Order Code RL33347
Pipeline Safety and Security:
Federal Programs
Updated July 11, 2007
Paul W. Parfomak
Specialist in Science and Technology
Resources, Science, and Industry Division
Pipeline Safety and Security: Federal Programs
Summary
Nearly half a million miles of oil and gas transmission pipeline crisscross the
United States. While an efficient and fundamentally safe means of transport, many
pipelines carry hazardous materials with the potential to cause public injury and
environmental damage. The nation’s pipeline networks are also widespread, running
alternately through remote and densely populated regions; consequently, these
systems are vulnerable to accidents and terrorist attack. The 109th Congress passed
the Pipeline Safety Improvement Act of 2006 (P.L. 109-468) to improve pipeline
safety and security practices, and to reauthorize the federal Office of Pipeline Safety.
The 110th Congress is overseeing the implementation of the act and examining
ongoing policy issues related to the nation’s pipeline network. The Surface
Transportation and Rail Security Act of 2007 (S. 184) would require federal plans for
critical pipeline security and incident recovery, and would mandate pipeline security
inspections and enforcement.
The Office of Pipeline Safety (OPS), within the Department of Transportation
(DOT), is the lead federal regulator of pipeline safety. The OPS uses a variety of
strategies to promote compliance with its safety regulations, including inspections,
investigation of safety incidents, and maintaining a dialogue with pipeline operators.
The agency clarifies its regulatory expectations through a range of communications
and relies upon a range of enforcement actions to ensure that pipeline operators
correct safety violations and take preventive measures to preclude future problems.
The Transportation Security Administration (TSA), within the Department of
Homeland Security (DHS), is the lead federal agency for security in all modes of
transportation — including pipelines. The agency oversees industry’s identification
and protection of pipelines by developing security standards; implementing measures
to mitigate security risk; building stakeholder relations; and monitoring compliance
with security standards, requirements, and regulation. While the OPS and TSA have
distinct missions, pipeline safety and security are intertwined.
Federal activities in pipeline safety and security are evolving. Although pipeline
impacts on the environment remain a concern of some public interest groups, both
federal government and industry representatives suggest that federal pipeline
programs have been on the right track. As oversight of the federal role in pipeline
safety and security continues, Congress may focus on the effectiveness of state
pipeline damage prevention programs, the promulgation of low-stress pipeline
regulations, federal pipeline safety enforcement, and the relationship between DHS
and the DOT with respect to pipeline security, among other provisions in federal
pipeline safety regulation. In addition to these specific issues, Congress may wish
to assess how the various elements of U.S. pipeline safety and security activity fit
together in the nation’s overall strategy to protect transportation infrastructure.
This report will be updated as events warrant.
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Pipeline Industry Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Pipeline Safety Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Pipeline Security Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Office of Pipeline Safety . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Pipeline Safety Improvement Act of 2002 . . . . . . . . . . . . . . . . . . . . . . . 5
OPS Pipeline Security Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Transportation Security Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
TSA Pipeline Security Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
TSA Pipeline Security Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Security Incident Investigations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Federal Energy Regulatory Commission . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Key Policy Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Pipeline Damage Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Low-Stress Pipeline Regulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
OPS Safety Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Federal Pipeline Security Authority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Pipeline Security Regulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
TSA Pipelines Security Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Identifying Critical Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Additional Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Distribution integrity management . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Mandatory Pipeline Assessment Intervals . . . . . . . . . . . . . . . . . . . . . . 19
National Pipeline Mapping System . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Table 1. TSA Pipeline Security Initiatives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Pipeline Safety and Security:
Federal Programs
Introduction1
Nearly half a million miles of oil and gas transmission pipeline crisscross the
United States.2 These pipelines are integral to U.S. energy supply and have vital
links to other critical infrastructure, such as power plants, airports, and military bases.
While an efficient and fundamentally safe means of transport, many pipelines carry
volatile or flammable materials with the potential to cause public injury and
environmental damage. The nation’s pipeline networks are also widespread, running
alternately through remote and densely populated regions; consequently, these
systems are vulnerable to accidents and terrorist attack. The 2006 partial shutdown
of the Prudhoe Bay, Alaska oil field, the largest in the United States, due to pipeline
safety problems was a demonstration of this vulnerability.3
The 109th Congress passed the Pipeline Safety Improvement Act of 2006 (P.L.
