, and our pipelines are a major target--so we 
have to always stay 2 steps ahead.

    Mr. Katko. Thank you, Miss Rice. Other Members of the 
committee are reminded that opening statements may be submitted 
for the record.
    [The statement of Ranking Member Thompson follows:]
             Statement of Ranking Member Bennie G. Thompson
                             April 19, 2016
    The Transportation Security Administration is well-known for its 
role in commercial aviation security. However, TSA's responsibility 
includes oversight of various modes of transportation, including 
transportation of natural gasses, hazardous liquids, and toxic 
inhalation hazard pipelines across the United States.
    This hearing today is long overdue. The subcommittee has not had a 
public hearing on pipeline security since 2010. In the past, this 
committee has stated its intention to explore pipeline security under 
our oversight functions, but time and again, the committee pivoted to 
other matters.
    Although there have been no successful attacks on U.S. pipelines, 
it is important that the United States remain vigilant. Pipelines are 
subject to both physical and cyber attacks.
    With nearly 3 million miles of pipelines traversing the Nation, it 
is important that the committee learns what the both the public and 
private sectors are doing to ensure that bad actors who want to cause 
devastation to our Nation's economy and critical infrastructure are not 
able to do so.
    I would like to thank the witnesses for appearing before us today 
and providing testimony on this subject. Ms. Proctor, I look forward to 
learning more about how TSA works with the private sector to address 
pipeline security vulnerabilities.
    Mr. Black, I look forward to understanding the perspective of the 
owners and operators of pipelines, and particularly hearing about your 
concerns with your response plan submissions and the potential impact 
of those who wish to do us harm gaining access to the sensitive 
information contained within these plans.
    Ms. Judge, I was pleased to read in your testimony that you believe 
TSA's role in facilitating the public-private partnership to address 
pipeline security offers a healthy level of collaboration, support, and 
achievement. I look forward to your testimony.
    Finally, Mr. Parfomak, your expertise regarding the landscape of 
pipeline security and the historical context and possible implications 
is greatly appreciated, and we thank you for participating in the 
discussion today.

    Mr. Katko. We are pleased to have a distinguished panel of 
witnesses before us today on this important topic.
    The first witness, Ms. Sonya Proctor, currently serves as a 
surface division director in the Office of Security Policy and 
Industry Engagement at TSA. That must take a very big business 
card to fit that title on there. The Chair now recognizes Ms. 
Proctor to testify.

 STATEMENT OF SONYA PROCTOR, SURFACE DIVISION DIRECTOR, OFFICE 
  OF SECURITY POLICY AND INDUSTRY ENGAGEMENT, TRANSPORTATION 
 SECURITY ADMINISTRATION, U.S. DEPARTMENT OF HOMELAND SECURITY

    Ms. Proctor. Thank you. Chairman Katko, Ranking Member 
Rice, and Members of the subcommittee thank you for the 
opportunity to appear before you today to discuss the TSA's 
role in securing our Nation's pipelines. The pipeline network 
is critical to the U.S. economy. More than 2.5 million miles of 
pipelines transport natural gas, refined petroleum products, 
and other commercial products throughout the country. As 
evidenced by recent attacks in Brussels and elsewhere, the 
terrorist threat is increasingly complex and diffuse, with the 
potential for actors to become radicalized and carry out an 
attack with little warning.
    An attack against a pipeline system could result in loss of 
life and significant economic effects. To ensure we remain 
vigilant, TSA works closely with the pipeline industry which 
consists of approximately 3,000 private companies who own and 
operate the Nation's pipelines. Pipeline system owners and 
operators maintain direct responsibility for securing pipeline 
systems.
    TSA's role is to support owners and operators by 
identifying threats, developing security programs to address 
those threats, and encouraging and assisting the implementation 
of those security programs. Along with the Department of 
Transportation, TSA co-chairs the Pipeline Government 
Coordinating Council to facilitate information sharing and 
coordinate on security assessments, training, and exercises. 
TSA and DOT's Pipeline and Hazardous Materials Safety 
Administration, or PHMSA, work together to integrate pipeline 
safety and security priorities, as measures installed by 
pipeline owners and operators often benefit both safety and 
security.
    TSA engages pipeline industry stakeholders through the 
Pipeline Sector Coordinating Council, which provides a primary 
point of entry for industry representatives to discuss a range 
of pipeline issues with Government. To assist pipeline owners 
and operators in securing their systems, TSA has developed and 
distributed security training for industry employees and 
partners. Additionally, with the assistance of industry and 
Government partners, TSA developed the TSA Pipeline Security 
Guidelines to provide a structure for industry to voluntarily 
use in developing security plans and programs.
    Assessment results show that implementation of this 
guidance has enhanced critical infrastructure security 
throughout the country. TSA works with industry partners to 
assess and mitigate vulnerabilities through exercises, 
assessments, and inspections. TSA facilitates intermodal 
security training and exercise program, or I-STEP, exercises to 
help pipeline operators test their security plans, prevention 
and preparedness capabilities, threat response, and cooperation 
with first responders. To identify shortfalls in pipeline 
security and enhance industry practices, TSA conducts corporate 
and physical security reviews with pipeline operators.
    Pipeline owners and operators welcome these voluntary 
reviews, as they appreciate the value of secure systems. TSA 
has conducted over 140 corporate security reviews of operators' 
security policies, plans, and programs since 2002, and over 400 
physical security reviews of critical facilities since 2008.
    TSA supports Department of Homeland Security cybersecurity 
efforts in support of the National Institute of Standards and 
Technology cybersecurity framework, and is coordinating a 
voluntary cyber assessment program, with the Federal Energy 
Regulatory Commission, to examine pipeline operators' 
cybersecurity programs. TSA works closely with the pipeline 
industry to identify and reduce cybersecurity vulnerabilities, 
including facilitating Classified briefings to increase 
industry's awareness of cyber threats.
    In conclusion, TSA works closely with industry and 
Government stakeholders to secure the Nation's pipeline systems 
from terrorist attacks through the development and 
implementation of intelligence-driven, risk-based policies, and 
programs.
    Thank you for the subcommittee's support of TSA's goals. I 
look forward to your questions.
    [The prepared statement of Ms. Proctor follows:]
                  Prepared Statement of Sonya Proctor
                             April 19, 2016
    Good afternoon Chairman Katko, Ranking Member Rice, and 
distinguished Members of the subcommittee. I appreciate the opportunity 
to appear before you today to discuss the Transportation Security 
Administration's (TSA) role in securing our Nation's pipeline systems.
    The pipeline network is critical to the economy and security of the 
United States. More than 2.5 million miles of pipelines transport 
natural gas, refined petroleum products, and other commercial products 
throughout the country. In addition to the pipelines themselves, the 
system includes critical facilities such as compressor and pumping 
stations, metering and regulator stations, breakout tanks, and the 
automated systems used to monitor and control them. As evidenced by 
recent attacks in Brussels, Paris, and elsewhere, the terrorist threat 
has grown increasingly complex and diffuse, with the potential for 
terrorist actors to become radicalized and carry out an attack with 
little warning. An attack against a pipeline system could result in 
loss of life and have significant economic effects.
    To ensure we remain vigilant, TSA works closely with the pipeline 
industry, which consists of approximately 3,000 private companies who 
own and operate the Nation's pipelines. Because they are usually 
unstaffed, securing pipeline facilities requires a collaborative 
approach across Government and industry. TSA has established effective 
working relationships to ensure strong communication and sharing of 
intelligence, training resources, best practices, and security 
guidelines. Pipeline system owners and operators maintain direct 
responsibility for securing pipeline systems. TSA's role is to support 
owners and operators by identifying threats, developing security 
programs to address those threats, and encouraging and assisting the 
implementation of those security programs.
                         stakeholder engagement
    TSA has established a productive public-private partnership with 
Government partners and the pipeline industry to secure the transport 
of natural gas and hazardous liquids. On behalf of the Department of 
Homeland Security (DHS), TSA serves as a co-Sector-Specific Agency 
alongside the Department of Transportation (DOT) and the United States 
Coast Guard (USCG) for the transportation sector. As part of the DHS-
led Critical Infrastructure Partnership Advisory Council framework, TSA 
and DOT co-chair the Pipeline Government Coordinating Council to 
facilitate information sharing and coordinate on activities including 
security assessments, training, and exercises. TSA and DOT's Pipeline 
and Hazardous Materials Safety Administration (PHMSA) work together to 
integrate pipeline safety and security priorities, as measures 
installed by pipeline owners and operators often benefit both safety 
and security.
    TSA engages pipeline industry stakeholders through the Pipeline 
Sector Coordinating Council (SCC), which provides a primary point of 
entry for industry representatives to discuss a range of pipeline 
security strategies, policies, activities, and issues with Government. 
To eliminate the need for multiple meetings with the same security 
partners, TSA worked closely with the Department of Energy to ensure 
the Pipeline SCC also functions as the Pipeline Working Group within 
the Energy Oil and Natural Gas Sector.
    Since the United States imports more petroleum from Canada than any 
other nation, much of it through pipelines, TSA works closely with our 
Canadian security counterparts to secure the U.S.-Canadian cross-border 
pipeline network. TSA and the Canadian National Energy Board coordinate 
closely on pipeline security matters to include exchanging information 
on assessment procedures, exercises, and security incidents. Since 
2005, TSA and Natural Resources Canada have cosponsored the 
International Pipeline Security Forum, an annual 2-day conference that 
enhances the security domain awareness of hazardous liquid and natural 
gas pipeline operators and provides opportunities for discussion of 
major domestic and international pipeline security issues. 
Administrator Neffenger had the pleasure of attending last year's 
Forum, and enjoyed the opportunity to engage with key industry leaders 
and learn more about their operations. The Forum presents a unique 
opportunity for TSA to directly engage with a large number of pipeline 
industry leaders from the United States and Canada, as well as key 
government and law enforcement partners. Approximately 160 attendees 
participate in the annual Forum, including pipeline system owners and 
operators, pipeline trade associations, U.S. and Canadian government 
officials, and members of the security, intelligence, and law 
enforcement communities from the United States, Canada, and other 
countries.
                    security training and guidelines
    To assist pipeline owners and operators in securing their systems, 
TSA developed and distributed security training for industry employees 
and partners to increase domain awareness and ensure security expertise 
is widely shared. TSA's pipeline security training products include a 
security awareness training program highlighting signs of terrorism and 
each employee's role in reporting suspicious activity, an improvised 
explosive device awareness video for employees, and an introduction to 
pipeline security for law enforcement officers.
    Additionally, TSA developed the TSA Pipeline Security Guidelines to 
provide a security structure for pipeline owners and operators to 
voluntarily use in developing their security plans and programs. The 
guidelines also serve as a standard for TSA's pipeline security 
assessments. TSA developed the guidelines with the assistance of 
industry and Government members of the Pipeline Sector and Government 
Coordinating Councils, pipeline trade associations, cybersecurity 
specialists, and other interested parties. Wide-spread implementation 
of this guidance by the pipeline industry has enhanced critical 
infrastructure security throughout the country. TSA is currently 
working with stakeholders to update these guidelines. The guidance has 
served as a template for entities establishing a corporate security 
program and has resulted in an increase in the quality of those 
programs reviewed by TSA. Since the publication of the guidelines, TSA 
has also seen an increase in the number of pipeline operators 
conducting security drills and exercises, an increase in coordination 
with local law enforcement agencies, and an increase in the number of 
operators conducting security vulnerability assessments of their 
critical facilities, all of which are recommended in the guidelines.
                exercises, assessments, and inspections
    TSA works with industry partners to assess and mitigate 
vulnerabilities, and improve security through collaborative efforts 
including exercises, assessments, and inspections. With the support of 
Congress, TSA developed the Intermodal Security Training and Exercise 
Program (I-STEP). TSA facilitates I-STEP exercises across all surface 
modes, including pipelines, to help operators test their security 
plans, prevention and preparedness capabilities, threat response, and 
cooperation with first responders. TSA uses a risk-informed process to 
select the entities that receive I-STEP exercises and updates I-STEP 
scenarios as new threats emerge to ensure industry partners are 
prepared to exercise the most appropriate countermeasures.
    To identify shortfalls in pipeline security and develop programs 
and policies to enhance industry security practices, TSA conducts both 
corporate and physical security reviews with pipeline operators. While 
these reviews are voluntary, they have been welcomed by pipeline owners 
and operators who appreciate the value resulting from securing their 
systems.
    Working with key executives and security personnel, TSA conducts 
the Corporate Security Review (CSR) program, which provides a company-
wide assessment of operators' security policies, plans, and programs. 
Upon completion of each CSR, TSA provides recommendations to the 
company to enhance its physical and cybersecurity policies and plans. 
TSA has conducted over 140 CSRs since 2002, including 6 CSRs in fiscal 
year 2015 and 4 to date in fiscal year 2016, with an additional 4 
scheduled for completion by the end of the fiscal year. TSA has 
completed reviews of all 100 highest-risk pipeline systems and is now 
conducting return visits to evaluate the implementation status of 
previous security recommendations.
    TSA conducts field-based physical security reviews to assess 
security measures in place at pipeline critical facilities. The 
Implementing Recommendations of the 9/11 Commission Act of 2007 (Public 
Law 110-53) required TSA to develop and implement a plan for inspecting 
the critical facilities of the top 100 pipeline systems in the Nation. 
TSA conducted these required inspections between 2008 and 2011 through 
the Critical Facility Inspection program and is continuing the effort 
through TSA's Critical Facility Security Review (CFSR) program. Since 
2008, TSA has conducted over 400 physical security reviews of critical 
facilities, with 46 CFSRs completed in fiscal year 2015 and 21 
completed to date in fiscal year 2016, with 16 more expected to be 
completed by the end of this fiscal year.
                             cybersecurity
    In the pipeline mode, TSA supports DHS cybersecurity efforts in 
support of the National Institute of Standards and Technology 
Cybersecurity Framework. The cybersecurity framework is designed to 
provide a foundation that industry to better manage and reduce their 
cyber risk. TSA shares information and resources with its industry 
stakeholders to support their adoption of the framework. TSA also 
distributed a cybersecurity toolkit developed from DHS Critical 
Infrastructure Cyber Community C3 Voluntary Program materials and 
designed to offer the pipeline industry an array of no-cost resources, 
recommendations, and security practices. Additionally, within the 
pipeline industry, TSA is coordinating a voluntary cyber-assessment 
program with the Federal Energy Regulatory Commission to examine 
pipeline operators' cybersecurity programs. TSA works closely with the 
pipeline industry to identify and reduce cybersecurity vulnerabilities, 
including facilitating Classified briefings to increase industry's 
awareness of cyber threats.
                               conclusion
    Through voluntary programs and extensive engagement and 
collaboration, TSA works closely with Government and industry 
stakeholders to secure the Nation's pipeline systems from terrorist 
attacks. TSA shares information with pipeline owners and operators, 
develops and distributes training materials and security guidelines, 
conducts security exercises, assessments, and inspections, resulting in 
an enhanced security posture throughout the pipeline industry. TSA 
continues to augment its efforts in the face of an evolving threat 
through the development and implementation of intelligence-driven, 
risk-based policies and programs. Thank you for the subcommittee's 
support of TSA's goals and the opportunity to discuss these important 
issues.

    Mr. Katko. Thank you, Ms. Proctor. I will note that 
oftentimes we are here to deal with problems related to TSA. 
But it appears that this program is working remarkably well, 
and it is reflective of your efforts so we appreciate that.
    Now the next witness is Mr. Andrew Black who currently 
serves as president and CEO of the Association of Oil Pipe 
Lines. Prior to joining AOPL, Mr. Black served as a director of 
Federal Government relations at El Paso Energy, where I served 
long ago as a Federal prosecutor in El Paso back in the 1990s, 
and deputy staff director for the House Committee on Energy and 
Commerce. The Chair now recognizes Mr. Black to testify.

