[Federal Register Volume 81, Number 237 (Friday, December 9, 2016)]
[Pages 89183-89184]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-29500]



Pipeline and Hazardous Materials Safety Administration

[Docket No. PHMSA-2016-0137)

Pipeline Safety: Safeguarding and Securing Pipelines From 
Unauthorized Access

AGENCY: Pipeline and Hazardous Materials Safety Administration (PHMSA); 

ACTION: Notice; issuance of Advisory Bulletin.


SUMMARY: PHMSA is issuing this Advisory Bulletin in coordination with 
the Department of Homeland Security's (DHS), Transportation Security 
Administration (TSA), to remind all pipeline owners and operators of 
the importance of safeguarding and securing their pipeline facilities 
and monitoring their Supervisory Control and Data Acquisition (SCADA) 
systems for abnormal operations and/or indications of unauthorized 
access or interference with safe pipeline operations. Additionally, 
this Advisory Bulletin is to remind the public of the dangers 
associated with tampering with pipeline system facilities.
    This Advisory Bulletin follows recent incidents in the United 
States that highlight threats to oil and gas infrastructure. On October 
11, 2016, several unauthorized persons accessed and interfered with 
pipeline operations in four states, creating the potential for serious 
infrastructure damage and significant economic and environmental harm, 
as well as endangering public safety. While the incidents did not 
result in any damage or injuries, the potential impacts emphasize the 
need for increased awareness and vigilance.

FOR FURTHER INFORMATION CONTACT: Operators of pipelines subject to 
regulation by DOT, PHMSA, should contact Nathan A. Schoenkin by phone 
at 202-366-4774 or by email at [email protected]. Information 
about PHMSA may be found at http://phmsa.dot.gov. Pipeline operators 
with questions on TSA's Pipeline Security Guidelines should contact 
Steven Froehlich by phone at 571-227-1240 or by email at 
[email protected].


I. Background

Incident Details

    On Tuesday October 11, 2016, individuals contacted four pipeline 
operators informing them they would shut down the pipelines used to 
transport crude oil from Canada to the United States. The operators 
(Enbridge, Kinder Morgan, Spectra Energy, and TransCanada) took steps 
to prevent damage to the pipelines and contacted local and federal law 
enforcement. The individuals cut the chains and padlocks at valve sites 
near Leonard, Minnesota; Burlington, Washington; Eagle Butte, Montana; 
and Wahalla, North Dakota. The individuals then closed valves on 
Enbridge's Lines 4 and 67, Spectra Energy's Express Pipeline, and 
TransCanada's Keystone Pipeline. The Kinder Morgan Trans Mountain's 
Puget Sound Pipeline was not operating at the time. Several individuals 
were arrested by local law enforcement.
    Had the pipeline operators not shut down their lines in response to 
the threats, a pipeline rupture could have occurred. A pipeline rupture 
due to tampering with valves can have significant consequences such as 
death, injury, and economic and environmental harm.

Pipeline Safety and Security

    PHMSA and TSA have a mutual interest in ensuring coordinated, 
consistent, and effective activities that improve interagency 
cooperation on transportation security and safety matters. PHMSA 
focuses on the safety of the Nation's pipelines and administers the 
pipeline safety regulatory program (49 CFR part 190-199). TSA focuses 
on the security of the Nation's pipelines and has authored Pipeline 
Security Guidelines for operators available online at https://www.tsa.gov/sites/default/files/tsapipelinesecurityguidelines-2011.pdf.

II. Advisory Bulletin (ADB-2016-06)

    To: Owners and Operators of Hazardous Liquid, Carbon Dioxide and 
Gas Pipelines
    Subject: Safeguarding and Securing Pipelines from Unauthorized 
    Advisory: PHMSA is issuing this Advisory Bulletin in coordination 
with TSA to remind all pipeline owners and operators of the importance 
of safeguarding and securing their pipeline facilities and monitoring 
their SCADA systems for abnormal operations and/or indications of 
unauthorized access or interference with safe pipeline operations. 
Additionally, this Advisory Bulletin is to remind the public of the 
dangers associated with tampering with pipeline system facilities.

If You See Something, Say SomethingTM

    Tampering with pipeline facilities can have deleterious effects on 
the safety of the Nation's pipeline system. Tampering or acts of 
sabotage can also lead to the loss of life, injury, and significant 
harm to the economy and environment. At 49 CFR 190.291, any person that 
willingly and knowingly injures or destroys, or attempts to injure or 
destroy a pipeline facility is subject to a fine in Title 18 of the 
United States Code and imprisonment for a term not to exceed 20 years 
for each offense. Individuals are reminded that ``If you See Something, 
Say Something''TM applies to the safety and security of our 
national pipeline infrastructure. Individuals that see something 
suspicious should reach out to their local law enforcement. Informed, 
alert communities play a vital role in keeping our Nation's energy 
infrastructure safe. Emphasizing that ``Homeland Security Starts with 
Hometown Security,'' DHS encourages businesses to ``Connect, Plan for, 
Train, and Report''. Tools and resources to help businesses plan, 
prepare, and protect themselves from suspicious activities or attacks 
are located online at https://www.dhs.gov/hometown-security.

