The top Democrats on the House and Senate energy committees have urged the Department of Homeland Security to assess cyber and physical protections for natural gas and oil pipelines following an audit that criticized the department’s approach to the issue.
“The results of this assessment will help policymakers evaluate the security of our nation’s energy assets,” Sen. Maria Cantwell, D-Wash., and Rep. Frank Pallone, Jr., D-N.J. wrote to Homeland Security Secretary Kirstjen Nielsen on Wednesday.
Operators of the nation’s 2.7 million miles of pipelines for oil, natural gas, and other hazardous liquids have grappled with cybersecurity risk as their infrastructure becomes more digitized. Those pipelines are a natural target for nation-state hackers, a Federal Energy Regulatory Commission official said in August, according E&E News.
Cantwell and Pallone, Jr., said much more needs to be done to counter the threat. They were reacting to a Government Accountability Office audit that found that the Transportation Security Agency, a DHS component with jurisdiction over pipelines, did not have a process for updating pipeline security guidelines to match them with federal cybersecurity standards. The GAO report also said that the TSA guidance “lack clear definitions to ensure that pipeline operators identify their critical facilities.”
For the last five years, GAO said, TSA has not tracked the status of recommendations made by the agencies’ “corporate security reviews” of pipeline systems. “Without current, complete, and accurate information, it is difficult for TSA to evaluate the performance of the pipeline security program,” the watchdog added.
Cantwell and Pallone, Jr., asked DHS to produce a “specific plan of action” for addressing GAO’s findings.
U.S. officials dealing with critical infrastructure have placed an increasing emphasis on pipeline security in recent months.
In October, officials from DHS and the Department of Energy announced an initiative to coordinate with oil and gas executives on pipeline cybersecurity. After the meeting, TSA Administrator David Pekoske cited his agency’s “longstanding relationships with pipeline operators” as the basis for a strong partnership.
But in a statement Wednesday, Pallone, Jr., said he was “concerned that TSA lacks both the resources and expertise in energy delivery systems to keep up with its obligations under the law.”
Cantwell and Pallone, Jr., asked DHS a slew of other questions, including which federal agency would be charged with enforcing mandatory pipeline security standards, should Congress enact them. The lawmakers also want to know the percentage of pipelines that are fully compliant with the voluntary guidelines, which TSA updated in March to account for emerging cyberthreats.
Hackers need not target the operational technology behind pipelines to have an impact on a company. In April, a cyberattack struck accounting software used by a Texas-based owner of more than 71,000 miles of pipelines, disrupting a customer transaction service used by the company.
You can read the full letter from Cantwell and Pallone, Jr., to Nielsen below.