STATEMENT OF ANDREW J. BLACK, PRESIDENT AND CEO, ASSOCIATION OF 
                         OIL PIPE LINES

    Mr. Black. Chairman and Ranking Member, thanks for the 
invitation. Thanks for your great opening statements, which I 
thought you captured very well, the program and its benefits.
    AOPL represents the owners and operators of the pipelines 
that bring to American workers and consumers crude oil, refined 
products like gasoline, diesel fuel, and jet fuel, and natural 
gas liquids such as propane and ethane. I am also testifying 
today on behalf of the American Petroleum Institute which 
represents the broader oil and gas industry, including 
pipelines. The security of our pipeline systems is a top 
priority for pipeline operators. We share TSA's goal of 
pipeline security, and work hard to secure our facilities and 
networks. Our members appreciate the constructive approach the 
TSA Pipeline Security Division takes.
    Pipeline operators carefully review TSA's pipeline security 
guidelines and pipeline security smart practice observations 
when designing and maintaining security plans. Operators host 
TSA for corporate security reviews and pipeline security 
inspections, which our members tell us are challenging and 
pragmatic. Follow-up discussions often result in specific 
improvements to the operator's security program. We do not 
today ask for any legislative changes regarding TSA's pipeline 
security programs.
    We participate in the Oil and Natural Gas Sector 
Coordinating Council and the Pipeline Sector Coordinating 
Council which provide opportunities for Classified and 
Unclassified discussions of pipeline security threats. 
Operators participate in TSA pipeline security stakeholder 
calls to develop industry-wide awareness of issues seen by TSA 
and by pipeline operators.
    To defend their systems against cyber attacks, pipeline 
operators follow API standard 1164 for pipeline data security. 
The standard requires operators to maintain systems for 
controlling pipeline operations separate and apart from 
business systems with internet access and helps operators 
protect systems in a rapidly changing and increasingly complex 
cyber environment. The broader oil and natural gas industry has 
also created several information sharing forms, including the 
oil and natural gas information sharing and analysis center or 
ONG-ISAC to share threat indicators, alerts, and information to 
identify emerging cyber threats. API has developed several 
other standards and programs to promote a culture of security, 
both physical and cyber, listed in my written testimony.
    I want to bring to the subcommittee's attention a pending 
policy issue of significant security implications. Pipeline 
operators prepare and submit to the U.S. DOT PHMSA, our safety 
regulator, oil spill response plans. These response plans 
contain sensitive security information such as worst-case spill 
scenarios, first responder operational information, and 
pipeline control system locations and information. As Members 
of this subcommittee can appreciate, this information would 
provide a blueprint for a terrorist attack on pipeline 
infrastructure.
    In 2012, Congress authorized PHMSA specifically to redact 
this sensitive security information when making response plans 
public in response to FOIA requests. However, a provision in 
the recent Pipeline Safety Reauthorization bill passed by the 
Senate could allow the public to gain access to pipeline 
security information that terrorists could use to plan an 
attack.
    An amendment adopted in committee would require PHMSA to 
provide to Congress upon request unredacted copies of oil 
pipeline response plans. We support Congress exercising its 
role over PHMSA, its oversight role, and do not object to 
Congressional committees receiving these plans. Unfortunately, 
however, as 2276 does not provide clear or specific protections 
against public disclosure of security sensitive response plan 
information obtained by Congress.
    PHMSA has explained this information, ``if disclosed would 
be of significant operational utility to a person seeking to 
harm the pipeline infrastructure of the U.S.'' Like PHMSA, we 
believe this information must be protected from public 
disclosure because of the security risks. We are ready to 
discuss this with this and other committees as pipeline safety 
legislation moves forward.
    Finally, there is a growing pipeline security issue that 
operators are watching closely. Opponents to pipeline projects 
in Canada are breaking into pipeline facilities, tampering with 
valves, and locking themselves to equipment as part of theirs 
protests. There were 4 recent incidents on 1 pipeline, and a 
fifth on another. These actions could harm an operator's 
ability to respond to an incident. Could even unintentionally 
result in a pipeline release impacting the public and the 
environment. Information from unredacted response plans may 
have helped some Canadian protestors in choosing where and how 
to obstruct a pipeline's activities. Information circulated 
for, or by pipeline opponents, can easily reach terrorist 
organizations who might intentionally use this information to 
harm the public.
    I encourage Congress to keep these new threats in mind when 
reviewing unredacted response plans and determining how the 
important information within them should be withheld from 
public disclosure.
    I thank the subcommittee for considering these issues and 
be happy to respond to any questions.
    [The prepared statement of Mr. Black follows:]
                 Prepared Statement of Andrew J. Black
                             April 19, 2016
    Thank you for holding this hearing and for inviting me to testify.
    I am Andy Black, president and CEO of the Association of Oil Pipe 
Lines (AOPL). AOPL represents the owners and operators of pipelines 
that transport crude oil, refined products like gasoline, diesel fuel, 
and jet fuel, and natural gas liquids like propane and ethane, to 
American workers and consumers.
    I am also testifying today on behalf of the American Petroleum 
Institute (API). API represents all facets of the oil and natural gas 
industry, with more than 650 members including large integrated 
companies, as well as exploration and production, refining, marketing, 
pipeline, and marine businesses, and service and supply firms.
                       pipeline security and tsa
    The oil and natural gas industry is committed to achieving zero 
incidents throughout our operations. Pipeline operators take 
considerable steps to ensure the safety and security of our personnel, 
assets, and operations. The security of our pipeline systems is a top 
priority for pipeline operators. Liquid pipeline operators share TSA's 
goal of pipeline security, and work hard to secure our facilities and 
networks. Pipeline operators implement many measures and programs in 
pursuit of our goal of zero incidents. Operators assess threats to 
pipelines, including security threats, take steps to address them, and 
share pipeline security best practices industry-wide.
    AOPL and API members appreciate the constructive approach the TSA 
Pipeline Security Division takes with its pipeline security program. 
Pipeline operators carefully review TSA's Pipeline Security Guidelines 
and Pipeline Security Smart Practice Observations when designing and 
maintaining security plans. Pipeline operators host TSA for pipeline 
security inspections and Corporate Security Reviews, which our members 
tell us are challenging, reasonable, and pragmatic. Follow-up 
discussions often result in specific improvements to the operator's 
security program. We do not ask for any changes in legislation or 
regulations regarding TSA's programs and activities in pipeline 
security.
    Because of the pipeline industry's designation by the Department of 
Homeland Security (DHS) as a critical infrastructure subsector, we have 
many opportunities to participate in Government programs focusing on 
promoting security and identifying threats. We participate in the DHS 
Oil and Natural Gas Sector Coordinating Council established under 
Presidential Policy Directive 21 on critical infrastructure security 
and resilience. These activities provide important opportunities for 
both Classified and Unclassified discussions of pipeline security 
threats. In addition, pipeline operators participate in the DHS 
Regional Resiliency Assessment Program, and regularly participate in 
TSA pipeline security stakeholder calls to develop industry-wide 
awareness of issues seen by TSA and by operators. We also participate 
in the FBI's Infragard process, a Government-industry partnership 
dedicated to sharing information and intelligence to prevent hostile 
acts against the United States.
    While participation in these efforts is critical to the development 
of situational awareness, it should be noted that DHS's risk analysis 
of all critical infrastructure did not designate any oil or natural gas 
infrastructure into its highest tier of risk. This is due to our 
industry's diverse geography, redundant systems, and the resilience of 
the sector when responding to events.
                  cybersecurity and api standard 1164
    Pipeline operators follow API Standard 1164, Pipeline SCADA 
Security, which helps pipeline operators defend their systems from 
cyber attacks. The standard requires operators to maintain systems for 
controlling pipeline operations separate and apart from business 
systems with internet access. It was developed with a broad group of 
stakeholders from the public and private sectors, and helps operators 
protect systems in a rapidly changing and increasingly complex cyber 
environment.
    The broader oil and gas industry, including pipeline owners and 
operators, have also created several information sharing forums, 
including the Oil and Natural Gas Information Sharing and Analysis 
Center (ONG ISAC), to share threat indicators, alerts and information 
to identify emerging cyber threats. Pipeline operators also participate 
in the NIST Cybersecurity Framework Roadmap process. These efforts, 
combined with the intelligence and information operators receive from 
Government sources, help operators better understand their risk and 
prevent incidents.
               other industry pipeline security programs
    API has also developed several other standards and programs to 
promote a culture of security, both physical and cyber. API RP 780, 
Security Risk Assessment, defines the recommended approach for 
assessing security risk widely applicable to the types of facilities 
operated by the industry and the security issues the industry faces. 
API RP 781, Facility Security Plan Methodology for the Oil and Natural 
Gas Industries, will build on RP 780 and provides the process to factor 
risk assessment into the physical and cybersecurity measures used to 
secure operations. This recommended practice should be published later 
this year. In addition, API has published Utilizing Intelligence to 
Secure People [http://www.api.org//media/files/policy/safety/api-
guidance-utilizing-intelligence-in-ong.pdf?la=en], a guidance document 
describing some of the resources that are available to the industry to 
help attain situational awareness in different operating environments.
    API created the Oil and Natural Gas Industry Preparedness Handbook 
[http://www.api.org/news-policy-and-issues/safety-and-system-integrity/
oil-gas-industry-preparedness-handbook] with support from members and 
associations throughout the industry, to illustrate how local responses 
can be aided by established relationships with governments and 
communities, local, State, and regional associations, and how corporate 
and Federal capabilities can facilitate efficient response and recovery 
at the local level. The Handbook provides a common-sense approach for 
oil and gas owners and operators, local and State industry 
associations, and public-sector partners to build the necessary 
capabilities to effectively manage the information flow that so often 
becomes congested during disruptive events.
                        oil spill response plans
    I want to bring to the subcommittee's attention a pending pipeline 
policy issue with significant security implications. Pipeline operators 
prepare and submit to U.S. DOT PHMSA, our safety regulator, oil spill 
response plans. These response plans detail facilities and plans for 
first responder and operator response to pipeline emergencies. They 
contain sensitive security information, such as worst-case spill 
scenarios, first responder operational information, pipeline control 
system locations and information, and descriptions of high-consequence 
areas. As Members of this subcommittee can appreciate, this information 
would provide a blueprint for a terrorist attack on pipeline 
infrastructure.
    In 2012, Congress authorized PHMSA specifically to redact this 
sensitive security information when making oil spill response plans 
public in response to Freedom of Information Act requests. However, a 
provision in the recent pipeline safety program reauthorization bill, 
S. 2276, passed by the Senate earlier this year, could allow the public 
to gain access to pipeline security information terrorists could use to 
plan an attack.
    The specific Senate provision, adopted in committee as an amendment 
by Senator Markey, would require PHMSA to provide to Congress, upon 
request, unredacted copies of oil pipeline response plans. AOPL and API 
support Congress exercising its oversight role over PHMSA and the oil 
spill response program, and do not object to Congressional committee 
leaders receiving these plans. Unfortunately, however, S. 2276 does not 
provide clear or specific protections against public disclosure of 
security-sensitive oil spill response plan information obtained by 
Congress.
    PHMSA legal guidance deems the information at issue here, ``if 
disclosed, would be of significant operational utility to a person 
seeking to harm the pipeline infrastructure of the U.S.'' Like PHMSA, 
we believe this information must be protected from public disclosure 
because of these security risks. We are ready to discuss this with you 
and with Members of this committee, the Transportation and 
Infrastructure Committee, and the Energy and Commerce Committee, as 
pipeline safety reauthorization legislation moves through the House and 
conference in coming months.
               new threats and actions against pipelines
    Finally, there is a growing pipeline security issue operators are 
watching closely. Opponents to pipeline projects in Canada are breaking 
into pipeline facilities, tampering with valves, and locking themselves 
to equipment as part of their protests. There were 4 incidents \1\ 
between November and January on 1 pipeline and a fifth incident \2\ on 
another in January. These actions could harm a pipeline operator's 
ability to respond to an incident and could even unintentionally result 
in a pipeline release impacting the public or environment.
---------------------------------------------------------------------------
    \1\ ``Pipeline industry concerned about tampering and vandalism'', 
CBC News, March 9, 2016, http://www.cbc.ca/news/business/cepa-chris-
bloomer-pipelines-tampering-enbridge-vandalism-target-1.3480857.
    \2\ ``Pipeline sabotage: Someone tampered with valve on Enbridge 
fuel pipeline near Cambridge'', Hamilton Spectator, January 5, 2016, 
http://www.thespec.com/news-story/6219719-pipeline-sabotage-someone-
tampered-with-valve-on-enbridge-fuel-pipeline-near-cambridge/.
---------------------------------------------------------------------------
    I understand information from unredacted oil spill response plans 
has helped some Canadian protestors in choosing where and how to 
obstruct a pipeline's activities. Information circulated for, or by, 
pipeline opponents can easily reach terrorist organizations who might 
intentionally use this information to harm the public. I encourage 
Congress to keep these new threats in mind when reviewing unredacted 
response plans and determining how the important information within 
them should be withheld from public disclosure.
    I thank the subcommittee for considering these issues, and would be 
happy to respond to any questions.

    Mr. Katko. Thank you, Mr. Black.
    Our third witness is Ms. Kathleen Judge, who currently 
serves as a director of risk and compliance for global security 
at National Grid, which I am proud to say operates in my 
hometown of Syracuse and throughout up-State New York. Ms. 
Judge also serves as the chair of the Oil and Natural Gas 
Sector Coordinating Council. The Chair now recognizes Ms. Judge 
to testify.

STATEMENT OF KATHLEEN S. JUDGE, DIRECTOR OF RISK AND COMPLIANCE 
FOR GLOBAL SECURITY, NATIONAL GRID, TESTIFYING ON BEHALF OF THE 
                    AMERICAN GAS ASSOCIATION

