PIPELINE SECURITY An Overview of TSA Programs Jack Fox Pipeline Industry Engagement Manager Surface Division Office of Security Policy & Industry Engagement May 5, 2014
TSA and Pipeline Security As the Co-Sector Specific Agency for the Transportation Sector, TSA s pipeline security responsibilities include: Natural gas and hazardous liquid transmission pipelines, Natural gas distribution pipelines, and Toxic inhalation hazard (TIH) pipelines. In addition to the pipeline itself, TSA s responsibilities include those facilities through which natural gas, hazardous liquids, and TIH materials move in transportation, such as compressor and pumping stations, metering and regulator stations, and breakout tanks.
Strategy for Pipeline Security Reduce the risk associated with the transportation of natural gas, hazardous liquids and TIH materials by pipeline Increase the security preparedness of the pipeline industry Objectives Enhance deterrence and mitigate vulnerabilities Enhance pipeline system resiliency Increase the level of domain awareness and info sharing
TSA s Risk Based Focus on Pipelines Objective: Ensure program funding and personnel resources are appropriately directed towards risk reduction activities on critical pipeline infrastructure Analysis conducted of hazardous liquid and natural gas transmission pipeline systems and natural gas distribution systems based on energy transported Results converted to common measure (therms) to allow comparison across pipeline systems Pipeline operators identify critical facilities based upon the criteria contained in the TSA Pipeline Security Guidelines
Pipeline Stakeholder Engagement Objective: Establish and maintain an effective network of pipeline industry and government partners, achieving productive communications and security information sharing
Pipeline Stakeholder Engagement Sector and Government Coordinating Councils Pipeline SCC provides a primary point of entry with industry representatives for addressing the entire range of pipeline security strategies, policies, activities, and issues. Pipeline GCC, the government counterpart for the SCC, coordinates pipeline security matters across governmental entities. To eliminate the need for multiple meetings with the same security partners, TSA worked closely with the Department of Energy to ensure the Pipeline SCC also functioned as the Pipeline Working Group within the Energy Sector.
Pipeline Stakeholder Engagement Pipeline Security Guidelines The Federal security framework for the pipeline industry is provided by the TSA Pipeline Security Guidelines. The current guidance was issued in December 2010 and updated in April 2011 to incorporate changes related to the implementation of the National Terrorism Advisory System. The Pipeline Security Guidelines were developed with the assistance of industry and government members of the Pipeline Sector and Government Coordinating Councils, industry association representatives, and other interested parties.
Pipeline Stakeholder Engagement Smart Practice Observations The Smart Practice document is a compilation of noteworthy practices that were observed by the Pipeline Branch during security reviews of pipeline companies. It is a tool available to companies looking for innovative pipeline security ideas in areas such as: Corporate security plans, Cyber security measures, Facility security measures, Personnel security, and Physical security and access controls
Pipeline Stakeholder Engagement Security Training Analysis of security review results indicated that some companies in the pipeline industry had inadequate security training for employees. As a result, Pipeline Branch developed: A security awareness training program highlighting the signs of terrorism and the employee s role in reporting suspicious activity An IED awareness video for pipeline employees An introduction to pipeline security training program for law enforcement officers
Pipeline Stakeholder Engagement Security Exercises Pipeline Branch has provided the Intermodal Security Training Exercise Program (I-STEP) to pipeline operators. I-STEP enhances the preparedness of our nation's pipeline systems through meaningful evaluations of prevention, preparedness, and ability to respond to security related incidents. An I-STEP exercise involving multiple pipeline system operators was conducted in 2013 to evaluate private sector and Federal agency response to a cyber incident. An annual goal of two pipeline security exercises has been established for this program.
Pipeline Stakeholder Engagement International Pipeline Security Forum Provides an opportunity for pipeline company, industry association, and government representatives to exchange security information and best practices Co-hosted by TSA and Natural Resources Canada Conducted annually, alternating between U.S. and Canadian locations The ninth Pipeline Security Forum was held in Ottawa, Ontario on October 30-31, 2013.
Pipeline Stakeholder Engagement Cybersecurity Cybersecurity Assessment and Risk Management Approach (CARMA) - Collaborated with key stakeholders to identify pipeline industry value chains, critical functions, and supporting cyber infrastructure Threat Information Sharing - Partnered with FBI and ICS-CERT to schedule and conduct classified nation-wide cyber threat briefings to cleared stakeholders National Security Agency Outreach Arranged a discussion between NSA analysts and pipeline operators, with the goal of assisting NSA with vulnerability analysis Harmonization of Federal Cybersecurity Efforts - Coordinated with DHS and DOE to harmonize existing cybersecurity risk management programs
Pipeline Stakeholder Engagement Federal Partners Coordination with the DHS National Protection and Programs Directorate Office of Infrastructure Protection Close collaboration with Sector Outreach and Programs Division Oil and Natural Gas Section Participation with Protective Security Coordination Division on Regional Risk Assessment Program activities relating to pipeline infrastructure Office of Cybersecurity and Communication Cybersecurity Assessment and Risk Management Approach program jointly initiated within the pipeline industry in May 2012 Coordination with the Industrial Control Systems Cyber Emergency Response Team to conduct threat briefings throughout the country for key pipeline industry personnel
Pipeline Stakeholder Engagement Canada Natural Resources Canada (NRCan) TSA, DHS IAIP, and DOE participated with NRCan in assessments of six cross-border pipeline systems. TSA and NRCan have co-sponsored the annual International Pipeline Security Forum since 2005. National Energy Board (NEB) TSA and NEB coordinate closely on pipeline security matters to include the exchange of information on assessment procedures, exercises, and security incidents. Canadian Standards Association TSA participated in the development of Canadian Standard Z246.1-09, Security management for petroleum and natural gas industry systems.
Pipeline Stakeholder Engagement Critical Energy Infrastructure Partnership Led by the Departments of State and Energy Work with foreign governments to assist with training and guidance on critical energy infrastructure issues TSA Pipeline has participated in the coordination and execution of the U.S. visits of foreign delegations from Qatar and Iraq, to include providing briefings on pipeline security efforts: Pipeline Branch has also assisted the State Department Energy Working Group with infrastructure security matters in Colombia
Pipeline Security Assessment Activities Objective: Identify shortfalls in pipeline security and develop programs and policies to upgrade industry security practices and secure high risk infrastructure
Pipeline Security Assessment Activities Corporate Security Reviews The CSR Program is an on-site security review with a pipeline company. Program goals include: Developing first hand knowledge of security planning and execution by critical pipeline operators Establishing and maintaining working relationships with key pipeline executives and security personnel Identifying and sharing smart practices observed throughout the industry
Pipeline Security Assessment Activities Critical Facility Security Reviews The Critical Facility Security Review program continues the on-site inspections of the physical security of critical pipeline facilities. In addition to the inspection of newly listed sites, TSA will revisit facilities to evaluate the implementation status of previous CFI security recommendations. Pipeline operators have updated their listings of critical facilities based on the revised criteria in the 2011 Pipeline Security Guidelines. Critical Facility Security Reviews were initiated in May 2012.
TSA Realignment Surface Division To develop risk-based transportation security policies and engages strategically with security partners in the development and implementation of the policies. Industry Engagement Branch Policy Analysis Branch Policy Execution Branch
Pipeline Strategy National Strategy Deterrence Detection Resilience
Contact Information Jack Fox Pipeline Industry Engagement Manager OSPIE Surface Division Transportation Security Administration Email: jack.fox1@dhs.gov Phone: (571) 227-1239