HR9469-118

1. Short title This Act may be cited as the Pipeline Security Act.

2. Pipeline transportation and pipeline facilities security responsibilities Section 114 of title 49, United States Code, is amended— in subsection (f)— in paragraph (15), by striking and after the semicolon at the end; by redesignating paragraph (16) as paragraph (17); and by inserting after paragraph (15) the following new paragraph: maintain responsibility, in coordination with the Director of the Cybersecurity and Infrastructure Security Agency, as appropriate, for securing pipeline transportation and pipeline facilities (as such terms are defined in section 60101 of this title) against cybersecurity threats (as such term is defined in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650)), acts of terrorism (as such term is defined in section 3077 of title 18), and other security threats; and in subsection (w)(2)(B)— in clause (iii), by striking and after the semicolon at the end; in clause (iv), by striking the period and inserting ; and; and by adding at the end the following new clause: ensuring the security of pipeline transportation and pipeline facilities (as such terms are defined in section 60101 of this title) against cybersecurity threats (as such term is defined in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650)), acts of terrorism (as such term is defined in section 3077 of title 18), and other security threats. by adding at the end the following new subsection: In carrying out responsibilities to secure pipeline transportation and pipeline facilities (as such terms are defined in section 60101 of this title) pursuant to subsection (f)(16), the Administrator of the Transportation Security Administration shall carry out the following: Develop, in consultation with relevant Federal, State, local, Tribal, and territorial entities and public and private sector stakeholders, guidelines for improving the security of pipeline transportation and pipeline facilities against cybersecurity threats (as such term is defined in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650)), acts of terrorism (as such term is defined in section 3077 of title 18), and other security threats, consistent with the National Institute of Standards and Technology Framework for Improvement of Critical Infrastructure Cybersecurity, any update to such guidelines pursuant to section 2(c)(15) of the National Institute for Standards and Technology Act (15 U.S.C. 272(c)(15)), and any other standard the Administrator considers appropriate. Promulgate a security directive or regulation that applies to pipeline transportation or pipeline facilities, as appropriate. Share, as appropriate, with relevant Federal, State, local, Tribal, and territorial entities and public and private sector stakeholders, such guidelines, security directives, and regulations and, as appropriate, intelligence and information regarding such security threats to pipeline transportation and pipeline facilities. Conduct security assessments, as appropriate, based on such guidelines, security directives, or regulations to provide recommendations or requirements for the improvement of the security of pipeline transportation and pipeline facilities against cybersecurity threats, acts of terrorism, and other security threats, including the security policies, plans, practices, and training programs maintained by owners and operators of pipeline transportation and pipeline facilities. Carry out a program through which the Administrator identifies and ranks the relative security risks to certain pipeline transportation and pipeline facilities, and inspects pipeline transportation and pipeline facilities based in part on the designation by owners and operators of such facilities as critical based on such guidelines, security directives, or regulations. The Administrator of the Transportation Security Administration and the Director of the Cybersecurity and Infrastructure Security Agency may detail personnel between their components to leverage expertise. Not later than 180 days after the date of the enactment of this Act, the Administrator of the Transportation Security Administration, in consultation with the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security, shall develop a personnel strategy (in this subsection referred to as the strategy) for carrying out the Administrator’s responsibilities to secure pipeline transportation and pipeline facilities (as such terms are defined in section 60101 of title 49, United States Code), pursuant to paragraph (16) of section 114(f), and subsection (y) of section 114, of title 49, United States Code, as added by subsection (a). The strategy may take into consideration the most recently published versions of each of the following documents: The Transportation Security Administration National Strategy for Transportation Security. The Department of Homeland Security Cybersecurity Strategy. The Transportation Security Administration Cybersecurity Roadmap. The Department of Homeland Security Balanced Workforce Strategy. The Department of Homeland Security Quadrennial Homeland Security Review. Other relevant strategies or plans, as appropriate. The strategy shall include an assessment of the cybersecurity expertise determined necessary by the Administrator of the Transportation Security Administration and a plan for expanding such expertise within the Transportation Security Administration. The strategy shall include an assessment of resources