    Ms. Judge. Chairman Katko, Ranking Member Rice, Members of 
the committee, thank you the opportunity to provide testimony 
on pipeline security, and your commitment to the security of 
our Nation's critical infrastructure.
    As the Chairman stated, I am Kathy Judge. I work for 
National Grid, which is a gas and electric company based in the 
United Kingdom and Northeastern United States that serves 
nearly 7 million customers in New York, Massachusetts, and 
Rhode Island. National Grid is the largest distributor of 
natural gas in the Northeast. We are proud to be the energy 
provider to the Chair, Ranking Member, and Representative 
Keating's district.
    My background includes 27 years in the utility industry. 
Relevant to this hearing, I have helped lead the American Gas 
Association Security Committee. I also am current chair of the 
Oil and Natural Gas Sector Coordinating Council and Pipeline 
Sector Coordinating Council.
    Today I am testifying on behalf of the American Gas 
Association which represents more than 200 local gas utilities 
that operate 2\1/2\ million miles of distribution pipelines 
that deliver gas to 71 million consumers. Providing safe 
natural gas delivery is the top priority for natural gas 
utilities. This said, here are some important facts about 
pipeline security.
    One, natural gas utilities have a proven history of 
weathering natural disasters, accidental third-party damage, 
and intentional assaults. Ironically, the leading risk to 
pipelines is third-party excavation damage. Pipeline systems 
are resilient with multiple redundant safety and reliability 
mechanisms in place. Pipelines must comply with DOT pipeline 
safety regulations that also provide some security coverage.
    TSA threat assessments have indicated that the threat 
against U.S. natural gas pipelines is low. Nevertheless, 
because of the impact a successful physical or cyber attack 
could have on millions of customers, pipeline security remains 
a top industry priority.
    Gas utilities employ numerous strategies to ensure pipeline 
security, including but not limited to, site-specific security 
and crisis management plans, to ensure operations are 
reinforced with workplace and system redundancies, embedding 
security requirements into pipeline design and construction, 
weaving security requirements into corporate governance, 
participating with information sharing and analysis centers to 
improve on situational awareness, coordinating with Federal, 
State, and local first responders to ensure effective incident 
prevention and response, and partnering with Federal security 
partners at TSA, DOE, and the FBI to better understand the 
potential threats.
    Pivotal to pipeline security is the partnership industry 
has, with TSA's pipeline section of the Office of Security 
Policy and Industry Engagement. The TSA pipeline section 
recognized early on that collaboration was key because pipeline 
security professionals in TSA share the same objective, to 
protect critical infrastructure. Fourteen years later, this 
approach serves as a model for the public/private partnership. 
To sustain that partnership, TSA offers numerous programs to 
aid pipeline operators. Those primary tools are the TSA 
pipeline security guidelines which are a flexible set of 
security smart practices that were developed collaboratively by 
the Federal Government and pipeline security professionals. On-
site security reviews which offer TSA the opportunity to engage 
in constructive nonregulatory discussions with pipeline 
operators, and they also offer security awareness and training 
materials. These programs promote security in mutually 
beneficial relationships between TSA and the operator cannot be 
undervalued. Please note that the TSA pipeline security program 
must be protected.
    I would like to share 2 examples of past actions taken with 
the best of intentions that proved detrimental. In 2014 TSA 
announced the significant organizational realignment that 
dismantled the effective programs and processes that were in 
place and that we benefitted from as operators. During this 
realignment, it was the intent of DHS to have generalists. In 
other words, GSA reps who worked across all transportation 
modes. This proved ineffective as visits focused more on 
educating the generalists about pipelines and pipeline security 
than on the bilateral value gained from the prior visits with 
specialists. After input from pipeline operators and a decline 
in the industry engagement, TSA reversed the realignment and 
went back to the way it was.
    DOT and TSA security partnership needs greater 
collaboration. DOT recently proposed changes to its National 
pipeline mapping system that would require operators to provide 
on-line, in a single database, detailed pipeline operations' 
location information. It is my belief that TSA would have 
opposed this had they been collaborated with on this subject.
    Natural gas utilities value the effective security 
partnership. Compliance does not equal security. The formula 
for measurable effectiveness of TSA's pipeline program is a 
result of practical guidelines, information exchange, and 
trusted private-sector engagements. We also urge the committee 
to continue to support the TSA pipeline security program and 
encourage interagency collaboration with PHMSA where pipeline 
security and pipeline safety overlap.
    Thank you. I look forward to your questions.
    [The prepared statement of Ms. Judge follows:]
                Prepared Statement of Kathleen S. Judge
                             April 19, 2016
    My name is Kathleen S. Judge and I am the director, risk & 
compliance, corporate security for National Grid. National Grid is an 
international electricity and gas company based in the United Kingdom 
and northeastern United States that connects nearly 7 million customers 
to vital energy sources through its networks in New York, 
Massachusetts, and Rhode Island. It is the largest distributor of 
natural gas in the Northeast. National Grid also operates the systems 
that deliver gas and electricity across Great Britain.
    I have over 27 years of experience in the utility industry, and 
since 2007, I have been in physical security. I have been actively 
involved with the industry trade association security committees during 
my time in security, including serving on the American Gas Association 
Security Committee leadership team since 2011. I currently chair the 
Oil & Natural Gas Sector Coordinating Council (ONG SCC) and Pipeline 
Working Group, which also serves as the Pipeline Sector Coordinating 
Council. I am also actively involved in the Edison Electric Institute 
(EEI) Security Committee and serve on the Executive Steering Committee 
for the Long Island Sound Area Maritime Security Committee. In 2014 and 
2015, I was an active member on the NERC CIP 14--Physical Security 
Standards Drafting Team.
    I am testifying today on behalf of the American Gas Association 
(AGA). AGA, founded in 1918, represents more than 200 local energy 
companies that deliver clean natural gas throughout the United States. 
There are more than 72 million residential, commercial, and industrial 
natural gas customers in the United States, of which 95 percent--nearly 
69 million customers--receive their gas from AGA members. Natural gas 
pipelines, which transport approximately one-fourth of the energy 
consumed in the United States, are an essential part of the Nation's 
infrastructure. Indeed, natural gas is delivered to customers through a 
safe, 2.5 million-mile underground pipeline system. This includes 2.2 
million miles of local utility distribution pipelines and 300,000 miles 
of transmission pipelines that stretch across the country, providing 
service to more than 177 million Americans.
                         natural gas utilities
Who We Are
    Providing safe, reliable, and cost-effective delivery of natural 
gas is the top priority of natural gas utilities across America. Given 
our strong service record, enviable safety statistics, and inherently 
resilient makeup due to the subsurface locations of the majority of our 
assets, natural gas utilities work vigilantly to maintain both the 
cybersecurity and physical security of the infrastructure. The natural 
gas system is a complex, interconnected, and well-protected network of 
pipelines and associated facilities, including but not limited to, 
compressor stations, pressure regulators, pressure relief valves, and 
underground natural gas storage. Natural gas operations have a proven 
history of weathering natural events, accidental third-party damage, 
and intentional malicious assaults. Crisis management and site-specific 
security plans ensure operations are reinforced with well-trained 
workforce and system redundancies. Natural gas security professionals 
layer security measures within a framework of risk management. Further, 
natural gas owner/operators partner with Federal, State, and local 
government and law enforcement agencies to ensure effective and 
efficient response to events impacting natural gas operations.
    The Transportation Security Administration (TSA) annual threat 
assessments have indicated that the threat against U.S. natural gas 
pipelines is low, and there is no current credible threat information 
regarding attacks on U.S. distribution pipelines. Further, the U.S. 
Department of Transportation (DOT) Bureau of Transportation Statistics 
continue to show pipelines as the safest form of transportation with 
very low incident rates, and the DOT Pipeline and Hazardous Materials 
Safety Administration (PHMSA), which regulates pipelines under its 
Office of Pipeline Safety (OPS), states that pipelines are one of the 
safest and most cost-effective means to transport the extraordinary 
volumes of natural gas. As such, pipeline safety and physical 
infrastructure security remain AGA's top priority.
Pipeline Risks
    The primary objective for gas utilities is the safe and reliable 
delivery of natural gas to the consumer. As a result, natural gas 
utilities evaluate their security risks with public safety and natural 
gas interdependencies in mind. Pipeline security risks may be 
categorized as physical security risks or cybersecurity risks. In 
general, the leading security risks to natural gas utilities include, 
gas theft; access control; supply chain integrity; customer information 
theft; insider threat; facility and employee protection; and breach of 
Supervisory Control And Data Acquisition systems (SCADA), control 
systems, or communication systems. In addition, the potential for loss 
of telecommunications capability motivates the natural gas industry to 
maintain a basic level of manual operations, which adds a layer of 
security not afforded sectors that are fully automated.
    Ironically, the leading risk to natural gas utility pipelines 
continues to be third-party excavation damage. Excavation damage causes 
more casualties and service interruptions than any combination of 
security incidents.
    While specifics may vary across companies, natural gas security 
professionals layer security measures in a handful of operational 
phases, i.e., planning, preparation, protection, incident response, and 
recovery that are framed by the overarching goal of risk management. 
The following provides more details about the activities associated 
with these phases.
   Planning.--Natural gas owner/operators develop written 
        programs that include methods for vulnerability and risk 
        assessment, protection of sensitive information, threat 
        responses, cooperation with public safety personnel, and 
        physical security and cybersecurity practices.
   Preparation Activities.--Natural gas owner/operators 
        practice and prepare for extraordinary scenarios through 
        participation in their own drills as well as those coordinated 
        by industry, regional associations, and Government agencies. 
        Table-top exercises enhance preparedness efforts and incident 
        classification, while testing and engaging operators in 
        restoration and recovery discussions. Finally, the industry 
        participates in the TSA I-STEP \1\ full-scale training and 
        exercises designed to provide a forum for personnel to practice 
        specific plans and procedures in response to security issues 
        impacting their companies.
---------------------------------------------------------------------------
    \1\ I-STEP: The Intermodal Security Training & Exercise Program is 
a ``risk-based, intelligence-driven exercise, training, and security 
planning solution in collaboration with other security partners to 
reduce risks to critical transportation infrastructure, and build and 
sustain security preparedness.''
---------------------------------------------------------------------------
   Protection Strategies.--Natural gas owner/operators make 
        significant investments to protect their most critical assets. 
        These investments focus on improving protection, detection, and 
        perimeter security at the most critical locations. Examples of 
        enhanced physical and personnel security measures include:
     physical security measures such as, but not limited to and 
            as appropriate, barriers and buffer zones, access controls, 
            gates, locks and key controls, facility lighting, vehicle 
            searches (static guards), surveillance cameras, intrusion 
            detection, and monitoring.
     personnel security measures such as, but not limited to 
            and as appropriate, biometric identification and badging, 
            background investigation, training, exercises, and drills.
   Incident Response and Recovery.--Gas utilities have long 
        maintained and been acknowledged for their consistent 
        commitment to the safety of the natural gas infrastructure, 
        workers, and processes. The commitment to operational 
        resiliency is equally substantial. Redundancies along the 
        delivery system provide operators the flexibility to reduce 
        pressure and redirect, shut down, or restore gas flow. 
        Facilities for alternative fuels and natural gas storage 
        provide additional options to supplement gas supply to minimize 
        service disruption. Companies also have critical back-up and 
        replacement equipment and parts stored at key points along a 
        system. Rapid response teams can be quickly deployed to get the 
        system up and running in order to reduce down time. Overall, 
        the industry approaches preparedness and response from the 
        local level, acknowledging that events impact workers, 
        businesses, and communities first and foremost. While resources 
        and information are often held at the regional or National 
        levels, it is the local facility operators who have the best 
        ability to assess their systems, identify needs, and execute 
        the work needed to restore services.
    Title 49 of the Code of Federal Regulations governs the response 
        aspect of security planning. Pipeline companies have years of 
        experience responding to emergency incidents and are required 
        by DOT to have effective emergency plans in place. Operators 
        are also required to report significant incidents--those 
        resulting in serious injury, loss of life, or property damage 
        greater than $50,000--to the DOT National Response Center 
        (NRC). A mechanical failure or unintentional act resulting in 
        significant damage to a pipeline will be reported to DOT 
        through the NRC. An intentional act of damage, or act of a 
        suspicious nature involving a pipeline, will be reported to TSA 
        through the Transportation Security Operating Center (TSOC).
    Responding to a pipeline failure caused by an intentional act 
        varies little from the response to a mechanical failure or an 
        unintentional act; except that, operators must exercise caution 
        recognizing the incident may be criminal in nature. Facility 
        restoration is the final component of an industry security 
        initiative. Specific plans will vary among operators based on 
        the criticality of the pipelines and factors such as location 
        and time of year.
    Security is woven into corporate governance through security 
policies, incident procedures, record keeping, communication, security 
measures embedded within design and construction practices, as well as 
equipment maintenance and testing. To help maintain operational 
security, natural gas utilities are careful not to publicize clearly 
sensitive information about critical infrastructure that might provoke 
new threats, or endanger the safety of the American public or the 
integrity of the Nation's gas systems. Gas companies work closely with 
law enforcement personnel and first responders on site-specific 
security plans and security drills. Additionally, gas utilities 
participate in security information-sharing communities such as the 
Downstream Natural Gas Information Sharing & Analysis Center, which 
provides participants with timely situational awareness, intelligence 
analytics, and industry incident information exchange.
Sector Coordinating Council
    In 2004, Sector Coordinating Councils were formed to coordinate 
security initiatives among the Nation's critical infrastructure assets. 
The Oil and Natural Gas Sector Coordinating Council (ONG SCC) was 
formed by 19 industry trade associations to provide a forum for 
discussion and to coordinate communications between industry security 
professionals and representatives of the Energy Sector Government 
Coordinating Council (Energy GCC \2\). Subsequent to the formation of 
the ONG SCC, the Pipeline Working Group (Pipeline Sector Coordinating 
Council) was formed to further enhance communication and collaboration 
among pipeline operators and Government entities.
---------------------------------------------------------------------------
    \2\ Energy GCC: The Energy Sector Government Coordinating Council 
is chaired by a representative of the Department of Energy, and the GCC 
includes members of numerous agencies, including TSA and DOT.
---------------------------------------------------------------------------
Cooperation
    The pipeline industry takes its responsibility for facility, 
system, and network security very seriously. The TSA provides guidance 
and expectations for the practices and procedures necessary to secure 
the Nation's critical pipeline infrastructure. Members of industry and 
trade associations, working together and through the SCCs, have 
developed guidelines that are consistent with these expectations. The 
typical operator has a developed security program, has conducted 
facility risk assessments, and has implemented sound practices that 
provide for effective and practical system security.
    The natural gas industry supports a process for raising public 
awareness about pipelines in a manner that does not jeopardize 
security, interstate commerce, or proprietary business information. In 
addition to close coordination amongst gas utilities to reinforce 
operational resilience, the industry works directly with Government 
partners in DHS, DOE, the White House, the Government intelligence 
community, and local and State law enforcement agencies to more 
thoroughly understand potential threats and to better protect its 
systems. AGA and gas industry representatives actively participate in 
interdependency initiatives coordinated by Federal and State 
governments to enhance preparedness, response, and recovery planning. 
For example, in 2010 and in support of the objectives of the National 
Infrastructure Protection Plan, owner/operators across the oil and 
natural gas sector collaborated with DHS and DOE to present several 
cross-sector emergency management workshops aimed at promoting an 
integrated private sector and Government response during natural 
disasters and terrorist incidents. The gas industry also engaged with 
DOE, DHS, electric utility operators, and local law enforcement on a 
series of physical security and cybersecurity briefings across the 
United States and Canada. These briefings allow Government officials to 
provide information on the current threat environment, discuss 
mitigation strategies, and encourage participants to further develop 
relationships with first responders and industry partners. 
Additionally, many utility security personnel hold Government security 
clearances, which allow access to Classified threat information to 
further develop security strategies.
Resilience
    Resilience is an integral element of the gas industry's critical 
infrastructure protection mission that is bolstered by multiple layers 
of safety and reliability mechanisms to reduce the magnitude and/or 
duration of disruptive events and to ensure sufficient backup coverage 
exists. Because utilities must ``expect the unexpected,'' they have 
all-encompassing contingency plans for dealing with man-made and 
natural disasters to help ensure natural gas will flow safely and 
reliably. The industry continues to work with Federal agencies to 
enhance the physical security and cybersecurity of its critical 
infrastructure while remaining firmly committed to taking appropriate 
and measured actions to deter threats, mitigate vulnerabilities, and 
minimize consequences associated with a terrorist attack and other 
disasters.
    The National Infrastructure Advisory Council's Critical 
Infrastructure Resilience Study found that the oil and natural gas 
sector has a significant amount of redundancy and robustness built into 
the system. Most pipelines are relatively easy to repair over the short 
term and in many cases, alternative routes are also available to move 
sufficient amounts of product around the site of an incident, thus 
preventing major disruptions. Moreover, redundancies are built into the 
pipeline infrastructure, including interconnects between companies. 
This planning and interconnect capability ensures consumers with 
reliable service.
                 transportation security administration
Pipeline Security Authority
    Under the provisions of the Aviation and Transportation Security 
Act (Public Law 107-71), TSA was established on November 19, 2001, with 
responsibility for civil aviation security and ``security 
responsibilities over other modes of transportation that are exercised 
by the Department of Transportation.'' To fulfill this mandate in the 
pipeline mode, on September 8, 2002, TSA formed the Pipeline Security 
Division, which is now called the Pipeline Section of the Office of 
Security Policy and Industry Engagement (TSA Pipeline Section).
Partnership
    The vast majority of critical infrastructure is privately owned and 
operated. As such, effective public-private partnerships are the 
foundation for critical infrastructure protection and resilience 
strategies comprising timely, trusted, unguarded information sharing 
among stakeholders. The TSA Pipeline Section recognized early on that 
the pipeline industry security professionals are charged with a 
parallel objective, i.e., protect the critical infrastructure, and this 
is best accomplished in a collaborative environment. Historically, TSA 
has strategically refrained from executing its regulatory authority 
and, instead, pioneered a path of genuine Government partnership with 
pipeline owners/operators. Fourteen years later, this approach 
continues to serve as a model for public/private partnership that 
offers collaboration, mutual support, and measurable achievement 
towards a common goal--pipeline security.
    The partnership approach has established a bond between industry 
and Government that is uncommon across the Government/operator 
community and is measurably beneficial for all stakeholders. The 
operator knows best his/her operations--what needs to be secured and 
how to best achieve this; TSA provides valuable tools, knowledge 
resources, insights, and perspectives that advances the operator's 
decision-making process. The end result is an improved security posture 
that benefits all involved, except the adversary.
Programs/Tools/Products
    TSA has many programs, tools, and products available to assist 
pipeline operators in addressing security matters. The portfolio 
includes, Critical Facility Inspections (CFI), Corporate Security 
Reviews (CSR), Critical Facility Security Reviews (CFSR), Blast 
Mitigation, Smart Practices, I-STEP, monthly stakeholder 
teleconferences, Security Awareness Training Videos, and the 
International Pipeline Security Forum. These resources bring Government 
and operators together and foster relationships and cooperative efforts 
that have been key to advancing industry pipeline security practices.
            TSA Pipeline Security Guidelines
    The leading tool in the TSA portfolio is the TSA Pipeline Security 
Guidelines (Guidelines), a product of collaboration that coalesced the 
institutional knowledge and experience of pipeline security 
professionals with the resources of the Federal Government. The 
Guidelines were developed with the assistance of industry and 
Government members of the Pipeline Sector and Government Coordinating 
Councils, industry association representatives, and other interested 
parties and represent TSA's expectations of industry. TSA released the 
Guidelines in December 2010 (re-released in April 2011), and it applies 
to natural gas distribution pipelines and liquefied natural gas 
facilities. Notably, the partnership between pipelines and TSA 
effectively drives industry to advance beyond minimum security 
standards to the deployment of smart industry practices. The Guidelines 
provides operators the flexibility to secure pipeline infrastructure by 
applying practices that are most applicable to their individual 
systems.
            On-site Reviews/Visits
    Equally significant in advancing industry's security posture are 
non-regulatory, on-site facility reviews/visits. The CSRs and CFIs have 
historically been the program names for these reviews/visits conducted 
by the TSA Pipeline Section. The CSRs focused on the operators' overall 
security plan. The CFIs focused on security plan implementation and 
actual day-to-day security practices at critical facilities. More 
recently, CFIs have been renamed as CFSRs.
    The CSRs are designed for TSA to focus on an operator's overall 
security plan implementation through: (1) Learning more about an 
organization's pipeline system, (2) reviewing an organization's listing 
of critical facilities, (3) discussing at length the details of an 
organization's security plan and programs, and (4) engaging with the 
operator to familiarize the operator with TSA and vice-versa prior to 
any security-related event or emergency. Following the review, TSA 
shares observations with that company, including a security benchmark 
so the company can compare itself with similar or peer companies. TSA 
discusses areas in which they observe the company excelling in relation 
to the industry and smart practices. TSA also identifies areas in which 
the company is observed to be lacking and will make recommendations 
based on the Guidelines or offer considerations based on their 
expertise and industry observations. TSA then follows up with each 
organization to see what progress has been made based on their 
recommendations.
    CFSRs are site-by-site walkthroughs at each critical facility 
focused on site-specific security plans and measures. Following each 
review, TSA sends a report to the operator including commendations and 
recommendations. TSA then follows up with each operator to check in on 
the progress of recommendations. TSA also utilizes information obtained 
during the reviews to develop security smart practices that are shared 
with the industry.
    The review/visits offer TSA a unique opportunity to engage in open, 
candid, non-punitive discussions with the operator. This affords TSA 
with a more holistic view of how the industry can be effective in its 
flexible use of the Guidelines and reinforces the fact that 
constructive exchange between TSA and the operator is more useful for 
security planning than the ``us versus them'' compliance-audit 
environment. Results of these reviews have been used to develop 
security ``smart practices'' that are shared widely throughout the 
industry. These programs have not only been a means of evaluating the 
actual security practices of the pipeline operators but have also been 
a means of promoting industry familiarity with the responsibilities and 
personnel of TSA. Thus, the collaboration between TSA and the pipeline 
operator is a mutually beneficial relationship that cannot be 
undervalued.
            Stakeholder Teleconferences
    For wider participation, TSA holds monthly stakeholder calls to 
share physical and cyber threat and intelligence information with 
industry. Following notable security events, TSA conducts more frequent 
calls and sends out relevant information to industry stakeholders.
            Additional Engagement Opportunities
    Industry and TSA annually convene to go through the Transportation 
Sector Security Risk Assessment. This exercise includes evaluating a 
list of scenarios and determining the likelihood of such an event. Both 
also collaborate on the development of Pipeline Modal Threat Assessment 
prepared by the TSA Office of Intelligence and Analysis.
    In addition to the Guidelines and TSA products, the pipeline 
industry references and implements multiple resources, programs, and 
standards from wellhead to the meter as appropriate for the company's 
operations. Such resources include American Petroleum Institute 
Recommended Practices and standards, DOE Oil & Natural Gas 
Cybersecurity Capability Maturity Model, SANS Institute cybersecurity 
standards, and the North American Electric Reliability Corporation 
Critical Infrastructure Protection Committee standards. The pipeline 
industry also coordinates initiatives with other critical 
infrastructure sectors, including but not limited to Chemical, Energy, 
Communications, and Financial Sectors as well as other modes within the 
Transportation Sector.
To Regulate or Not To Regulate
    The formula that promotes on-going improvements to the pipeline 
industry's security posture consists of the partnership, the 
Guidelines, and the operator facility visits by TSA.
    The Guidelines has a common goal with the pipeline operator to 
promote the security pipeline infrastructure while recognizing 
operational, structural, and commodity differences across the pipeline 
industry. This performance-based approach supports the flexibility 
needed for operators to address the dynamic security threats specific 
to their operations in different operating settings.
    The CSRs, CFIs, and CFSRs demonstrate the owner/operators' actions 
to follow the Guidelines. According to TSA, there have been 347 CFIs, 
154 CSRs, and 151 CFSRs to date. Each of the visits resulted in TSA 
recommendations to the operator to which 85-90% of the recommendations 
have already been addressed by the operator, and the remaining 
recommendations are in the process of being addressed, or the operator 
found a better way of achieving the objective of the recommendation. 
TSA has gone on record stating that based on its CSRs and other 
information, pipeline operators already employ most of these 
recommendations in their security plans and programs.
    In addition to partnering with TSA, pipelines must comply with DOT 
pipeline safety regulations, which require the incorporation of system 
fail-safes that in many cases protect against the goals of the 
adversary; in the case of natural gas utilities, this would apply to 
system over-pressurization. Intrastate pipeline must also comply with 
State pipeline safety regulations that go above and beyond DOT's 
regulations.
Improving on TSA's Role
    In January 2014, TSA announced a significant organizational 
realignment that dismantled effective programs (previously highlighted) 
and processes both the Government and the operators had benefited from. 
During the realignment, it was the intent of DHS to have generalists 
(i.e., TSA representatives who work all transportation modes) to 
conduct the CFSRs. In practice, this proved ineffective as the visits 
focused more on educating the TSA generalist about pipeline security 
than on bilateral value gained. Ostensibly, the impetus for the 
realignment was to sustain TSA's effectiveness and to remove the stove-
piping amongst the various modes. Industry representatives expressed 
concern over the reorganization, as this realignment was done without 
engagement of the operator community.
    AGA worked with Congressional staff and TSA staff to facilitate a 
meeting between TSA leadership and industry to discuss the 
reorganization. After extensive pressure from pipeline operators and a 
measurable decline in TSA's engagement with industry, TSA reversed the 
realignment and returned to a model similar to the original. Because 
most of the original well-trained TSA pipeline staff had been 
reassigned elsewhere, the program is slowly rebuilding. AGA credits the 
leadership of Ms. Sonya Proctor, director, surface division, office of 
security policy and industry engagement, for recognizing the 
ineffectiveness of the realignment, the need to return to the original 
model, and the need to fill open pipeline security positions with 
qualified candidates. TSA is strongly encouraged to ramp up the CFSR 
program with reviewers who already understand pipeline operations, as 
was the case prior to the realignment efforts.
    Further, industry has invested a great deal of resources working 
with the Government intelligence community to ensure the timely sharing 
of actionable information. Though certain groups, such as DHS 
Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), 
recognize the value of this, others within the intelligence community 
(outside of DHS) do not necessarily agree. TSA should be positioned and 
empowered to be a conduit of threat information that has implications 
to pipeline operations. This would include information that could 
impact sectors/infrastructure upon which pipeline operations are 
dependent or which have operations similar to pipelines, e.g., SCADA. 
Along these same lines, more Government resources should be invested to 
provide well-trained and -equipped pipeline security professionals 
across the Nation to conduct more facility reviews and noncompliance 
visits.
                                 phmsa
    Security and safety go hand-in-hand. As prescribed in Title 49 of 
the Code of Federal Regulations, pipeline safety, including emergency 
management, has been the purview of DOT through PHMSA's Office of 
Pipeline Safety. Prior to events of September 11, 2001, the Homeland 
Security Act of 2002, Homeland Security Presidential Directive 7 
(December 17, 2003), and the Aviation & Transportation Security Act of 
2001, pipeline security was under the purview of DOT, where it played a 
less prominent role than pipeline safety. In September of 2004, a 
Memorandum of Understanding (MOU) was signed by representatives of DHS 
and DOT memorializing an agreement of respective pipeline security 
roles and responsibilities; ``DOT and DHS will collaborate in 
regulating the transportation of hazardous materials by all modes 
(including pipelines).'' Additionally, in August 2006, an MOU was 
signed by TSA and PHMSA to clarify that TSA has primary responsibility 
for pipeline security and formalize coordination between TSA and PHMSA 
to ensure that pipeline security and pipeline safety complement one 
another: ``PHMSA is responsible for administering a National program of 
safety in natural gas and hazardous liquid pipeline transportation 
including identifying pipeline safety concerns and developing uniform 
safety standards.''
    The emergency response practices prescribed by DOT are used in the 
event of any incident, whether intentional or accidental. All involved 
parties must work cooperatively with law enforcement, local agencies, 
and first responders to minimize damage and danger to local communities 
and critical facilities.
Coordination
    For a number of years following the 2006 MOU, PHMSA was actively 
engaged with TSA activities, including the development of the 
Guidelines. However, more recent experiences suggest that PHMSA has 
lost its focus on cybersecurity. For example, PHMSA has proposed 
significant changes to its National Pipeline Mapping System that would 
require operators to provide very detailed pipeline operations and 
location information, including information on critical valves, on-line 
in a single database, and this information would be made widely 
available. PHMSA's actions suggest pipeline cybersecurity is an 
afterthought rather than part of the evaluation process.
                                summary
    Natural gas utilities value the collaborative security relationship 
they have with TSA. TSA is to be commended for choosing the more 
constructive path, i.e., partnering with owners/operators, to improving 
the pipeline sector's security posture. Furthermore, compliance does 
not equate to security. The formula for the measurable effectiveness of 
TSA is the result of practical guidelines, smart practices, information 
exchange, and trusted engagement with the private sector. TSA should 
continue the process of reversing its earlier realignment efforts and 
return to the model of a dedicated group of TSA staff with knowledge 
and experience in pipeline operations specifically assigned to pipeline 
security. TSA should also continue to coordinate with PHMSA where 
pipeline security and pipeline safety overlap. Along the same lines, 
PHMSA should be more proactive in consulting with TSA on pipeline 
safety matters, in particular regarding regulations that have security 
implications and may increase pipeline vulnerability.