Relationships With Local Law Enforcement

    PHMSA reminds pipeline operators that a strong relationship with 
local law enforcement is extremely beneficial for safe pipeline 
operations. Two-way communications between operators and law 
enforcement can help to stop threats before they occur. Relationships 
should be cultivated well in advance of an incident to facilitate 
mutually dependable communication during an incident.

[[Page 89184]]

Increased Security Patrols

    Pipeline operators should consider increasing the frequency of 
security patrols along their right of ways. Operators may want to 
consider the use of new technologies to aid in pipeline security 
patrols, such as unmanned aerial systems if authorized in the areas of 
operation. Frequent patrols may help inform pipeline companies of 
individuals who regularly congregate near a pipeline, or of potentially 
unsafe conditions at a valve or pump station. Information regarding 
suspicious individuals should be promptly forwarded to federal, state, 
and local law enforcement.

Protection of Facilities

    PHMSA's Office of Pipeline Safety requires pipeline operators to 
provide protection for valves on hazardous liquid pipelines at 49 CFR 
195.420(c). Additionally, at 49 CFR 195.436, hazardous liquid pipeline 
operators are required to provide protection for each pumping station, 
breakout tank area, and other exposed facility from vandalism and 
unauthorized entry. Furthermore, at 49 CFR 192.179(b)(1), natural and 
other gas pipeline operators must ensure that the valve and operating 
device to open or close the valve must be protected from tampering and 
damage. PHMSA recommends that pipeline operators review their valve and 
facility protection measures and consider taking additional steps to 
secure them.
    Operators should evaluate what type of locks and security fences 
are being used at valve stations and if they are capable of preventing 
unauthorized personnel from gaining access to pipeline valve 
facilities. Pipeline operators may choose to make mechanical operation 
of valves more difficult without proper equipment.
    The use of deterrent text and signage at pipeline facilities may be 
beneficial to decrease acts of sabotage against a pipeline facility. 
The text should include the potential consequences if a valve is closed 
improperly and a rupture was to occur. Additionally the deterrent text 
should include reference to the PHMSA regulation found at 49 CFR 
190.291 discussing the criminal penalties for tampering with pipeline 
facilities. Remote facilities should consider equipping the facilities 
with motion sensing cameras and/or motion detectors to alert control 
centers of tampering.

SCADA System Monitoring

    Due to the criticality of SCADA systems in the safe operations of a 
pipeline, operators should have strong protocols in place to ensure the 
systems will not be tampered with. SCADA systems can be tampered with 
or disabled by a physical or cyber vector. PHMSA is aware of prior 
intrusion attempts on pipeline infrastructure. An operator should 
harden physical and software borders around SCADA systems to limit the 
risk to the safe operation of pipelines. The following methods can be 
used to harden the software and physical borders around the SCADA 
system: (1) Segregating the control system network from the corporate 
network; (2) Limiting remote connection ports to the control system, 
and if necessary requiring token-based authentication to gain access; 
(3) Adding physical protection around remote sites with SCADA network 
access; (4) Enhancing user access control on SCADA system networks and 
devices and limiting access to critical system to individuals with a 
safety/business need; and [5] Employing application whitelisting and 
strict policies on peripheral devices (to include removable media, 
printers, scanners, etc.) connected to the SCADA network.
    Furthermore, DHS's Industrial Control System Cyber Emergency 
Response Team (ICS-CERT) developed a guidance document titled: 
``Recommended Practice: Improving Industrial Control System 
Cybersecurity with Defense-in-Depth Strategies.'' The document provides 
guidance for developing mitigation strategies for specific cyber 
threats and direction on how to create a Defense-in-Depth security 
program for control system environments, and is available online at 

Incident and Accident Reporting

    Operators are reminded that incidents and accidents must be 
promptly reported to the appropriate federal, state, and local agency. 
Requirements for immediate notification of certain incident and 
accident reporting requirements are found at 49 CFR 191.5 and 195.52. 
Furthermore, since tampering with a pipeline can lead to a release, 
PHMSA recommends that operators should contact the National Response 
Center by telephone to 800-424-8802 (in Washington, DC, 202-267-2675) 
following any physical security event that may interfere with the safe 
operation of a pipeline. Please note only ``unclassified'' incident 
details should be reported by phone to the National Response Center.
    TSA recommends in its Pipeline Security Guidelines that pipeline 
operators notify the Transportation Security Operations Center via 
phone at 866-615-5150 or email at [email protected] as soon as possible 
to report security concerns or suspicious activity. Furthermore it is 
recommended that pipeline operators notify DHS's ICS-CERT if the 
operator has an Industrial Control System concern with a cyber security 
nexus. Operators can report to ICS-CERT by emailing [email protected] 
or by calling 877-776-7585.
    PHMSA has coordinated with several components within DHS and the 
Department of Energy on this Advisory Bulletin.

    Issued in Washington, DC, on December 5, 2016, under authority 
delegated in 49 CFR 1.97.
Alan K. Mayberry,
Acting Associate Administrator for Pipeline Safety.
[FR Doc. 2016-29500 Filed 12-8-16; 8:45 am]