* Meg Heyse is a 2021 summer associate at Troutman Pepper. She is not admitted to practice law.

In April 2021, the Department of Energy (DOE) launched a 100-day initiative to strengthen cybersecurity protections in the energy sector. Just one month later, the Transportation Security Administration (TSA), an agency under the purview of the Department of Homeland Security (DHS), issued Security Directive Pipeline 2021-1 (Security Directive or Directive) to implement — for the first time — mandatory requirements for certain pipeline operators with respect to cybersecurity. The Security Directive became effective the day it was issued on May 28, 2021. Although the Security Directive was issued in final, TSA is accepting public comments on the Directive and has indicated that it may amend the Directive based on those comments.

The Security Directive mandates that owners and operators of “critical” hazardous liquid and natural gas pipeline infrastructure comply with certain portions of the DOE’s April 2021 initiative. As defined by the Directive, “critical” pipeline facilities are those that have been previously identified by the TSA as critical pursuant to the Implementing Recommendations of the 9/11 Commission Act of 2007 and as outlined in TSA’s pipeline security guidelines. For these owners and operators, the Directive has three broad mandates.
Continue Reading Mandatory Homeland Security Cybersecurity Directive

The Pipeline and Hazardous Materials Safety Administration (PHMSA) and the Transportation Security Administration (TSA) recently finalized an Annex to a longstanding Memorandum of Understanding (MOU) regarding pipeline safety and security. This Annex comes just weeks after a publicized natural gas pipeline cybersecurity intrusion and responds to several recommendations from the Government Accountability Office (GAO) discussed in our earlier alert to update the prior Annex which had not been reviewed or revised since its inception over 14 years ago. The updated Annex emphasizes information-sharing and coordination between the agencies and signals that the agencies are moving forward on satisfying outstanding GAO recommendations. While this is a step in the right direction, questions remain whether TSA is the appropriate agency to oversee pipeline security and whether existing voluntary standards should be mandatory.
Continue Reading As Cyberthreats Continue, PHMSA and TSA MOU Stresses Information Sharing and Coordination

Congress recently convened its third Committee Hearing on reauthorization of the Pipeline Safety Act, before the House Energy and Commerce Committee.  Much of the discussion of focused on pipeline security, among other issues that have been discussed in prior hearings. Adding to the focus was the absence of an invited representative from the Transportation Security Administration (TSA), the agency who is tasked with sharing oversight of pipeline security with PHMSA. The TSA has come under criticism in light of a recent Government Accountability Office report that was critical of the agency’s Pipeline Security Division and its ability to ensure the safety and reliability of pipeline energy network from both cyber and physical security saboteurs. That report cited “significant weaknesses” in TSA’s program and pointed to, among other challenges, a shortage of qualified inspectors to address cyberattacks and other physical intrusions facing pipelines.
Continue Reading Third Pipeline Safety Act Hearing Focuses on Security

The federal Pipeline Safety Act (PSA or the Act) mandates minimum safety standards for pipelines and certain associated storage and facilities (including LNG and other terminals). Congress should take up legislation to reauthorize the Act this year. Since the last reauthorization in 2016, there have been several noteworthy developments that have affected the industry, the

Global energy change through increased use of natural gas and liquefied natural gas (LNG) has been the focus of this week’s World Gas Conference (WGC).  The WGC, sponsored by the International Gas Union, has convened these conferences once every three years since 1931.  This year’s meeting is being held in the U.S. for the first time since the natural gas boom that has occurred over the past ten years.  The U.S. is now the world’s largest producer of natural gas and has begun to export LNG (a dramatic change from only a few years ago, when the U.S. imported both gas and LNG).Continue Reading Global Energy Change: Increased Use of Natural Gas and LNG

Since 9/11, no new rules or regulations have been promulgated to address pipeline or LNG facility security or cybersecurity. Although the Transportation Security Administration (TSA) recently released an updated version of its “Pipeline Security Guidelines” (Guidelines) that were last issued in 2011, those Guidelines remain advisory.  And both the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have made only informal outreach to pipeline and LNG industry as issues have arisen.  As the threat of both cyber and physical attacks on critical energy infrastructure continues, however, some question whether minimal standards for prevention of threats should be in place.  In particular, there has been recent attention by the U.S. Government Accountability Office (GAO), members of Congress, and at least one Federal Energy Regulatory Commission (FERC) commissioner. (See E&E News Article of May 29, 2018).  These discussions, along with recent proposed legislation in the House and the fact that the Pipeline Safety Act is up for reauthorization later this year, are likely to bring these issues into sharper focus.
Continue Reading Pipeline Security and Cybersecurity: Are Guidelines Enough to Protect Critical Infrastructure?


Opposition to new pipeline construction has grown in recent years, moving from public comment to litigation to physical protest and vandalism.  In 2016 alone, several coordinated actions led to trespass and vandalism of pipelines and pipeline facilities in multiple states, some of which were prosecuted as felony criminal acts.  The defendants in several of these cases have raised a “necessity defense” to their actions, and two courts have now allowed that defense to proceed.Continue Reading Invoking the ‘Necessity Defense’ in Pipeline Sabotage Prosecutions

In response to questions from lawmakers on whether federal law adequately provides for the prosecution of “criminal activity against infrastructure,” the Department of Justice (DOJ) recently committed to “vigorously” prosecute those who damage “critical energy infrastructure in violation of federal law.”  Historically, vandalism on oil or gas pipelines has been relatively uncommon, largely because most of the infrastructure is buried underground.  Since 9/11 and in response to increased high profile pipeline construction projects, however, acts of vandalism—and more intentional attacks—have increased.
Continue Reading Congress and DOJ Consider Existing Protections as Pipeline Sabotage Increases