    Mr. Katko. Thank you, Ms. Judge for your testimony. We 
appreciate you being here today.
    Our fourth and final witness is Dr. Paul Parfomak. Did I 
say that correctly?
    Mr. Parfomak. Perfect.
    Mr. Katko [continuing]. Who currently serves as a 
specialist in the energy and infrastructure policy at the 
Congressional Research Service. The Chair now recognizes Dr. 
Parfomak to testify.

    STATEMENT OF PAUL W. PARFOMAK, SPECIALIST IN ENERGY AND 
INFRASTRUCTURE POLICY, CONGRESSIONAL RESEARCH SERVICE, LIBRARY 
                          OF CONGRESS

    Mr. Parfomak. Good afternoon, Chairman Katko, Ranking 
Member Rice, and Members of the subcommittee. My name is Paul 
Parfomak, specialist in energy and infrastructure policy at the 
Congressional Research Service. CRS appreciates the opportunity 
to testify about the Federal role in pipeline security. Please 
note that CRS does not advocate policy or take a position on 
any legislation.
    Nearly 3 million miles of pipeline transport natural gas, 
oil, and other hazardous liquids across the continental United 
States. Due to their scale and reliance on computer controls, 
the Nation's pipelines are vulnerable to attack, and repeatedly 
have been a focus of malicious activity. Major incidents 
include a plot by Islamist terrorists to attack jet fuel 
pipelines at JFK Airport, attempted bombings of natural gas 
pipelines in Texas and Oklahoma, and a coordinated campaign of 
cyber intrusions among pipeline operator computer systems.
    Over the last 15 years, there have been no successful 
pipeline attacks in the United States. But the threat remains 
credible. The Department of Transportation has statutory 
authority to regulate pipeline safety. The Clinton 
administration gave the DOT lead responsibility for pipeline 
security as well. In 2001, however, President Bush placed 
pipeline security authority within the newly-established 
Transportation Security Administration. Since its inception, 
TSA has administered a multifaceted pipeline security program 
centered around its corporate security reviews. The agency also 
inspects critical facilities, participates in security 
committees, and provides training, among many other activities.
    While TSA has been engaged in a broad range of activities 
to help secure pipelines, questions remain about the overall 
structure and effectiveness of its pipeline security program. 
Three specific issues may warrant Congressional attention. No. 
1, TSA's pipeline security resources. No. 2, voluntary versus 
mandatory standards. No. 3, uncertainty about pipeline security 
risks.
    TSA's budget funds on the order of 10 to 15 full-time 
equivalent staff to support the various aspects of its pipeline 
security program. There is concern by some that this level of 
resources may not support rigorous and timely review of 
security plans and inspection of facilities Nation-wide. TSA's 
handful of pipeline staff accomplish a great deal, but they 
stand in contrast to over 700 staff in the other surface 
transportation modes at TSA, which excludes aviation. Over 500 
pipeline safety staff available to the DOT. Given this 
disparity, it is logical to consider whether TSA's pipeline 
security resources should be increased, or whether DOT staff 
who inspect the same pipeline systems as TSA could somehow be 
deployed to help meet security objectives.
    Although TSA has the statutory authority to regulate 
pipeline security, the agency has not promulgated such 
regulations. TSA asserts that its voluntary approach is more 
effective than mandatory standards. Canadian regulators, 
however, have come to a different conclusion. They do regulate 
pipeline security. Likewise, the U.S. Federal Energy Regulatory 
Commission has ordered mandatory cyber and physical security 
standards for the bulk electric power system which faces 
threats and vulnerabilities similar to pipelines. Canada's and 
FERC's decisions to regulate security raise questions as to the 
relative merits of a voluntary versus a regulatory approach to 
pipeline security.
    TSA's pipeline threat assessment published in 2011 
concluded with high confidence that the terrorist threat to the 
U.S. pipeline industry was low. No subsequent assessments are 
publicly available. However, recent events have increased 
concerns about pipeline system threats, especially cyber 
threats because the pipeline industry security risk assessments 
rely upon information from the Federal Government, uncertain or 
outdated threat information may lead to inconsistent security 
plans, inefficient spending of security resources, or 
deployment of security measures against the wrong threat.
    In conclusion, the Nation's pipelines have proven to be 
both vulnerable to attacks and attractive to malicious actors. 
A strong Federal pipeline security program is clearly 
necessary. Real bombs have been planted, computer systems have 
been attacked, and perpetrators have been imprisoned. TSA 
identifies many activities under its Pipeline Security Program. 
But they are performed with constrained resources. While both 
the TSA and industry are engaged in pipeline security, 
questions have been raised as to their level of capability and 
how effective their efforts have actually been. Under TSA's 
current approach, it is difficult to know for certain.
    Furthermore, while there have been no publicly-reported 
successful attacks on U.S. pipelines in recent years, existing 
security measures did not prevent attackers from planting 
explosive devices along U.S. pipelines on 2 separate occasions. 
If Congress concludes that TSA's current efforts are 
insufficient, it may decide to provide additional resources to 
support them, or specifically, direct TSA to develop pipeline 
security regulations. Congress also may direct TSA to focus 
additional attention on understanding pipeline threats, and to 
assess how the various elements of U.S. pipeline safety and 
security fit together.
    Thank you for the opportunity to appear before the 
committee. I will be happy to answer any questions.
    [The prepared statement of Mr. Parfomak follows:]
                 Prepared Statement of Paul W. Parfomak
                             April 19, 2016
    Good morning Chairman Katko, Ranking Member Rice, and Members of 
the subcommittee. My name is Paul Parfomak, Specialist in Energy and 
Infrastructure Policy at the Congressional Research Service (CRS). CRS 
appreciates the opportunity to testify here today about the evolution 
of and current Federal role in pipeline security. Please note that, in 
accordance with our enabling statutes, CRS does not advocate policy or 
take a position on any related legislation.
                              introduction
    Nearly 3 million miles of pipeline transporting natural gas, oil, 
and other hazardous liquids crisscross the United States. While an 
efficient and comparatively safe means of transport, these pipelines 
carry materials with the potential to cause public injury, destruction 
of property, and environmental damage. The Nation's pipeline network is 
also widespread, running alternately through remote and densely-
populated regions. Pipelines are operated by increasingly sophisticated 
computer systems which manage their product flows and provide 
continuous information on their status. Due to their scale, physical 
exposure, and reliance on computer controls, pipelines are vulnerable 
to accidents, operating errors, and malicious attacks.
    Congress has had long-standing concern about the security of the 
Nation's pipeline network. Beginning with the Aviation and 
Transportation Security Act of 2001 (Pub. L. 107-71), which established 
the Transportation Security Administration, and continuing through the 
PIPES Act of 2006 (Pub. L. 109-468) and the Implementing 
Recommendations of the 9/11 Commission Act of 2007 (Pub. L. 110-53), 
Congress has enacted specific statutory provisions to help secure 
pipelines. Likewise, successive Presidential administrations have 
promulgated executive orders establishing a Federal framework for the 
security of pipelines, among other critical infrastructure. The 114th 
Congress is overseeing the implementation of the Federal pipeline 
security program and considering new legislation related to the 
Nation's pipeline systems. In particular, the SAFE PIPES Act (S. 2776), 
which reauthorizes the Federal pipeline safety program, would also 
mandate a report to Congress on the staffing, resource allocation, 
oversight strategy, and management of the Federal pipeline security 
program ( 20).
Physical Threats to Pipeline Security
    Pipelines are vulnerable to intentional attacks using firearms, 
explosives, or other physical means. Oil and gas pipelines, globally, 
have been a favored target of terrorists, militant groups, and 
organized crime. For example, in 1996, London police foiled a plot by 
the Irish Republican Army to bomb gas pipelines and other utilities 
across the city.\1\ In Colombia, rebels have bombed the Canon Lemon oil 
pipeline and other pipelines hundreds of times since 1993, most 
recently last March.\2\ Likewise, militants in Nigeria have repeatedly 
attacked oil pipelines, including coordinated bombings of 3 pipelines 
in 2007 and the sophisticated bombing of an underwater pipeline in 
2016.\3\ A rebel group detonated bombs along Mexican oil and natural 
gas pipelines in July and September 2007.\4\ Natural gas pipelines in 
British Columbia, Canada, were bombed 6 times between October 2008 and 
July 2009 by unknown perpetrators in acts classified by authorities as 
environmentally motivated ``domestic terrorism.''\5\ In 2009, the 
Washington Post reported that over $1 billion of crude oil had been 
stolen directly from Mexican pipelines by organized criminals and drug 
cartels.\6\
---------------------------------------------------------------------------
    \1\ President's Commission on Critical Infrastructure Protection, 
Critical Foundations: Protecting America's Infrastructures, Washington, 
DC, October 1997.
    \2\ Luis Jaime Acosta, ``Colombia's Cano Limon Pipeline Suspended 
After Rebel Attacks,'' Reuters, March 14, 2016; Government 
Accountability Office (GAO), Security Assistance: Efforts to Secure 
Colombia's Cano Limon-Covenas Oil Pipeline Have Reduced Attacks, but 
Challenges Remain, GAO-05-971, September 2005.
    \3\ Maggie Fick and Anjil Raval, ``Bombed Pipeline to Hit Nigeria 
Oil Output,'' Financial Times, March 8, 2016; Katherine Houreld, 
``Militants Say 3 Nigeria Pipelines Bombed,'' Associated Press, May 8, 
2007.
    \4\ Reed Johnson, ``Six Pipelines Blown Up in Mexico,'' Los Angeles 
Times, September 11, 2007. p. A-3.
    \5\ Ben Gelinas, ``New Letter Threatens Resumption of `Action' 
against B.C. Pipelines,'' Calgary Herald, April 15, 2010.
    \6\ Steve Fainaru and William Booth, ``Mexico's Drug Cartels Siphon 
Liquid Gold,'' Washington Post, December 13, 2009.
---------------------------------------------------------------------------
    Pipelines in the United States have also been targeted by 
terrorists and other malicious individuals. In 1999, Vancouver police 
arrested a man planning to bomb the Trans Alaska Pipeline System (TAPS) 
for personal profit in oil futures.\7\ In 2005 a U.S. citizen sought to 
conspire with al-Qaeda to attack TAPS and a major natural gas pipeline 
in the eastern United States.\8\ In 2006 Federal authorities 
acknowledged the discovery of a detailed posting on a website 
purportedly linked to al-Qaeda that reportedly encouraged attacks on 
U.S. pipelines, especially TAPS, using weapons or hidden explosives.\9\ 
In 2007, the U.S. Department of Justice arrested members of a terrorist 
group planning to attack jet fuel pipelines and storage tanks at the 
John F. Kennedy International Airport.\10\ In 2011, a man planted a 
bomb, which did not detonate, along a natural gas pipeline in 
Oklahoma.\11\ In 2012, a man who reportedly had been corresponding with 
``Unabomber'' Ted Kaczynski unsuccessfully bombed a natural gas 
pipeline in Plano, Texas.\12\ To date, there have been no successful 
bombings of U.S. pipelines, but the threat of physical attacks remains 
credible.
---------------------------------------------------------------------------
    \7\ David S. Cloud, ``A Former Green Beret's Plot to Make Millions 
Through Terrorism,'' Ottawa Citizen, December 24, 1999, p. E15.
    \8\ U.S. Attorney's Office, Middle District of Pennsylvania, ``Man 
Convicted of Attempting to Provide Material Support to Al-Qaeda 
Sentenced to 30 Years' Imprisonment,'' Press release, November 6, 2007; 
A. Lubrano and J. Shiffman, ``Pa. Man Accused of Terrorist Plot,'' 
Philadelphia Inquirer, February 12, 2006, p. A1.
    \9\ Wesley Loy, ``Web Post Urges Jihadists to Attack Alaska 
Pipeline,'' Anchorage Daily News, January 19, 2006.
    \10\ U.S. Department of Justice, ``Four Individuals Charged in Plot 
to Bomb John F. Kennedy International Airport,'' press release, June 2, 
2007.
    \11\ U.S. Attorney's Office, ``Konawa Man Sentenced for Attempting 
to Destroy or Damage Property Using an Explosive,'' press release, 
December 5, 2012.
    \12\ Valerie Wigglesworth, ``Plano Blast Suspect Corresponded with 
Unabomber,'' Dallas Morning News, June 29, 2014; U.S. Attorney's 
Office, ``Plano Man Guilty in Pipeline Bombing Incident,'' press 
release, June 3, 2013.
---------------------------------------------------------------------------
Cyber Threats to Pipelines
    Although physical attacks on pipelines have been a focus in North 
America and elsewhere, the sophisticated computer systems used to 
operate pipeline systems are also vulnerable to cyber attacks. Cyber 
infiltration of supervisory control and data acquisition (SCADA) 
systems could allow ``hackers'' to disrupt pipeline service and cause 
spills, explosions, or fires--all from remote locations via the 
internet or other communication pathways. Such an approach reportedly 
was used to cause the 2008 explosion of the Baku-Tbilisi-Ceyhan oil 
pipeline in Turkey.\13\
---------------------------------------------------------------------------
    \13\ Jordan Robertson and Michael Riley, ``Mysterious '08 Turkey 
Pipeline Blast Opened New Cyberwar,'' Bloomberg, December 10, 2014.
---------------------------------------------------------------------------
    In March 2012, the Industrial Control Systems Cyber Emergency 
Response Team housed within the Department of Homeland Security 
identified an on-going series of cyber intrusions among U.S. natural 
gas pipeline operators dating back to December 2011. According to the 
agency, various pipeline companies described targeted spear-phishing 
\14\ attempts and intrusions into multiple natural gas pipeline sector 
organizations ``positively identified . . . as related to a single 
campaign.''\15\ In 2011, computer security company McAfee reported 
similar ``coordinated covert and targeted'' cyber attacks originating 
primarily in China against global energy companies. The attacks began 
in 2009 and involved spear-phishing, exploitation of Microsoft software 
vulnerabilities, and the use of remote administration tools to collect 
sensitive competitive information about oil and gas fields.\16\ In 
2010, the Stuxnet computer worm was first identified as a threat to 
industrial control systems. Although the Stuxnet software initially 
spreads indiscriminately, the software includes a highly specialized 
industrial process component targeting specific industrial SCADA 
systems built by the Siemens company.\17\ The increased vulnerability 
of pipeline SCADA systems due to their modernization, taken together 
with the emergence of SCADA-specific malicious software and the recent 
cyber attacks, suggests that cybersecurity threats to pipelines have 
been increasing.
---------------------------------------------------------------------------
    \14\ ``Spear-phishing'' involves sending official-looking e-mails 
to specific individuals to insert harmful software programs (malware) 
into protected computer systems; to gain unauthorized access to 
proprietary business information; or to access confidential data such 
as passwords, social security numbers, and private account numbers.
    \15\ Industrial Control Systems Cyber Emergency Response Team (ICS-
CERT), ``Gas Pipeline Cyber Intrusion Campaign,'' ICS-CERT Monthly 
Monitor, April 2012, p.1, http://www.us-cert.gov/control_systems/pdf/
ICS-CERT_Monthly_Monitor_Apr2012.pdf.
    \16\ McAfee Foundstone Professional Services and McAfee Labs, 
Global Energy Cyberattacks: ``Night Dragon,'' white paper, February 10, 
2011, p. 3, http://www.mcafee.com/us/resources/white-papers/wp-global-
energy-cyberattacks-night-dragon.pdf.
    \17\ Tobias Walk, ``Cyber-attack Protection for Pipeline SCADA 
Systems,'' Pipelines International Digest, January 2012, p. 7.
---------------------------------------------------------------------------
Potential Consequences of Pipeline Releases
    Although there have been no intentional releases from U.S. 
pipelines due to bombing or cyber attacks, accidental releases may 
illustrate the potential consequences of a successful attack. Pipeline 
accidents in the United States, on the whole, cause few fatalities 
compared to other product transportation modes, but such accidents have 
been catastrophic in several cases. For example, a 1999 gasoline 
pipeline accident in Bellingham, WA, killed 3 people and caused $45 
million in damage to a city water plant and other property.\18\ In 
2000, a natural gas pipeline accident near Carlsbad, NM, killed 12 
campers.\19\ A 2010 natural gas pipeline explosion in San Bruno, CA, 
killed 8 people, injured 60 others, and destroyed 37 homes.\20\ A 2010 
pipeline spill released 819,000 gallons of crude oil into a tributary 
of the Kalamazoo River near Marshall, MI.\21\ A 2014 natural gas 
distribution pipeline explosion in New York City killed 8 people, 
injured 50 others, destroyed 2 5-story buildings, and caused the 
temporary closure of a transit line due to debris.\22\ Such accidents 
demonstrate the potential risk to human life, property, and the 
environment. Disruption of service from these pipelines also caused 
economic and operational impacts among the pipelines' customers. Such 
accidents have generated substantial scrutiny of pipeline regulation 
and increased State and community activity related to pipeline safety 
and security.\23\
---------------------------------------------------------------------------
    \18\ National Transportation Safety Board, Pipeline Rupture and 
Subsequent Fire in Bellingham, Washington June 10, 1999, NTSB/PAR-02/
02, October 8, 2002.
    \19\ National Transportation Safety Board, Natural Gas Pipeline 
Rupture and Fire Near Carlsbad, New Mexico August 19, 2000, NTSB/PAR-
03-01, February 11, 2003.
    \20\ National Transportation Safety Board, Pacific Gas and Electric 
Company Natural Gas Transmission Pipeline Rupture and Fire, San Bruno, 
California, September 9, 2010, NTSB/PAR-11/01, August 30, 2011.
    \21\ National Transportation Safety Board, Enbridge, Inc. Hazardous 
Liquid Pipeline Rupture, Board meeting summary, July 25, 2010, http://
www.ntsb.gov/news/events/2012/marshall_mi/index.html.
    \22\ National Transportation Safety Board, Natural Gas-Fueled 
Building Explosion and Resulting Fire New York City, New York March 12, 
2014, NTSB/PAR-15/01, June 9, 2015.
    \23\ See, for example: Jim Lynch and Jonathan Oosting, ``Opposition 
Grows to Straits of Mackinac Oil Lines,'' Detroit News, April 13, 2016; 
Bellingham Herald Editorial Board, ``Citizens Need Panel To Monitor 
Pipeline Safety,'' Bellingham Herald (WA), January 24, 2010; Janet 
Zink, ``Fueling the Resistance,'' St. Petersburg Times, December 16, 
2007; J. Nesmith and R.K.M. Haurwitz, ``Pipelines: The Invisible 
Danger,'' Austin American-Statesman, July 22, 2001.