determined necessary by the Administrator of the Transportation Security Administration to carry out such strategy. Upon development of the strategy, the Administrator of the Transportation Security Administration shall provide to the Committee on Homeland Security of the House of Representatives and the Committee on Commerce, Science, and Transportation and the Committee on Homeland Security and Governmental Affairs of the Senate a copy of such strategy. The Administrator of the Transportation Security Administration shall report to the Committee on Homeland Security of the House of Representatives and the Committee on Commerce, Science, and Transportation and the Committee on Homeland Security and Governmental Affairs of the Senate not less frequently than biennially on activities of the of the Administration to carry out responsibilities to secure pipeline transportation and pipeline facilities (as such terms are defined in section 60101 of title 49, United States Code) pursuant to paragraph (16) of section 114(f), and subsection (y) of section 114, of title 49, United States Code, as added by subsection (a), including information with respect to guidelines, directives, regulations, security assessments, and inspections. Each such report shall include a determination by the Administrator regarding whether there is a need for new regulations or non-regulatory initiatives and the basis for such determination. Not later than two years after the date of the enactment of this Act, the Comptroller General of the United States shall conduct a review of the implementation of this Act. Not later than one year after the date of the enactment of this Act, the Administrator of the Transportation Security Administration shall convene at least one industry day to engage with relevant pipeline transportation and pipeline facilities stakeholders on matters related to the security of pipeline transportation and pipeline facilities (as such terms are defined in section 60101 of title 49, United States Code). (16)maintain responsibility, in coordination with the Director of the Cybersecurity and Infrastructure Security Agency, as appropriate, for securing pipeline transportation and pipeline facilities (as such terms are defined in section 60101 of this title) against cybersecurity threats (as such term is defined in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650)), acts of terrorism (as such term is defined in section 3077 of title 18), and other security threats; and; (v)ensuring the security of pipeline transportation and pipeline facilities (as such terms are defined in section 60101 of this title) against cybersecurity threats (as such term is defined in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650)), acts of terrorism (as such term is defined in section 3077 of title 18), and other security threats.; and (y)Pipeline transportation and pipeline facilities responsibilities(1)In generalIn carrying out responsibilities to secure pipeline transportation and pipeline facilities (as such terms are defined in section 60101 of this title) pursuant to subsection (f)(16), the Administrator of the Transportation Security Administration shall carry out the following:(A)Develop, in consultation with relevant Federal, State, local, Tribal, and territorial entities and public and private sector stakeholders, guidelines for improving the security of pipeline transportation and pipeline facilities against cybersecurity threats (as such term is defined in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650)), acts of terrorism (as such term is defined in section 3077 of title 18), and other security threats, consistent with the National Institute of Standards and Technology Framework for Improvement of Critical Infrastructure Cybersecurity, any update to such guidelines pursuant to section 2(c)(15) of the National Institute for Standards and Technology Act (15 U.S.C. 272(c)(15)), and any other standard the Administrator considers appropriate.(B)Promulgate a security directive or regulation that applies to pipeline transportation or pipeline facilities, as appropriate.(C)Share, as appropriate, with relevant Federal, State, local, Tribal, and territorial entities and public and private sector stakeholders, such guidelines, security directives, and regulations and, as appropriate, intelligence and information regarding such security threats to pipeline transportation and pipeline facilities.(D)Conduct security assessments, as appropriate, based on such guidelines, security directives, or regulations to provide recommendations or requirements for the improvement of the security of pipeline transportation and pipeline facilities against cybersecurity threats, acts of terrorism, and other security threats, including the security policies, plans, practices, and training programs maintained by owners and operators of pipeline transportation and pipeline facilities.(E)Carry out a program through which the Administrator identifies and ranks the relative security risks to certain pipeline transportation and pipeline facilities, and inspects pipeline transportation and pipeline facilities based in part on the designation by owners and operators of such facilities as critical based on such guidelines, security directives, or regulations.(2)DetailsThe Administrator of the Transportation Security Administration and the Director of the Cybersecurity and Infrastructure Security Agency may detail personnel between their components to leverage expertise..