Earlier this month, Rep Garcia (D,CA) introduced HR 9469, the Pipeline Security Act. The bill would amend 49 USC 114 to specifically add pipeline security to the list of responsibilities of the Transportation Security Administration. No new funding is authorized by this legislation.
Definitions
No new definitions are provided in this bill, there are, however, numerous references to existing statutory definitions where new terms are used in the proposed language. These include various cybersecurity related terms that are defined by reference to 6 USC 650. Those definitions rely on the included control-system-inclusive definition of ‘information system’.
Additional Duties
Subsection 2(a) would amend §114(f), Additional Duties and Powers, by inserting a new paragraph (16):
“(16) maintain responsibility, in coordination with the Director of the Cybersecurity and Infrastructure Security Agency, as appropriate, for securing pipeline transportation and pipeline facilities (as such terms are defined in section 60101 of this title) against cybersecurity threats (as such term is defined in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650)) [emphasis added], acts of terrorism (as such term is defined in section 3077 of title 18), and other security threats; and”
It would also amend §114(w)(2)(B) by adding a new clause (v):
“(v) ensuring the security of pipeline transportation and pipeline facilities (as such terms are defined in section 60101 of this title) against cybersecurity threats (as such term is defined in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650)), acts of terrorism (as such term is defined in section 3077 of title 18), and other security threats.”; and
Finally, it would add a new subsection (y), Pipeline transportation and pipeline facilities responsibilities, outlining TSA responsibilities for pipeline security. In general, those responsibilities would include:
Develop, guidelines for improving the security of pipeline transportation and pipeline facilities against cybersecurity, acts of terrorism, and other security threats, consistent with the NIST Framework for Improvement of Critical Infrastructure Cybersecurity, and any other standard the Administrator considers appropriate,
Promulgate a security directive or regulation that applies to pipeline transportation or pipeline facilities, as appropriate,
Share such guidelines, security directives, and regulations and, as appropriate, intelligence and information regarding such security threats to pipeline transportation and pipeline facilities,
Conduct security assessments, and
Carry out a program through which the Administrator identifies and ranks the relative security risks to certain pipeline transportation and pipeline facilities and inspects pipeline transportation and pipeline facilities.
Moving Forward
Garcia is a member of the House Homeland Security Committee to which this bill was assigned for consideration. This means that there could be sufficient influence to see the bill considered in Committee. There will be some Republican opposition to the call for security directives or regulations for pipeline security, but I suspect that there will be at least some level of bipartisan support for the bill. Unfortunately, this late in the session, the bill is not likely to be considered.
Commentary
The reality is that this bill is going to codify responsibility for actions that TSA is already taking. Even the security directive and regulation section would not require TSA to take any actions beyond that which it has already taken. Bills such as this, however, are important in that they provide a legal backstop for charges that the agency has exceeded its authority. The current authority under §114 is broadly written and could be argued to support the agencies security directives and current rulemaking process. This would make that argument unnecessary.