---------------------------------------------------------------------------
                 the federal role in pipeline security
    Federal pipeline security efforts originated in the pipeline safety 
program. The Natural Gas Pipeline Safety Act of 1968 (Pub. L. 90-481) 
and the Hazardous Liquid Pipeline Act of 1979 (Pub. L. 96-129) are 2 of 
the principal early acts establishing the Federal role in pipeline 
safety. Under both statutes, the Transportation Secretary is given 
primary authority to regulate key aspects of inter-State pipeline 
safety: Design, construction, operation and maintenance, and spill 
response planning. At the end of fiscal year 2015, the Department of 
Transportation (DOT) employed 234 pipeline safety staff in its Pipeline 
and Hazardous Materials Safety Administration (PHMSA).\24\ In addition 
to its own staff, PHMSA's enabling legislation allows the agency to 
delegate authority to intra-State pipeline safety offices, and allows 
State offices to act as ``agents'' administering inter-State pipeline 
safety programs (excluding enforcement) for those sections of inter-
State pipelines within their boundaries.\25\ There were approximately 
330 full-time equivalent State pipeline safety inspectors in 2015.\26\
---------------------------------------------------------------------------
    \24\ Artealia Gilliard, PHMSA, personal communication, September 
18, 2015. Employees as of September 18, 2015.
    \25\ 49 U.S.C. 60107.
    \26\ Artealia Gilliard, September 9, 2015.
---------------------------------------------------------------------------
    Presidential Decision Directive 63, issued by the Clinton 
administration in 1998, assigned to the DOT lead responsibility for 
pipeline security as well as safety.\27\ Under this authority, after 
the terrorist attacks of September 11, 2001, the DOT conducted a 
vulnerability assessment to identify critical pipeline facilities and 
worked with industry groups and State pipeline safety organizations to 
assess the industry's readiness to prepare for, withstand, and respond 
to a terrorist attack.\28\ Together with the Department of Energy and 
State pipeline agencies, the DOT promoted the development of consensus 
standards for security measures \29\ tiered to correspond with the 5 
levels of threat warnings issued by the Office of Homeland 
Security.\30\ The DOT also developed protocols for inspections of 
critical facilities to ensure that operators implemented appropriate 
security practices. To convey emergency information and warnings, the 
DOT established a variety of communication links to key staff at the 
most critical pipeline facilities throughout the country. The DOT also 
began identifying near-term technology to enhance deterrence, 
detection, response, and recovery, and began seeking to advance public 
and private-sector planning for response and recovery.\31\
---------------------------------------------------------------------------
    \27\ Presidential Decision Directive 63, Protecting the Nation's 
Critical Infrastructures, May 22, 1998.
    \28\ Research and Special Programs Administration (RSPA), RSPA 
Pipeline Security Preparedness, December 2001.
    \29\ See: American Petroleum Institute and National Petrochemical 
and Refiners Association, Security Vulnerability Assessment Methodology 
for the Petroleum and Petrochemical Industries, March 2002; Interstate 
Natural Gas Association of America (INGAA) and American Gas Association 
(AGA), Security Guidelines for the Natural Gas Industry, September 
2002.
    \30\ Ellen Engleman, Administrator, Research and Special Programs 
Administration (RSPA), statement before the Subcommittee on Energy and 
Air Quality, House Energy and Commerce Committee, March 19, 2002.
    \31\ Ellen Engleman, Administrator, Research and Special Programs 
Administration (RSPA), statement before the Subcommittee on Highways 
and Transit, House Transportation and Infrastructure Committee, 
February 13, 2002.
---------------------------------------------------------------------------
    In September 2002, the DOT circulated formal guidance developed in 
cooperation with the pipeline industry associations defining the 
agency's security program recommendations and implementation 
expectations. This guidance recommended that operators identify 
critical facilities, develop security plans consistent with prior trade 
association security guidance, implement these plans, and review them 
annually.\32\ While the guidance was voluntary, the DOT expected 
compliance and informed operators of its intent to begin reviewing 
security programs within 12 months, potentially as part of more 
comprehensive safety inspections.\33\
---------------------------------------------------------------------------
    \32\ James K. O'Steen, Research and Special Programs Administration 
(RSPA), Implementation of RSPA Security Guidance, presentation to the 
National Association of Regulatory Utility Commissioners, February 25, 
2003.
    \33\ James K. O'Steen, Office of Pipeline Safety (OPS), personal 
communication, June 10, 2003.
---------------------------------------------------------------------------
Transferring Pipeline Security to TSA
    In November 2001, President Bush signed the Aviation and 
Transportation Security Act (Pub. L. 107-71) establishing the 
Transportation Security Administration (TSA) within the DOT. According 
to TSA, the act placed the DOT's pipeline security authority (under 
PDD-63) within TSA. The act specified for TSA a range of duties and 
powers related to general transportation security, such as intelligence 
management, threat assessment, mitigation, and security measure 
oversight and enforcement, among others. On November 25, 2002, 
President Bush signed the Homeland Security Act of 2002 (Pub. L. 107-
296) creating the Department of Homeland Security (DHS). Among other 
provisions, the act transferred to DHS the Transportation Security 
Administration from the DOT ( 403). On December 17, 2003, President 
Bush issued Homeland Security Presidential Directive 7 (HSPD-7), 
clarifying executive agency responsibilities for identifying, 
prioritizing, and protecting critical infrastructure.\34\ HSPD-7 
maintains DHS as the lead agency for pipeline security (par. 15), and 
instructs the DOT to ``collaborate in regulating the transportation of 
hazardous materials by all modes (including pipelines)'' (par. 22h). 
The order requires that DHS and other Federal agencies collaborate with 
``appropriate private sector entities'' in sharing information and 
protecting critical infrastructure (par. 25). TSA joined both the 
Energy Government Coordinating Council and the Transportation 
Government Coordinating Council under provisions in HSPD-7. The 
missions of the councils are to work with their industry counterparts 
to coordinate critical infrastructure protection programs in the energy 
and transportation sectors, respectively, and to facilitate the sharing 
of security information.
---------------------------------------------------------------------------
    \34\ HSPD-7 supersedes PDD-63 (par. 37).
---------------------------------------------------------------------------
    HSPD-7 also required DHS to develop a National plan for critical 
infrastructure and key resources protection (par. 27), which the agency 
issued in 2006 as the National Infrastructure Protection Plan (NIPP). 
The NIPP, in turn, required each critical infrastructure sector to 
develop a Sector-Specific Plan (SSP) that describes strategies to 
protect its critical infrastructure, outlines a coordinated approach to 
strengthen its security efforts, and determines appropriate funding for 
these activities. Executive Order 13416 further required the 
transportation sector SSP to prepare annexes for each mode of surface 
transportation.\35\ In accordance with the above requirements the TSA 
issued its Transportation Systems Sector-Specific Plan and Pipeline 
Modal Annex in 2007 with an update on 2010.
---------------------------------------------------------------------------
    \35\ Executive Order 13416, ``Strengthening Surface Transportation 
Security,'' December 5, 2006.
---------------------------------------------------------------------------
                   tsa's pipeline security activities
    Although the TSA has regulatory authority for pipeline security 
under Pub. L. 107-71 and Pub. L. 110-53, its activities to date have 
relied upon voluntary industry compliance with the agency's security 
guidance and best practice recommendations.\36\ TSA has administered a 
multifaceted program to facilitate these efforts. In 2003, TSA 
initiated its on-going Corporate Security Review (CSR) program, wherein 
the agency visits the largest pipeline and natural gas distribution 
operators to review their security plans and inspect their facilities. 
During the reviews, TSA evaluates whether each company is following the 
intent of the DOT's voluntary security guidance, as updated by TSA, and 
seeks to maintain the list of assets each company has identified 
meeting the criteria established for critical facilities. In 2008, the 
TSA initiated its Critical Facility Inspection Program (CFI), under 
which the agency conducted in-depth inspections of all the critical 
facilities of the 125 largest pipeline systems in the United States. 
The agency estimated that these 125 pipeline systems collectively 
included approximately 600 distinct critical facilities.\37\ TSA 
concluded the initial round of CFI inspections in 2011, having 
completed a total of 347 site visits throughout the United States.\38\
---------------------------------------------------------------------------
    \36\ Transportation Security Administration, Pipeline Security 
Guidelines, April 2011, and Pipeline Security Smart Practice 
Observations, September 19, 2011.
    \37\ Department of Homeland Security, ``Extension of Agency 
Information Collection Activity Under OMB Review: Critical Facility 
Information of the Top 100 Most Critical Pipelines,'' 76 Federal 
Register 62818, October 11, 2011.
    \38\ Jack Fox, General Manager, Pipeline Security Division, 
Transportation Security Administration, personal communication, 
February 24, 2012.
---------------------------------------------------------------------------
    Over the last decade, TSA has engaged in a number of additional 
pipeline security initiatives, including:
   Developing a statistical tool used for relative risk ranking 
        and prioritization,
   Completing a security incident and recovery protocol plan 
        mandated under Pub. L. 110-53,
   Initiating a program to address risks from pipeline 
        transportation of hazardous materials other than oil and 
        natural gas,
   Assessing U.S. and Canadian security and planning for 
        critical cross-border pipelines,
   Convening international pipeline security forums for U.S. 
        and Canadian governments and pipeline industry officials,
   Facilitating pipeline security drills and exercises 
        including those under the Intermodal Security Training Exercise 
        Program (I-STEP),
   Developing pipeline security awareness training materials,
   Convening periodic information-sharing conference calls 
        between key pipeline security stakeholders, and
   Participating in Sector Coordinating Councils and Joint 
        Sector Committees.\39\
---------------------------------------------------------------------------
    \39\ Jack Fox, Pipeline Industry Engagement Manager, TSA, Pipeline 
Security: An Overview of TSA Programs, slide presentation, May 5, 2014; 
Transportation Security Administration, Transportation Systems Sector-
Specific Plan, 2010, p. 326.
---------------------------------------------------------------------------
    In addition to these activities, TSA has also conducted regional 
supply studies for key natural gas markets, has conducted training on 
cybersecurity awareness, has participated in pipeline blast mitigation 
studies, and has joined in ``G-8'' multinational security assessment 
and planning.\40\
---------------------------------------------------------------------------
    \40\ Transportation Security Administration, Pipeline Modal Annex, 
June 2007, pp. 10-11. G8=Group of Eight (the United States, the United 
Kingdom, Canada, France, Germany, Italy, Japan, and Russia).
---------------------------------------------------------------------------
Pipeline Cybersecurity Initiatives
    Pipeline cybersecurity is an element of several Federal initiatives 
within DHS.\41\ For example, TSA has included a number of general 
cybersecurity provisions in its industry security guidance \42\ and has 
encouraged industry compliance with the National Institute of Standards 
and Technology (NIST) Framework for Improving Critical Infrastructure 
Cybersecurity.\43\ TSA has also employed the http://www.nist.gov/
cyberframework/upload/cybersecurity-framework-021214.pdf.
---------------------------------------------------------------------------
    \41\ The Interstate Natural Gas Association of America (INGAA), a 
trade association for gas pipeline companies, maintains its own 
extensive cybersecurity guidelines for natural gas pipeline control 
systems: INGAA, Control Systems Cyber Security Guidelines for the 
Natural Gas Pipeline Industry, Washington, DC, January 31, 2011. 
Likewise, the American Petroleum Institute (API), a trade association 
within the oil industry, maintains a standard for oil pipeline control 
system security: API, Pipeline SCADA Security, Second Edition, API Std. 
1164, Washington, DC, June 2009.
    \42\ For example, TSA's guidance advises operators to ``conduct a 
risk assessment to weigh the benefits of implementing wireless 
networking against the potential risks for exploitation.'' TSA, April 
2011, p. 18.
    \43\ Jack Fox, Pipeline Industry Engagement Manager, TSA, personal 
communication, October 29, 2015. See: National Institute of Standards 
and Technology, Framework for Improving Critical Infrastructure 
Cybersecurity, Version 1.0, February 12, 2014, http://www.nist.gov/
cyberframework/upload/cybersecurity-framework-021214.pdf.
---------------------------------------------------------------------------
    Cybersecurity Assessment and Risk Management Approach (CARMA) in 
collaborating with key stakeholders to identify pipeline industry value 
chains, critical functions, and supporting cyber infrastructure.\44\ 
The agency has also coordinated with DHS and the Department of Energy 
to harmonize existing cybersecurity risk management programs. Pipelines 
are also included in DHS's multi-modal cybersecurity initiatives, such 
as its Industrial Control Systems Cyber Emergency Response Team (ICS-
CERT).\45\ The TSA also has established a public/private partnership-
based cybersecurity program supporting the National Infrastructure 
Protection Plan. Pipeline operators have participated in DHS-sponsored 
control systems cybersecurity training and also participate in the DHS 
Industrial Control Systems Joint Working Group.\46\
---------------------------------------------------------------------------
    \44\ Jack Fox, May 5, 2014.
    \45\ Department of Homeland Security, ``Industrial Control Systems 
Cyber Emergency Response Team (ICS-CERT),'' web page, April 13, 2106, 
https://ics-cert.us-cert.gov/.
    \46\ Department of Homeland Security, ``Industrial Control Systems 
Joint Working Group (ICSJWG),'' web page, April 13, 2016, https://ics-
cert.us-cert.gov/Industrial-Control-Systems-Joint-Working-Group-ICSJWG.
---------------------------------------------------------------------------
    Outside DHS, the Department of Energy operates the National SCADA 
Test Bed Program, a partnership with Idaho National Laboratory, Sandia 
National Laboratories, and other National laboratories which addresses 
control system security challenges in the energy sector. Among its key 
functions, the program performs control systems testing, research and 
development; control systems requirements development; and industry 
outreach.\47\ Sandia Laboratories also performs authorized defensive 
cybersecurity assessments for Government, military, and commercial 
customers through its Information Design Assurance Red Team (IDART) 
program.\48\
---------------------------------------------------------------------------
    \47\ U.S. Department of Energy, ``National SCADA Test Bed,'' web 
page, August 13, 2016, http://energy.gov/oe/technology-development/
energy-delivery-systems-cybersecurity/national-scada-test-bed.
    \48\ Sandia National Laboratories, ``The Information Design 
Assurance Red Team (IDART),'' web page, August 13, 2016, http://
www.idart.sandia.gov/.
---------------------------------------------------------------------------
The Relationship Between DOT and TSA
    Since TSA was established, Congress has had a continuing interest 
in the appropriate division of pipeline security authority between the 
DOT and TSA.\49\ Both the DOT and TSA have played important roles in 
the Federal pipeline security program, with TSA the designated lead 
agency since 2002. In 2004, the DOT and DHS entered into a memorandum 
of understanding (MOU) concerning their respective security roles in 
all modes of transportation. The MOU notes that DHS has the primary 
responsibility for transportation security with support from the DOT, 
and establishes a general framework for cooperation and coordination. 
On August 9, 2006, the departments signed an annex ``to delineate clear 
lines of authority and responsibility and promote communications, 
efficiency, and nonduplication of effort through cooperation and 
collaboration between the parties in the area of transportation 
security.''\50\
---------------------------------------------------------------------------
    \49\ For example, see Hon. William J. Pascrell, Jr., statement at 
the House Committee on Transportation and Infrastructure, Subcommittee 
on Highways, Transit, and Pipelines, hearing on Pipeline Safety, March 
16, 2006.
    \50\ Transportation Security Administration and Pipelines and 
Hazardous Materials Safety Administration, ``Transportation Security 
Administration and Pipelines and Hazardous Materials Safety 
Administration Cooperation on Pipelines and Hazardous Materials 
Transportation Security,'' August 9, 2006.
---------------------------------------------------------------------------
    In January 2007, DOT officials testified before Congress that the 
agency had established a joint working group with TSA ``to improve 
interagency coordination on transportation security and safety matters, 
and to develop and advance plans for improving transportation 
security,'' presumably including pipeline security.\51\ According to 
TSA, the working group developed a multi-year action plan specifically 
delineating roles, responsibilities, resources, and actions to execute 
11 program elements: Identification of critical infrastructure/key 
resources and risk assessments; strategic planning; developing 
regulations and guidelines; conducting inspections and enforcement; 
providing technical support; sharing information during emergencies; 
communications; stakeholder relations; research and development; 
legislative matters; and budgeting.\52\ Nonetheless, a DOT Inspector 
General (IG) assessment published May 2008 was not satisfied with this 
plan. The IG report stated that, although the agencies
---------------------------------------------------------------------------
    \51\ Barrett, T.J., Administrator, Pipeline and Hazardous Materials 
Safety Administration (PHMSA), Testimony before the Senate Committee on 
Commerce, Science, and Transportation hearing on Federal Efforts for 
Rail and Surface Transportation Security, January 18, 2007.
    \52\ Transportation Security Administration, Pipeline Security 
Division, personal communication, July 6, 2007.

