[March 2018 Edition with Change 1 (April 2021)]
The Transportation Security Administration (TSA) has updated its Pipeline Security Guidelines manual. This update was published in April 2021. The Criticality Section has been replaced in the new manual. Where the old manual treated all pipelines equally, the new manual breaks down the guidance into gas distribution, gas transmission and hazardous liquid transmission. TSA recommends that pipeline operators develop a written policy and procedure for identifying the critical parts of their pipeline systems. The new policy and procedure should be one more part of the pipeline company’s enterprise risk management process. The new Criticality Section has detailed suggestions for assisting pipeline operators in what should be included in the procedure.
TSA recommends that the process for identifying security risks be done for a single point failure with the assumption that third-party aid will not be available. Then, evaluate the consequences to the pipeline’s customers, disruption to downstream utilities, impact to commercial transport (air and ground), impact to critical infrastructure such as hospitals, and impact to national defense installations and to the Defense Industrial Base. The TSA added a statement to the new manual that this risk analysis is to be treated as sensitive security information with all the necessary access control requirements. The TSA also stated they may want to see the policy and procedure as well as the analysis.
The TSA has also announced that it will begin the rulemaking process for cybersecurity for pipeline operators. At a minimum, the suggested regulations will include reporting ransomware attacks to the TSA.
For a copy of the Pipeline Security Guidelines manual, click here.