The Pipeline and Hazardous Materials Safety Administration (PHMSA) and the Transportation Security Administration (TSA) recently finalized an Annex to a longstanding Memorandum of Understanding (MOU) regarding pipeline safety and security. This Annex comes just weeks after a publicized natural gas pipeline cybersecurity intrusion and responds to several recommendations from the Government Accountability Office (GAO) discussed in our earlier alert to update the prior Annex which had not been reviewed or revised since its inception over 14 years ago. The updated Annex emphasizes information-sharing and coordination between the agencies and signals that the agencies are moving forward on satisfying outstanding GAO recommendations. While this is a step in the right direction, questions remain whether TSA is the appropriate agency to oversee pipeline security and whether existing voluntary standards should be mandatory.
Continue Reading As Cyberthreats Continue, PHMSA and TSA MOU Stresses Information Sharing and Coordination
Infrastructure Security
Pipeline Security and Cybersecurity: Are Guidelines Enough to Protect Critical Infrastructure?
Since 9/11, no new rules or regulations have been promulgated to address pipeline or LNG facility security or cybersecurity. Although the Transportation Security Administration (TSA) recently released an updated version of its “Pipeline Security Guidelines” (Guidelines) that were last issued in 2011, those Guidelines remain advisory. And both the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have made only informal outreach to pipeline and LNG industry as issues have arisen. As the threat of both cyber and physical attacks on critical energy infrastructure continues, however, some question whether minimal standards for prevention of threats should be in place. In particular, there has been recent attention by the U.S. Government Accountability Office (GAO), members of Congress, and at least one Federal Energy Regulatory Commission (FERC) commissioner. (See E&E News Article of May 29, 2018). These discussions, along with recent proposed legislation in the House and the fact that the Pipeline Safety Act is up for reauthorization later this year, are likely to bring these issues into sharper focus.
Continue Reading Pipeline Security and Cybersecurity: Are Guidelines Enough to Protect Critical Infrastructure?
Protecting Critical Energy Infrastructure from Pipeline Sabotage
Oil and gas provides nearly two thirds of all energy used in the United States, which is primarily transported by pipelines. The United States currently has roughly 2.8 million miles of pipelines. Most of this infrastructure is buried, but aboveground components exist along pipeline routes, including pump stations and valve stations and compressor stations as well as other aboveground equipment and facilities. Historically, incidents of pipeline sabotage have been rare but in just the past year, they have increased in response to high profile pipeline construction projects. These attacks are well coordinated and appear to be well funded. Impacts could be catastrophic to public safety, the environment, and reliability of energy infrastructure in the United States. The federal government has expressly designated oil and gas pipelines as critical energy infrastructure for increased protection and current law provides for significant penalties and imprisonment for those who attempt to damage these facilities.
Continue Reading Protecting Critical Energy Infrastructure from Pipeline Sabotage