``have taken initial steps toward formulating an action plan to 
implement the provisions of the pipeline security annex . . . further 
actions need to be taken with a sense of urgency because the current 
situation is far from an `end state' for enhancing the security of the 
Nation's pipelines.''\53\
---------------------------------------------------------------------------
    \53\ U.S. Dept. of Transportation, Office of Inspector General, 
Actions Needed to Enhance Pipeline Security, Pipeline and Hazardous 
Materials Safety Administration, Report No. AV-2008-053, May 21, 2008, 
p. 3.

The assessment recommended that the DOT and TSA finalize and execute 
their security annex action plan, clarify their respective roles, and 
jointly develop a pipeline security strategy that maximizes the 
effectiveness of their respective capabilities and efforts.\54\ 
According to TSA, working with the DOT ``improved drastically'' after 
the release of the IG report; the 2 agencies began maintaining daily 
contact, sharing information in a timely manner, and collaborating on 
security guidelines and incident response planning.\55\
---------------------------------------------------------------------------
    \54\ Ibid. pp. 5-6.
    \55\ Jack Fox, TSA, Pipeline Security Division, personal 
communication, February 2, 2010.
---------------------------------------------------------------------------
                           key policy issues
    While the Federal Government has been engaged in various efforts to 
protect the Nation's oil and natural gas pipelines from deliberate 
attacks since September 11, 2001, questions remain regarding the 
structure and effectiveness of these efforts. Three specific issues, in 
particular, may warrant further Congressional consideration: (1) TSA's 
pipeline security resources, (2) voluntary versus mandatory security 
standards, and (3) uncertainty about security risks to the Nation's 
pipeline network.
TSA Pipeline Security Resources
    Some Members of Congress have been critical in the past of TSA's 
level of funding of non-aviation security activities, including 
pipeline activities. For example, as one Member remarked in 2005, 
``aviation security has received 90% of TSA's funds and virtually all 
of its attention. There is simply not enough being done to address . . 
. pipeline security.''\56\ At a Congressional hearing in 2010, another 
Member expressed concern that TSA's pipeline division did not have 
sufficient staff to carry out a Federal pipeline security program on a 
National scale.\57\ With respect to pipeline security funding, little 
may have changed since 2005. The President's fiscal year 2017 budget 
request for DHS does not include a separate line item for TSA's 
pipeline security activities. The budget does request $110.8 million 
for ``Surface Transportation Security,'' which encompasses security 
activities in non-aviation transportation modes, including pipelines. 
The budget would fund 761 full-time equivalent (FTE) employees.\58\ 
TSA's pipeline branch has traditionally received from the agency's 
general operational budget an allocation for routine operations, 
travel, and outreach. The budget historically has funded on the order 
of 10 to 15 FTE staff to carry out the agency's pipeline security 
program.\59\
---------------------------------------------------------------------------
    \56\ Sen. Daniel K. Inouye, opening statement before the Senate 
Committee on Commerce, Science, and Transportation, hearing on the 
President's Fiscal Year 2006 Budget Request for the Transportation 
Security Administration (TSA), February 15, 2005.
    \57\ Congressman Gus M. Billirakis, Remarks before the House 
Committee on Homeland Security, Subcommittee on Management, 
Investigations, and Oversight hearing on ``Unclogging Pipeline 
Security: Are the Lines of Responsibility Clear?'', Plant City, FL, 
April 19, 2010.
    \58\ U.S. Office of Management and Budget, Budget of the United 
States Government, Fiscal Year 2017: Appendix, February 2016, p. 537.
    \59\ Jack Fox, October 29, 2015.
---------------------------------------------------------------------------
    At its current staffing level, TSA's pipelines branch has limited 
field presence for pipeline site visits, and has constrained 
capabilities for updating standards, interacting in the various 
stakeholder groups with which it collaborates, analyzing security 
information, and fulfilling other administrative responsibilities. In 
conducting a pipeline corporate security review, for example, TSA 
typically sends 1 to 3 staff to hold a 3- to 4-hour interview with the 
operator's security representatives followed by a visit to only 1 or 2 
of the operator's pipeline assets.\60\ There is concern by some that 
the agency's CSRs (as currently structured) may not allow for rigorous 
security plan verification nor a credible threat of enforcement, so 
operator compliance with security guidance is uncertain. The limited 
number of CSR's the agency can complete in a year has also been a 
concern to some, even within TSA. According to a 2009 Government 
Accountability Office report, ``TSA's pipeline division stated that 
they would like more staff in order to conduct its corporate security 
reviews more frequently,'' in part because other staff responsibilities 
such as ``analyzing secondary or indirect consequences of a terrorist 
attack and developing strategic risk objectives required much time and 
effort.''\61\
---------------------------------------------------------------------------
    \60\ Department of Homeland Security, ``Intent to Request Approval 
from OMB of One New Public Collection of Information: Pipeline 
Corporate Security Review,'' 74 Federal Register 42086, August 20, 
2009.
    \61\ U.S. Government Accountability Office, Transportation 
Security: Comprehensive Risk Assessments and Stronger Internal Controls 
Needed to Help Inform TSA Resource Allocation, GAO-09-492, March 2009, 
p. 30, http://www.gao.gov/new.items/d09492.pdf.
---------------------------------------------------------------------------
    TSA's handful of field inspection staff stands in contrast to the 
hundreds of pipeline safety inspection staff available to the DOT at 
the Federal and State levels. Furthermore, in the face of an expanding 
U.S. pipeline network and evolving safety requirements, DOT's budget 
authority for pipeline safety has more than doubled over the last 10 
years.\62\ Given this disparity, it may be logical to consider whether 
DOT's field staff, who are charged with inspecting the same pipeline 
systems as TSA, could somehow be deployed to help fulfill the Nation's 
pipeline security objectives. The question also arises whether having 
separate inspections of the same pipeline systems for safety and 
security may be inherently inefficient, or may miss an opportunity for 
more frequent or thorough examination of pipeline security. Presumably 
many of the jurisdictional, operational, or administrative issues that 
were considered in the drafting of the 2004 MOU between DOT and TSA 
remain unchanged, but new factors--such as the evolving threat 
environment or greater experience with pipeline company security 
efforts--could warrant a reconsideration of the relationship between 
the agencies.
---------------------------------------------------------------------------
    \62\ U.S. Office of Management and Budget, Budget of the United 
States Government, Appendix, Fiscal Years 2006 through 2017, ``Pipeline 
Safety,'' Line 1900 ``Budget authority (total).''
---------------------------------------------------------------------------
Voluntary vs. Mandatory Pipeline Security Standards
    Federal pipeline security activities to date have relied upon 
voluntary industry compliance with DOT's original security guidance, 
which later became TSA's security best practices. By initiating this 
voluntary approach in 2002, DOT sought to speed adoption of security 
measures by industry and avoid the publication of sensitive security 
information (e.g., critical asset lists) that would normally be 
required in public rulemaking.\63\ However, a key subject of debate is 
the adequacy of the TSA's voluntary approach to pipeline security, 
generally, and cybersecurity, in particular. For example, provisions in 
the Pipeline Inspection, Protection, Enforcement, and Safety Act of 
2006 (Pub. L. 109-468) required the DOT Inspector General (IG) to 
``address the adequacy of security standards for gas and oil 
pipelines'' ( 23(b)(4)). The 2008 IG's report stated that:
---------------------------------------------------------------------------
    \63\ GAO, Pipeline Security and Safety: Improved Workforce Planning 
and Communication Needed, GAO-02-785, August 2002, p. 22.

``TSA's current security guidance is not mandatory and remains 
unenforceable unless a regulation is issued to require industry 
compliance . . . [DOT] and TSA will need to conduct covert tests of 
pipeline systems' vulnerabilities to assess the current guidance as 
well as the operators' compliance.''\64\
---------------------------------------------------------------------------
    \64\ U.S. Dept. of Transportation, Office of Inspector General, May 
21, 2008, p. 6.

    Although the IG report did not elaborate on this recommendation, 
covert testing of vulnerabilities would likely include testing of both 
physical security measures and cybersecurity measures. The latter would 
be in place to protect pipeline SCADA systems and sensitive operating 
information such as digital pipeline maps, system design data, and 
emergency response plans. Consistent with the IG's recommendation, an 
April 2011 White House proposal \65\ and the Cybersecurity Act of 2012 
(S. 2105) both would have mandated the promulgation of cybersecurity 
regulations for pipelines, among other provisions, although these 
proposals would not necessarily have conferred upon TSA any authority 
it does not already have to regulate pipeline security.
---------------------------------------------------------------------------
    \65\ The White House, ``Legislative Language, Cybersecurity 
Regulatory Framework for Covered Critical Infrastructure,'' April 2011, 
p. 33, http://www.whitehouse.gov/sites/default/files/omb/legislative/
letters/law-enforcement-provisions-related-to-computer-security-full-
bill.pdf.
---------------------------------------------------------------------------
    In contrast to the IG's conclusions and the legislative proposals 
above, the pipeline industry has consistently expressed concern that 
security regulations could be ``redundant'' and ``may not be necessary 
to increase pipeline security.''\66\ Echoing this sentiment, a DOT 
official testified in 2007 that enhancing security ``does not 
necessarily mean that we must impose regulatory requirements.''\67\
---------------------------------------------------------------------------
    \66\ American Gas Association (AGA), American Petroleum Institute 
(API), Association of Oil Pipe Lines (AOPL), and American Public Gas 
Association (APGA), joint letter to Members of the Senate Commerce 
Committee providing views on S. 1052, August 22, 2005.
    \67\ T.J. Barrett, Administrator, Pipeline and Hazardous Materials 
Safety Administration, Department of Transportation, Testimony before 
the Senate Committee on Commerce, Science, and Transportation hearing 
on Federal Efforts for Rail and Surface Transportation Security, 
January 18, 2007.
---------------------------------------------------------------------------
    TSA officials have similarly questioned the need for new pipeline 
security regulations, particularly the IG's call for covert testing of 
pipeline operator security measures. The TSA has argued in the past 
that the agency is complying with the letter of Pub. L. 110-53 and that 
its pipeline operator security reviews are more than paper reviews.\68\ 
TSA officials assert that security regulations could be 
counterproductive because they could establish a general standard below 
the level of security already in place at many pipeline companies based 
on their company-specific security assessments. Because the TSA 
believes the most critical U.S. pipeline systems generally meet or 
exceed industry security guidance, the agency asserts that it achieves 
better security with voluntary guidelines, and maintains a more 
cooperative and collaborative relationship with its industry partners 
as well.\69\
---------------------------------------------------------------------------
    \68\ John Sammon, Transportation Security Administration, Testimony 
before the House Transportation and Infrastructure Committee, Railroad, 
Pipelines, and Hazardous Materials Subcommittee hearing on 
Implementation of the Pipeline Inspection, Protection, Enforcement, and 
Safety Act of 2006, June 24, 2008.
    \69\ John Pistole, Administrator, TSA, testimony before the Senate 
Committee on Commerce, Science, and Transportation hearing on 
Transportation Security Administration Oversight: Confronting America's 
Transportation Security Challenges, April 30, 2014; Jack Fox, General 
Manager, Pipeline Security Division, TSA, Remarks before the Louisiana 
Gas Association Pipeline Safety Conference, New Orleans, LA, July 25, 
2012.
---------------------------------------------------------------------------
    The Energy Sector Control Systems Working Group makes related 
assertions in its Roadmap to Achieve Energy Delivery Systems 
Cybersecurity about the effectiveness of cybersecurity standards alone:

``Although standards may elevate cybersecurity across the energy 
sector, they do so by requiring the implementation of minimum security 
measures that set a baseline for cybersecurity across an industry. 
These minimum security levels may not be sufficient to secure the 
sector against new and quickly evolving risks. Asset owners compliant 
with standards may still be vulnerable to cyber intrusion.''\70\
---------------------------------------------------------------------------
    \70\ Energy Sector Control Systems Working Group, Roadmap to 
Achieve Energy Delivery Systems Cybersecurity, September 2011, p. 15.

    Thus, in addition to cybersecurity requirements, pipeline companies 
may also need appropriate management practices, performance metrics, 
access to intelligence, and other support measures to maximize the 
effectiveness of their cybersecurity programs.
    Although the TSA believes a voluntary approach to pipeline security 
is most effective, Canadian pipeline regulators have come to a 
different conclusion. In 2010 the National Energy Board (NEB) of Canada 
mandated security regulations for jurisdictional Canadian petroleum and 
natural gas pipelines, some of which are cross-border pipelines 
entering the United States. Many companies operate pipelines in both 
countries. In announcing these new regulations, the board stated that 
it had considered adopting the existing cybersecurity standards ``as 
guidance'' rather than an enforceable standard, but ``taking into 
consideration the critical importance of energy infrastructure 
protection,'' the board decided to adopt the standard into the 
regulations.\71\ Establishing pipeline security regulations in Canada 
is not completely analogous to doing so in the United States as the 
Canadian pipeline system is much smaller and operated by far fewer 
companies than the U.S. system. Nonetheless, Canada's choice to 
regulate pipeline security may raise questions as to why the United 
States has not.
---------------------------------------------------------------------------
    \71\ National Energy Board of Canada, Proposed Regulatory Change 
(PRC) 2010-01, Adoption of CSA Z246.1-09 Security Management for 
Petroleum and Natural Gas Industry Systems, File Ad-GA-SEC-SecGen 0901, 
May 3, 2010, p. 1, https://www.neb-one.gc.ca/ll-eng/livelink.exe/fetch/
2000/90463/409054/614444/A1S7H7_Proposed_Regulatory__Change_(PRC)_2010-
01.pdf?nodeid=614556&vernum=0.
---------------------------------------------------------------------------
    The Federal Energy Regulatory Commission (FERC), which regulates 
the U.S. bulk electric power system, has also taken a more directive 
approach to infrastructure security. The Energy Policy Act of 2005 
(Pub. L. 109-58) gave the commission authority to oversee the 
reliability of the bulk power system, including authority to approve 
mandatory security standards. FERC approved mandatory Critical 
Infrastructure Protection cybersecurity reliability standards in 
2008.\72\ The commission approved mandatory physical security standards 
in 2014 \73\ after a successful physical attack on a high-voltage 
transformer facility in California. While it differs in important ways 
from the pipeline system, the bulk power system faces the same threat 
environment and has many similar security vulnerabilities related to 
asset exposure and reliance on SCADA systems for network operations.
---------------------------------------------------------------------------
    \72\ Federal Energy Regulatory Commission, Mandatory Reliability 
Standards for Critical Infrastructure Protection, Docket No. RM06-22-
000, Order No. 706, January 18, 2008.
    \73\ Federal Energy Regulatory Commission, Physical Security 
Reliability Standard, Docket No. RM14-15-000, Order No. 802, Issued 
November 20, 2014.
---------------------------------------------------------------------------
    In addition to examining the regulatory motivations of the NEB and 
FERC, consideration of mandatory pipeline security standards within TSA 
would have to account for the requirements to implement such standards. 
Unlike maintaining voluntary standards, developing pipeline security 
regulations--with provisions for pipeline operations, inspection, 
reporting, and enforcement--would involve a complex and potentially 
contentious rulemaking process involving multiple stakeholders. Should 
Congress choose to mandate the promulgation of such regulations, it is 
not clear that TSA's pipeline security division as currently configured 
would be up to the task. Developing specific cybersecurity regulations 
may pose a particular challenge as the TSA's pipeline branch has 
limited existing capability to do so, although such capabilities may 
reside elsewhere in DHS. If mandatory standards were to be imposed, 
there may also be questions as to whether the agency as currently 
structured would have sufficient resources to implement the new 
security regulations, conduct rigorous security plan verification, and 
pose a credible threat of enforcement.
Uncertainty About Security Risks
    A January 2011 Federal threat assessment concluded ``with high 
confidence that the terrorist threat to the U.S. pipeline industry is 
low.''\74\ However, subsequent events may have increased concerns about 
pipeline system threats, especially cyber threats. In a 2016 Federal 
Register notice, TSA stated that it expects pipeline companies will 
report approximately 30 ``security incidents'' annually--both physical 
and cyber.\75\ The agency has not publicly released a more current 
pipeline threat assessment.
---------------------------------------------------------------------------
    \74\ Transportation Security Administration, Office of 
Intelligence, Pipeline Threat Assessment, January 18, 2011, p. 3.
    \75\ 81 Fed. Reg. 37, February 25, 2016, p. 94-95.
---------------------------------------------------------------------------
    The pipeline industry's security risk assessments rely upon 
information about security threats provided by the Federal Government 
and by pipeline operators themselves. The quantity, quality, and 
timeliness of this threat information is a key determinant of what 
pipeline companies need to be protecting against, and what security 
measures to take. Incomplete or ambiguous threat information--
especially from the Federal Government--may lead to inconsistency in 
physical and cybersecurity among pipeline owners, inefficient spending 
of limited security resources at facilities (e.g., that may not really 
be under threat), or deployment of security measures against the wrong 
threat.
    Concerns about the quality and specificity of Federal threat 
information have long been an issue across all critical infrastructure 
sectors.\76\ Threat information continues to be an uncertainty in the 
case of pipeline network security. There may be agreement among 
Government and industry stakeholders that oil and natural gas pipelines 
in the United States are vulnerable to attack, and that such attacks 
potentially could have catastrophic consequences. But the most serious, 
damaging attacks could require operational information and a certain 
level of sophistication, especially in the cyber regime, on the part of 
potential attackers. Consequently, despite the technical arguments, 
without more specific information about potential targets and attacker 
capabilities, the true risk of a serious attack on the pipeline system 
remains an open question.
---------------------------------------------------------------------------
    \76\ See, for example, Philip Shenon, ``Threats and Responses: 
Domestic Security,'' New York Times, June 5, 2003, p. A15.
---------------------------------------------------------------------------
                               conclusion
    The Nation's pipeline network is attractive to malicious actors and 
vulnerable to both physical and cyber attacks. Based on recent history, 
a strong Federal pipeline security program is clearly necessary; there 
has been a series of unrelated terrorist plots and attempted attacks on 
U.S. pipelines since at least the 1990s. Real bombs have been planted, 
computers systems have been infiltrated, and perpetrators have been 
imprisoned. Such threats to the pipeline system are likely to continue.
    Both Government and industry have taken numerous steps to improve 
pipeline security since 2001. On their face, these measures have been 
expansive and seem to address the full range of activities and 
priorities Congress intended when it embarked upon a National strategy 
for protecting critical infrastructure. However, while TSA and industry 
may be engaged in appropriate pipeline security activities, questions 
remain as to their level of commitment to those activities and how 
effective they have been in protecting the pipeline system. TSA's 
pipeline staff would account for less than 2% of the agency's surface 
transportation security staff under the proposed fiscal year 2017 
budget, and just over 2% of the staff available to DOT under its 
pipeline safety program. Pipeline company expenditures on security are 
not generally reported, so their level of financial commitment is 
unknown. Furthermore, while there have been no publicly reported 
successful attacks on the U.S. pipeline system since 2001, existing 
physical security measures did not prevent 2 attackers from planting 
the live explosive devices along 2 different U.S. pipelines in 2011 and 
2012 discussed earlier. Their failure to detonate was fortunate.
    The TSA maintains that its pipeline security program, administered 
as it is and relying upon voluntary standards, has been effective in 
protecting U.S. pipelines from physical and cyber attacks. Based on the 
agency's corporate security reviews, TSA believes security among major 
U.S. pipeline systems is good, and pipeline operators agree. However, 
without formal security plans and reporting requirements, it is 
difficult for Congress and the general public to know for certain. To a 
great extent, the public must therefore rely on the pipeline industry's 
self-interest to protect itself from malicious threats. Whether this 
self-interest is sufficient to generate the level of security 
appropriate for a critical infrastructure sector, and whether imposing 
mandatory standards would be a better approach, is open to debate. 
Faced with this uncertainty, legislators must rely upon their own best 
judgment to reach conclusions about the Federal pipeline security 
program. If Congress concludes that current voluntary measures are 
insufficient to protect the pipeline system, it may decide to provide 
specific direction to the TSA to develop regulations and provide 
additional resources to support them, as such an effort may be beyond 
the TSA pipeline branch's existing capabilities.
    Congress also may assess how the various elements of U.S. pipeline 
safety and security activity fit together in the Nation's overall 
strategy to protect critical infrastructure. For example, diverting 
pipeline resources away from safety to enhance security might further 
reduce terror risk, but not overall pipeline risk, if safety programs 
become less effective as a result. Pipeline safety and security 
necessarily involve many groups: Federal and State agencies, oil and 
gas pipeline associations, large and small pipeline operators, and 
local communities. Reviewing how these groups work together to achieve 
common goals could be an oversight challenge for Congress.

    Mr. Katko. Thank you, Dr. Parfomak for your testimony. We 
appreciate you being here as well.
    I now recognize myself for 5 minutes of questions.
    I want to start by saying I understand the overall setup 
here. The Department of Transportation is in charge of and 
oversees the safety aspects of the pipelines, which includes 
making sure when a guy has a backhoe and, you know, digs where 
he shouldn't dig, that they respond properly and they have the 
right procedures in place to cut off that pipeline.
    I also understand that on the other side you have security 
aspects which is TSA's oversight. At first glance it looks like 
kind-of an odd setup. But it, by all indications from the 
industry, it does seem to work. But there are things that I 
want to talk about. While I am happy that you are all happy, I 
just want to make sure that we are not missing something here. 
So I will be checking on some of the things I have concerns 
with.
    The first thing is probably the easiest thing. That is for 
Mr. Black. That is with respect to PHMSA and the oil pipeline 
response plans. What would be your suggestion of a way to make 
sure that those things don't get disclosed to the public when 
they are submitted to Congress?
    Mr. Black. PHMSA has done the right thing. PHMSA's chief 
counsel has issued guidance to PHMSA staff that the information 
in part 60138, of the last pipeline safety law, can be 
redacted. They have said that it should be. So what we are 
looking for is Congress, when enacting legislation to receive 
these response plans, to make sure you have clear and 
consistent procedures.
    I am happy to follow up with a specific proposal. But a 
couple of principles. No. 1, there needs to be a clear 
statement that this information should remain confidential and 
should not be transmitted to anybody outside of Congressional 
staff in any form.
    Second, there need to be some specific procedures applied 
to that. I am sure this committee has some specific procedures 
for certain types of information. Those need to be connected. 
For example, a secure reading room, tracking who goes in and 
who goes out of that reading room with information.
    Then, third, we suggest a penalty or some type of a 
disciplinary mechanism for those people that violate it. We 
need to make sure that this information is secured and is not 
put into the wrong hands while you conduct that oversight that 
you need to do.
    Mr. Katko. Okay. Thank you very much.
    Now, the other areas I am concerned about, and if I don't 
hit on them I hope my colleagues on the panel do, are whether 
the 2011 guidelines issued by TSA need to be upgraded, the 
sharing and use of actionable information and how sometimes 
when TSA gets secret information that may be helpful, how they 
are able to share that and how can we make that process better 
sharing it with the private sector. Then of course the things 
that CRS raised, the resources issue, the voluntary versus 
mandatory guidelines issue, and what is a level of risk. So 
let's just start at the top of the list here, and I will work 
through as much as I can.
    The 2011 guidelines were promulgated prior to the dramatic 
rise of ISIS and the new and dynamic threat that they propose. 
So given that and all the other factors, I know that it doesn't 
seem to be a high level of threat in the United States where 
pipeline attacks, but they have shown a propensity to do those 
attacks elsewhere, including even Canada.
    So given all that and given the rise of ISIS, do you think 
it is time for TSA to issue an updated guidelines?
    Ms. Proctor. Mr. Chairman, yes. We do agree with you. The 
pipeline security guidelines which were published in 2011, and 
as you know, were a product of the collaboration with our 
security partners and our Federal partners, and we are in the 
process of updating those guidelines right now. We have already 
started the process. The process, though, is a collaborative 
one.
    So we will be continuing our work with our security 
partners in the pipeline industry. So that work has already 
started. We have already started looking at the cyber portions, 
as a matter of fact, and we will be continuing that work so 
that we have an updated version of those guidelines.
    Mr. Katko. Okay. Thank you. Also now with respect to the 
actionable information and use of it, and proper use of it, I 
presume that oftentimes TSA gets information from the secret 
side.
    I want to--you know, anybody can chime in here. I just want 
to make sure that we have the right mechanisms in place. If we 
don't now, what do we need to put those mechanisms in place so 
that the private sector can be briefed in properly about what 
the nature of those threats are without wrongfully disclosing 
the sensitive information. But we can't have this gulf, I don't 
think, where we have this information but we can't tell them 
about it.
    So anyone care to address that? I would be happy to hear 
it.
    Ms. Judge. Yeah. There are several operators that do hold 
secret clearances. Clearances are either issued--are either 
sponsored by TSA themselves. Some of our clearances are through 
DHS infrastructure protection. Some are from the FBI, and some 
are from Department of Energy. At last check there appeared to 
be over 300 clearance holders in the oil and natural gas 
sectors as of a little while back.
    Mr. Katko. But we do have 3,000 companies involved. So that 
is--might be a small percentage overall. So how do we--is that 
adequate, the number of people with the clearances to get this 
information?
    Ms. Judge. It would depend on how many people from each--
you know, are we covering each company's--each sector in the 
industry well enough? That I wouldn't be able to answer.
    Mr. Katko. Okay.
    Ms. Judge. I know, for example, we have 3 clearance holders 
just at my company, 1 physical, 1 cyber, and 1 executive.
    Mr. Katko. Okay.
    Ms. Proctor. Mr. Chairman, it would certainly depend on the 
nature of the information. If the information is specific, we 
would ensure that the appropriate systems are briefed on that 
information. If we need to get a tear line on that information, 
we will do that. We will ensure that if there is actionable 
information, that that information gets to the people who need 
to have it.
    We do have a process with our Office of Intelligence and 
Analysis to ensure that the briefings occur wherever they need 
to occur across the country. We have field intelligence 
officers that are located at our airports. We have 
relationships with the FBI field offices or for those who are 
in the vicinity of the National Capital Region, we can ensure 
that they are appropriately briefed at TSA headquarters. So we 
have ensured that we have the ability to brief wherever that 
brief needs to be conducted.
    Mr. Katko. Thank you very much. My time has expired, but I 
will maybe come back to some of these questions.
    The Chair now recognizes Ranking Member Rice for 5 minutes 
of questions.
    Miss Rice. Thank you, Mr. Chairman.
    I think I will ask Mr. Black, I guess start with you. There 
is--actually, I should say your study, Mr. Parfomak, there is a 
paragraph that is pretty small in comparison to the rest of the 
report talking about cybersecurity risks. The last statement 
ends with the statement that there is a suggestion that 
cybersecurity threats to pipelines have been increasing. So 
what specifically has the industry, both private and public, 
been doing to address this issue?
    Mr. Black. Well, Dr. Parfomak mentioned rightly there is a 
great concern about cyber, about being prepared for cyber 
releases--cyber attacks. Excuse me.
    The first element is this API standard on pipeline's data 
security. You have to keep your control system completely 
separate and apart from any business system that uses the 
internet. Then there is a number of Government programs that we 
participate in with industry. There is the FBI's InfraGuard 
process which is dedicated to sharing information. There is the 
NIST cybersecurity framework roadmap, and the--generally the 
ICS Cert process, the industrial control system Cyber Emergency 
Response Team, a partnership dealing with identifying threats, 
talking about how to prevent them. Then also talking about how 
to recover from those.
    A couple of other API recommended practices. So cyber is on 
the minds of many of our members. When I asked in anticipation 
of this hearing what is the No. 1 security issue that you are 
thinking about, cyber is what I got. So it is on the minds of 
our security professionals.
    Miss Rice. So when they say that, what do they give by way 
of example as to why that is their No. 1 concern? Is there 
enough--and I am not asking you to release any--or talk in this 
public setting about any kind of confidential or, you know, 
confidential information, but what----
    Mr. Black. Well, in this space I think we are very aware of 
nation states and private actors trying to penetrate control 
systems and business systems. Oil and gas and beyond oil and 
gas. So that is something that we are focusing on. I can make 
sure that you get a Classified briefing on that or maybe that 
is a question for Director Proctor.
    Miss Rice. Well, my question is, is it a--you know, we talk 
about having to stay 2 steps ahead. Right? Is it a technology 
issue? Is it a resource issue? I mean, what is the biggest 
challenge to ensuring that we are doing everything that we can 
because this cybersecurity is--I mean, obviously, as noted in 
this report, is an area of great concern. It just doesn't sound 
like there is--unless there is and you can't talk about it 
publicly. I get too, but----
    Mr. Black. The threats are evolving and evolving quickly. 
So the industry and Government have to evolve and evolve 
quickly in terms of adapting to this. That is what these 
information-sharing programs are about. Thankfully it is not a 
prescriptive regulation that is outdated. This is real-time 
sharing of information, Government, what they are seeing, and 
industry personnel together discussing best practices. They 
might compete on commercial issues, but the industry can 
collaborate very heavily on safety and security. And they do.
    Miss Rice. There is no obstacle to that? They are--because, 
I mean, I think everyone understands that it is in everyone's 
interest to have the same--the best technology, the best 
controls in place.
    Mr. Black. Absolutely. Yes.
    Miss Rice. So the informational sharing, with your 
Governmental partners, do you think that that is accurate? I 
mean, do you think that they give you accurate information, or 
do they--do you think that they withhold any information? Are 
there any issues related to information sharing that need to be 
addressed?
    Mr. Black. I am not hearing of any concern. I am hearing 
that the Government personnel that are working on these issues 
are very well tied into the threats and the ways to address 
them. I hear a successful collaboration.
    Miss Rice. Great. Thank you. I yield back the balance of my 
time.
    Mr. Katko. Thank you, Miss Rice.
    The Chair now recognizes the gentleman from Georgia, Mr. 
Carter for 5 minutes of questioning.
    Mr. Carter. Thank you, Mr. Chairman. Thank each of you for 
being here. This is extremely important.
    Ms. Proctor, I will start with you. I wanted to ask you, it 
is my understanding that TSA measures the risk to pipelines 
based on the amount of energy that is transported. Is that 
correct?
    Ms. Proctor. Yes, sir. That is one of the criteria.
    Mr. Carter. What are the other criteria? I am sure the type 
of energy that it is or----
    Ms. Proctor. We also look at the number of miles in high-
consequence areas, which are designated by PHMSA. We look at 
the number of pipeline miles in high-threat urban areas, which 
are designated by DHS. We look at those pipelines that serve 
military bases, that serve the Department of Energy strategic 
petroleum reserves. We look at those that serve electric power 
plants. So there--the energy throughput is not the only 
consideration.
    Mr. Carter. But it is one of the primary ones?
    Ms. Proctor. It is one. Yes, sir.
    Mr. Carter. Yes. Well, let me ask you. After that is done, 
then the operators identify critical facilities based on what 
is called the pipeline security guidelines. Is that correct?
    Ms. Proctor. Yes, sir.
    Mr. Carter. What is done after that? After the pipeline 
owners identify those critical facilities, what happens after 
that?
    Ms. Proctor. TSA then schedules reviews of the facilities. 
So we have identified the top 100 or so most critical pipeline 
systems by those criteria that we just named; the energy 
throughput, their pipeline mileage in the high-threat urban 
areas, and in the high-consequence areas. We go out and conduct 
assessments on-site.
    Corporate security reviews are conducted at the pipeline 
headquarters where they review the actual corporate security 
plan. They conduct interviews of key security personnel on 
site. They also determine the extent to which the system is 
adhering to the agreed-upon process in the pipeline security 
guidelines.
    Mr. Carter. Okay. So they are essentially trying to 
mitigate as much risk as they can.
    Ms. Proctor. Yes, sir.
    Mr. Carter. Okay. Let me move on. Ms. Judge, Mr. Black, I 
will direct these toward you-all. Do you feel like the biggest 
threats that the pipeline owners are facing right now, that 
they have been identified by TSA, they have changed any? Are 
they still the same?
    Mr. Black. Correct.
    Mr. Carter. So you would feel like it is up-to-date as far 
as the biggest threats go?
    Mr. Black. Right. It is physical and cyber and all 
different types of threats. The last security guidelines were 
issued in 2011, but what I hear consistently is that it is not 
static, is that the know-how and the information sharing and 
the intel that we get from TSA and our Federal partners is 
constantly evolving. It is 2016. It is----
    Mr. Carter. You are updating them as you go along as well?
    Mr. Black. Yes.
    Mr. Carter. Okay. I want to ask you about--do you feel like 
that industry has gotten the tools that they need in order to 
mitigate as many risks as they can? Do you feel like there is 
anything else we could be doing to assist them?
    Ms. Judge. I believe we have the tools we need. If we 
realize--we come along and we are like--we realize that there 
is something we may need, we just reach out, and usually they 
are more than happy to--you know, we would like a briefing on 
1, 2, 3. They arrange to give us a briefing on 1, 2, 3. So 
there is that constant open communication through both one-on-
one and through the sector coordinating councils, through the 
security committees that----
    Mr. Carter. Okay.
    Ms. Judge [continuing]. When we express needs, we usually 
get what we need.
    Mr. Carter. Well, let me ask you collaboration. Because 
that is extremely important. Do you ever give security 
clearance to any of these pipeline companies, to any of their 
personnel to possibly share any kind of threats with them that 
you might have heard of?
    Mr. Black. They have Classified and Unclassified briefings 
on these TSA pipeline security calls. There is some For-
Official-Use-Only information that is in Unclassified settings 
that you can get to more people. Some things have to be shared 
only in a Classified briefing, and they are.
    Mr. Carter. Okay. So you would rate the collaboration as 
being good at this point?
    Mr. Black. Yes.
    Mr. Carter. Okay. I am sorry. I can't--the glare is too 
bad, Dr. Parfomak. Would you agree with that?
    Mr. Parfomak. Excuse me. Could you repeat the question?
    Mr. Carter. Would you agree that the collaboration between 
private industry and TSA has been good?
    Mr. Parfomak. As I mentioned in my opening statement, CRS 
doesn't advocate policy or take a position on that. Whether the 
collaboration has been good, as I said in my opening statement, 
is a debatable point. Others have raised the issue of, for 
instance, DOT's and TSA's collaboration, and that may have been 
evolving over the last number of years.
    Mr. Carter. Okay. Well, obviously, you-all understand how 
important collaboration is. So I would certainly hope we are 
making a concerted effort at doing the best we can with that.
    Thank you, Mr. Chairman.
    Mr. Katko. Thank you, Mr. Carter.
    The Chair now recognizes the gentleman from Texas, Mr. 
Ratcliffe, for 5 minutes of questioning.
    Mr. Ratcliffe. Thank you, Mr. Chairman, Ranking Member.
    This is an important hearing today, not just for the 
country but particularly my home State of Texas. Texas has the 
largest pipeline infrastructure in the Nation, more than 
425,000 miles of pipeline in our State, which is roughly, I 
believe, one-sixth of the total pipeline mileage in the United 
States. Many of those pipelines do actually run through the 
Fourth Congressional District that I am privileged to 
represent.
    So I appreciate all of you being here today to talk about 
the on-going efforts to secure our pipeline infrastructure and 
what can be done to enhance the partnership between TSA and 
industry.
    Director Proctor, in your written testimony you referenced 
the recent attacks in Brussels to illustrate the fact that 
terrorist threats have grown incredibly complex, we know that, 
and that terrorist actors can become radicalized to carry out 
these attacks with little or no warning. I agree with your 
assessment of the current threats posed by these terrorists. I 
was also pleased to hear that TSA and the pipeline industry 
have a good working relationship to protect our critical 
infrastructure.
    I am curious, though, with roughly 3,000 private companies 
who own and operate the Nation's pipelines, how does TSA 
communicate threat assessments to these companies and recommend 
improved measures in the wake of potential threats made against 
a specific pipeline?
    Ms. Proctor. Thank you for that question.
    Our Office of Intelligence and Analysis conducts an 
assessment, an annual assessment, of the threats to the 
pipeline industry. One of those assessments is an Unclassified 
assessment that we can share with industry. We do share that. 
We share that with the pipeline industry and we continually 
communicate information that we get from our intelligence and 
analysis office if there is any information that could indicate 
a possible threat, a generalized threat.
    If it is a specific threat and it is Classified 
information, we arrange for a Classified briefing with that 
particular entity. We do have the means to do that through our 
partners either with the FBI at a local field office, with a 
field intelligence officer at an airport, or through a meeting 
at TSA headquarters. We can provide Classified information.
    Mr. Ratcliffe. So in addition to the briefing, though, in a 
Classified setting, are you making specific recommendations? If 
so, are you finding that industry is receptive to those?
    Ms. Proctor. We do make specific recommendations. We 
conduct both corporate security reviews and critical facility 
security reviews. At the conclusion of that review, and they 
are done on-site at the pipeline facility, there are 
recommendations, if it is appropriate, there are 
recommendations that are made and provided to the security 
director of the pipeline organization. They are provided at the 
time. They are followed up with written recommendations.
    So we do those on-site assessments and provide those 
recommendations that are specific to that company. We provide 
more generalized recommendations for security in our monthly 
conference calls or calls that may be generated by some issue 
that has occurred in the news. If we feel it appropriate, we 
will have a conference call just to share information that we 
have, and to share any recommendations that we think would help 
enhance the security in the pipeline industry.
    Mr. Ratcliffe. Thank you. Very quickly, I want to move to 
the industry side, because I know Mr. Black, Ms. Judge, that, 
you know, with the evolution of technology and the need to keep 
your technology updated to protect infrastructure from bad 
actors, I am curious about your perspectives on the partnership 
between TSA and industry in advancing proactive security 
measures.
    Specifically I want your perspectives on whether TSA, from 
your, again, perspective, is timely sharing cyber threat 
information and intelligence information in such a way that is 
allowing you to bolster your defenses against these threats?
    Mr. Black. From liquids pipelines, I am not hearing any 
concerns about timeliness. I am hearing that, just as you and 
Director Proctor discussed, that we get company-specific 
guidance on company-specific issues. The concern that I am 
hearing is the TSA has some important vacancies in the pipeline 
security division that need to be filled. We are looking 
forward to those being filled with good quality people so that 
we can have more people to collaborate with.
    Mr. Ratcliffe. Great. Ms. Judge, do you want to weigh in?
    Ms. Judge. Yes. We haven't heard of any in the natural gas 
pipeline side of things not getting timely information. We 
actually get very timely information, oftentimes from several 
different departments and at the same time. So we are getting 
timely information sometimes 3 or 4 times being the same 
information. So no issues there.
    Mr. Ratcliffe. Okay. Well. My time has expired, but if the 
Chairman will indulge just very quickly, because I want to give 
you an opportunity, and maybe this has been asked. But if you 
could alter the relationship between TSA and industry in one 
specific way or a specific way to better secure our pipeline 
infrastructure, what change would you recommend?
    Ms. Judge. As of this minute, the one change I would make 
would be to fill, as Andy said, fill the open positions so that 
we can start collaborating more closely again with whomever is 
coming in. Part of that is, as Sonya said, we are currently 
reviewing the pipeline guidelines, and that is a collaborative 
effort with TSA and with the industry through the Pipeline 
Sector Coordinating Council. It would be really great once they 
do hire and on-board the new replacement for the head of this 
group, we can, you know, work real closely with them to get 
these guidelines updated and get them out there so people can 
implement any changes they need to.
    Mr. Ratcliffe. Terrific. Thank you.
    Mr. Black. It is people. It is leadership roles that have 
been filled that--we would be remiss if we didn't praise Jack 
Fox who recently retired from TSA. That is big shoes to fill. 
Jack did a nice job at helping us all be focused on pipeline 
security. If they can find the right type of people to succeed 
Jack and a couple of the other positions, we will be better off 
and ready to collaborate more intensely.
    Mr. Ratcliffe. Terrific. Thank you all for being here. 
Chairman, thanks for your indulgence.
    Mr. Katko. Thank you. Excellent questions. Thank you, Mr. 
Ratcliffe.
    All right. I just have few more questions, and of course 
any of my other colleagues that are here can follow up if they 
wish.
    With respect to resources--I want to follow--what is the 
reason, Ms. Proctor, for some of those openings? How--when do 
you plan on filling them?
    Ms. Proctor. Mr. Chairman, we have recently had the 
retirement of Mr. Jack Fox, the long-time manager and leader of 
our pipeline office. They are very big shoes to fill. We 
recognize the importance of having industry experience in our 
pipeline office. So we have recruited heavily from the 
industry. I am very happy to say that I have interviews 
scheduled in the next week to actually make a selection on the 
position for the manager of our pipeline office.
    The other positions that we have there have been posted. I 
have received Cert lists on those. We have interviews that are 
being scheduled for those. So we will have a full house in our 
pipeline section.
    Mr. Katko. Okay. How long have those positions been open?
    Ms. Proctor. Mr. Fox actually retired in February. One 
other gentleman just left last month. So they are fairly 
recent.
    Mr. Katko. Okay. Now that kind of bleeds into my next 
concern. That is what Dr. Parfomak pointed out, and that was 
potential for resource issues. Now, a fiscal conservative like 
me and someone who likes smaller government, it is troublesome 
to ask a question like this. But do you need more resources?
    Ms. Proctor. Mr. Chairman, I don't know anyone who 
wouldn't----
    Mr. Katko. Such an easy question. Oh my gosh.
    Ms. Proctor [continuing]. Who wouldn't acknowledge loving 
more resources. Certainly if those resources were available, we 
would invest them and put them to good use. We would invest in 
additional training with our pipeline industry partners, and we 
would also invest in conducting additional assessments at 
critical facilities.
    Mr. Katko. Do you have in mind what exactly the type of 
positions you would like to enhance? Do you have a plan as to 
what you would do with the additional resources that we could 
look at and assess?
    Ms. Proctor. I could certainly provide that, Mr. Chairman.
    Mr. Katko. I would appreciate that. I would like to take a 
look at that. Because I think that, you know, with the emerging 
threat, it may be when you are updating your 2011 guidelines, 
that might impact your thought process too. So perhaps when you 
submit those, I would like to see those, maybe we can have an 
update as to what you think you could do if you had additional 
resources and why you need the additional resources. That would 
be helpful. I would appreciate input from the industry as well 
on that.
    Now, most of the guidelines and suggestions you issue on 
the security side are voluntary. Is that correct?
    Ms. Proctor. Yes, Mr. Chairman, they are voluntary.
    Mr. Katko. Okay. Now, the cynic in me would say that is why 
the industry likes you so much. Because they are voluntary, not 
mandatory. So would it be helpful to have some of those 
things--or do you ever find any frustration, I should say, with 
issuing guidelines and them not following them, and then you 
think it is really important for them to do so?
    Ms. Proctor. No, sir. I believe the environment in which we 
operate now allows a great deal of flexibility. Certainly in 
the current environment with the evolving threats, the ability 
to be flexible I think is very important. We have had great 
success with voluntary guidelines. We have not had any pipeline 
industry partners to balk at complying with the guidelines that 
we have agreed upon. So we are pleased to have this kind of 
collaboration and this partnership with the industry. It allows 
us to have open discussion, and it allows us to work in a 
collaborative way to solutions. So we are very pleased with the 
arrangement.
    Mr. Katko. I must say in going through this hearing and, 
again, preparing for this hearing as well and talking to some 
of the individuals who were going to testify that the spirit of 
public/private cooperation is encouraging. I am a very big 
advocate of the private sector working collaboratively with the 
Government instead of at odds with them. It helps us leverage 
the finite Government resources that we have.
    So I applaud all of you for working collaboratively 
together. It is very important. In this age of budget 
constraints, the private sector has to play a role. It is an 
increasingly important role. I don't think we should ever be in 
a situation where the Government is telling industry what to 
do. That is when we have problems. It seems like more 
collaboration here is a very good thing. I applaud all of you 
for what you are doing in keeping our country safe with respect 
to that.
    If you have additional input you want to provide, some 
things you wish we asked you today, please feel free to do so. 
Please get it to us because we will listen and we will take a 
look at it. But this seems like an area, unlike many other 
areas we have oversight of with respect to TSA, that this seems 
to be working pretty well. I am happy to say that.
    So in accordance with our committee rules and practice, I 
plan to recognize--oh, excuse me. All done with that. Pardon 
me.
    I do want to thank the panel for the thoughtful testimony. 
Members of the committee may have some additional questions for 
the record. We ask that you respond to those in writing.
    The hearing record will stay open for 10 days. Without 
objection the subcommittee stands adjourned.
    [Whereupon, at 3:24 p.m., the subcommittee was adjourned.]



                            A P P E N D I X

                              ----------                              

   Questions From Ranking Member Bennie G. Thompson for Sonya Proctor
    Question 1. Given that pipeline systems are within the 
Transportation System sector, one of the 16 critical infrastructure 
sectors under PPD-21, and that these pipelines often depend on computer 
and communications networks used for automated control, please 
describe, with specificity, what type of coordination, if any, there is 
between TSA and National Protection and Program Directorate to 
strengthen and make more resilient this critical infrastructure.
    Answer. Response was not received at the time of publication.
    Question 2. NPPD has a network of Protective Service Advisors 
across the country who are charged with proactively engaging with the 
private sector to protect critical infrastructure.
    Does your office work with the network of PSAs?
    Answer. Response was not received at the time of publication.
    Question 3. Does TSA or NPPD provide training programs to private 
industry employees that provide security certifications? If so, please 
elaborate.
    Answer. Response was not received at the time of publication.
    Question 4a. In the planning phases of a pipeline system project, 
what role, if any, does TSA play in decision making regarding security 
concerns that may arise?
    Question 4b. To your knowledge, are any other agencies involved in 
making security decisions during the planning phases of pipelines?
    Answer. Response was not received at the time of publication.
    Question 5a. Your testimony states that TSA works closely with 
DOT's Pipeline and Hazardous Materials Safety Administration (PHMSA). 
PHMSA handles the safety aspect of pipelines, while TSA handles the 
security aspect.
    Question 5b. Since safety and security are closely associated, 
could you detail for us how TSA works with PHMSA to address both 
issues?
    Answer. Response was not received at the time of publication.
    Question 6. Ms. Proctor, please detail TSA's role in providing 
guidelines to industry for individuals seeking positions with 
unrestricted access at critical pipeline assets.
    Answer. Response was not received at the time of publication.
    Question 7. TSA has regulatory authority over pipeline systems for 
purposes of security. To date, TSA has not exercised this authority.
    How often do you evaluate the security risk to these systems and do 
you have internal criteria for what might trigger regulatory action?
    Answer. Response was not received at the time of publication.
    Question 8. As among the various security risks to pipeline 
systems, where does interference with SCADA control systems factor?
    Do you have risk-modeling to understand what cascading effects may 
be triggered by a cyber or physical attack on a pipeline?
    Answer. Response was not received at the time of publication.
    Question 9a. When are they updating the 2 key 2011 documents and 
what changes should we expect to see?
    Question 9b. Will protection of control systems factor be more 
prominent?
    Answer. Response was not received at the time of publication.
 Question From Ranking Member Bennie G. Thompson for Kathleen S. Judge
    Question. Ms. Judge, in your testimony you stated that gas 
companies work closely with law enforcement personnel and first 
responders on site-specific plans and security drills.
    How often do these security plans and security drills take place, 
and how often are these plans updated?
    Answer. The question posed relates to how often security plans are 
updated and how often security drills take place. Corporate Security 
Plans are typically reviewed annually and updated as required and as 
circumstances warrant. Site-Specific Plans include measures tailored 
for each specific critical facility and include specific actions to be 
taken at the elevated and imminent levels of the National Terrorism 
Alert System. As stated in the TSA Pipeline Security Guidelines these 
plans should be reviewed and updated on a periodic basis, not to exceed 
18 months. As threats evolve, so does security. Typically there is one 
major security drill or exercise per year. Also, periodic security 
drills or exercises are performed either independently or in 
conjunction with other regularly-scheduled required company drills or 
exercises.
 Questions From Ranking Member Bennie G. Thompson for Paul W. Parfomak
    Question 1. When we think of possible attacks on all sectors, we 
often quantify the damage in terms of the potential loss of life. 
Throughout testimony, we saw repeatedly that the consequences of an 
attack on our Nation's pipeline systems could cause severe consequences 
to our economy, environment, as well as the loss of human life. Would 
you please explain to us the possible effects of an attack on our 
pipeline systems in regard to these 3 factors?
    Answer. Because energy pipelines carry volatile, flammable, or 
toxic materials, they have the potential to cause public injury, 
economic damage, and environmental damage in the event of an 
uncontrolled release--be it the result of an accident or deliberate 
attack. The nature and severity of such consequences in any particular 
incident depend upon many factors, including the product involved, the 
scale of the release, proximity to a population or environmentally-
sensitive area, the emergency response, and other factors. For example, 
a natural gas release may present a greater risk to people than crude 
oil because it is more volatile, but it presents less environmental 
risk because it burns off quickly or dissipates in air. Crude oil, on 
the other hand, may cause much more extensive environmental harm, 
particularly when released into water where it can spread quickly. 
Nonetheless, crude oil may still cause personal injury, especially if 
it ignites. The economic impacts of any pipeline release involve both 
damages in the vicinity of the incident and damages due to lost 
commodity and to disruption of the pipeline supplies to customers that 
depend upon them--such as power plants, factories, and refineries.
    As I stated in my written testimony, although there have been no 
successful terrorist attacks on pipelines in the United States, notable 
safety incidents over the last 15 years or so illustrate the potential 
damages from uncontrolled releases.
   1999.--A gasoline pipeline explosion in Bellingham, 
        Washington, killed 3 people and caused $45 million in damage to 
        a city water plant and other property.
   2000.--A natural gas pipeline explosion near Carlsbad, New 
        Mexico killed 12 campers.
   2006.--Pipelines on the North Slope of Alaska leaked over 
        200,000 gallons of crude oil in an environmentally-sensitive 
        area and temporarily shut down Prudhoe Bay oil production.
   2007.--A release from a propane pipeline near Carmichael, 
        Mississippi killed 2 people, injured several others, destroyed 
        4 homes, and burned over 70 acres of land.
   2010.--A pipeline spill in Marshall, Michigan released 
        819,000 gallons of crude oil into a tributary of the Kalamazoo 
        River. Expenses to clean up the spill exceeded $1.2 billion. 
        The pipeline operator also lost $16 million in revenue while 
        the line was out of service.
   2010.--A natural gas pipeline explosion in San Bruno, 
        California, killed 8 people, injured 60 others, and destroyed 
        37 homes. California regulators imposed on the operator a fine, 
        penalties, and other remedies totaling $1.6 billion.
   2011.--A natural gas pipeline explosion in Allentown, PA, 
        killed 5 people, damaged 50 buildings, and caused 500 people to 
        be evacuated.
   2011.--A pipeline spill near Laurel, MT, released an 
        estimated 42,000 gallons of crude oil into the Yellowstone 
        River.
   2014.--A natural gas distribution pipeline explosion in New 
        York City killed 8 people, injured 50 others, destroyed 2 5-
        story buildings, and caused the temporary closure of a transit 
        line due to debris.
   2015.--A pipeline in Santa Barbara County, CA, spilled 
        143,000 gallons of crude oil, including 21,000 gallons reaching 
        Refugio State Beach on the Pacific Ocean.
    These incidents may have imposed additional economic damages among 
pipeline users to the temporary disruption of pipeline supplies, but 
such ``downstream'' economic impacts are generally not quantified in 
accident investigations.
    Question 2. It seems as though a wide array of Government actors 
have responsibilities regarding the safety of pipelines. In your view, 
are there any areas of overlap or redundancy in the Government's 
efforts to ensure that pipelines are secure?
    Answer. Three Federal agencies play the most significant roles in 
the formulation, administration, and oversight of pipeline safety 
regulations in the United States. The Department of Transportation's 
(DOT) Pipeline and Hazardous Materials Safety Administration (PHMSA) 
has the primary responsibility for the promulgation and enforcement of 
Federal pipeline safety standards. PHMSA regulates key aspects of 
safety for energy product pipelines in the United States: Design, 
construction, operation and maintenance, and spill response planning 
(see Title 49 of the Code of Federal Regulations). PHMSA's enabling 
legislation also allows the agency to delegate authority to intra-State 
pipeline safety offices, and allows State offices to act as ``agents'' 
administering inter-State pipeline safety programs (excluding 
enforcement) for those sections of inter-State pipelines within their 
boundaries. The Federal Energy Regulatory Commission is not 
operationally involved in pipeline safety, but it examines safety 
issues under its siting authority for inter-State natural gas 
pipelines. The National Transportation Safety Board investigates 
transportation accidents--including pipeline accidents--and issues 
associated safety recommendations.
    As stated in my written testimony, Federal oversight of pipeline 
security falls under the jurisdiction of the Transportation Security 
Administration (TSA) within the Department of Homeland Security. 
Although the TSA has regulatory authority for pipeline security, its 
activities rely upon voluntary industry compliance with the agency's 
security guidance and best practice recommendations.
    Since TSA was established, Congress has had a continuing interest 
in the appropriate division of pipeline security authority between the 
DOT and TSA. In 2004, the DOT and DHS entered into a memorandum of 
understanding (MOU) concerning their respective security roles in all 
modes of transportation. The MOU notes that DHS has the primary 
responsibility for transportation security with support from the DOT, 
and establishes a general framework for cooperation and coordination. 
On August 9, 2006, the Congressional Research Service departments 
signed an annex ``to delineate clear lines of authority and 
responsibility and promote communications, efficiency, and 
nonduplication of effort through cooperation and collaboration between 
the parties in the area of transportation security.''\1\ According to 
TSA, the 2 agencies maintain daily contact, share information in a 
timely manner, and collaborate on security guidelines and incident 
response planning. Although pipeline safety and security, in some 
cases, may be operationally related, CRS is not aware of any recent 
reports or industry comments suggesting that there is overlap or 
redundancy between TSA's activities in pipeline security and PHMSA's 
activities in pipeline safety.
---------------------------------------------------------------------------
    \1\ Transportation Security Administration and Pipelines and 
Hazardous Materials Safety Administration, ``Transportation Security 
Administration and Pipelines and Hazardous Materials Safety 
Administration Cooperation on Pipelines and Hazardous Materials 
Transportation Security,'' August 9, 2006.
---------------------------------------------------------------------------

                                 [all]