109-468) to improve pipeline safety and security practices, and to reauthorize the
federal Office of Pipeline Safety. The President signed the act on December 29,
2006. The 110th Congress is overseeing the implementation of the act and examining
ongoing policy issues related to the nation’s pipeline network. The Surface
Transportation and Rail Security Act of 2007 (S. 184), introduced on January 4,
2007, by Senator Daniel K. Inouye and 20 co-sponsors, and reported by the Senate
Committee on Commerce, Science, and Transportation on February 15, 2007, would
require federal plans for critical pipeline security and incident recovery (Sec. 208),
and would mandate pipeline security inspections and enforcement (Sec. 209).
Pipeline Industry Characteristics
Roughly 160,000 miles of oil pipeline in the United States carry over 75% of the
nation’s crude oil and around 60% of its refined petroleum products.4 Some 180
companies operate the interstate lines, which account for roughly 80% of total
1 Parts of this report were previously published in CRS Report RL31990, Pipeline Security:
An Overview of Federal Activities and Current Policy Issues, by Paul W. Parfomak.
2 Bureau of Transportation Statistics (BTS), “National Transportation Statistics,”April 2007.
[http://www.bts.gov/publications/national_transportation_statistics/html/table_01_10.html].
In this report “oil” includes petroleum and other hazardous liquids such as gasoline, jet fuel,
diesel fuel, and propane, unless otherwise noted.
3 For specific discussion of BP Alaska’s pipeline problems, see CRS Report RL33629, BP
Alaska North Slope Pipeline Shutdowns: Regulatory Policy Issues, by Paul W. Parfomak.
4 BTS, April 2007.
CRS-2
pipeline mileage and transported volume.5 The U.S. natural gas pipeline network
consists of around 210,000 miles of interstate transmission, 85,000 miles of
intrastate transmission, and 40,000 miles of field and gathering pipeline, which
connect gas extraction wells to processing facilities. Around 100 systems make up
the interstate network. Another 90 or so systems operate strictly within individual
states.6 These interstate and intrastate gas transmission pipelines feed around 1.1
million miles of regional lines in some 1,300 local distribution networks.7 Natural
gas pipelines also connect to 113 liquefied natural gas (LNG) storage sites, which
augment pipeline gas supplies during peak demand periods.8
Pipeline Safety Record. Taken as a whole, releases from pipelines cause
few annual fatalities compared to other product transportation modes. Oil pipelines
reported an average of 1.6 deaths per year from 2002 through 2006; gas transmission
pipelines also reported an average of 1.0 deaths per year during the same period.9
Accidental pipeline releases result from a variety of causes, including third-party
excavation, corrosion, mechanical failure, control system failure, and operator error.
Natural forces, such as floods and earthquakes, can also damage pipelines. According
to the Department of Transportation (DOT), there were 110 oil pipeline accidents and
141 gas transmission pipeline accidents in 2006.10 Although pipeline releases have
caused relatively few fatalities in absolute numbers, a single pipeline accident can be
catastrophic. For example, a 1999 gasoline pipeline explosion in Bellingham,
Washington, killed two children and an 18-year-old man, and caused $45 million in
damage to a city water plant and other property. In 2000, a natural gas pipeline
explosion near Carlsbad, New Mexico, killed 12 campers, including four children.11
In 2006, damaged pipelines on the North Slope of Alaska leaked over 200,000
gallons of crude oil in an environmentally sensitive area. These accidents have
generated substantial scrutiny of pipeline regulation and increased state and
community activity related to pipeline safety.12
5 C. J. Trench, How Pipelines Make the Oil Market Work — Their Networks, Operation and
Regulation. For Assoc. of Oil Pipelines, Allegro Energy Group, New York, December 2001.
6 James Tobin, Changes in U.S. Natural Gas Transportation Infrastructure in 2004, Energy
Information Administration (EIA), June 2005, p. 4.
7 BTS, April 2007.
8 Energy Information Administration (EIA), U.S. LNG Markets and Uses, January 2003, p.
1.
9 Office of Pipeline Safety, “Hazardous Liquid Pipeline Operators Accident Summary
Statistics by Year,” [http://ops.dot.gov/stats/LQ_SUM.HTM] and “Natural Gas Pipeline
Operators Incident Summary Statistics by Year,” [http://ops.dot.gov/stats/TRAN_
SUM.HTM] Internet tables. June 14, 2007.
10 Ibid.
11 National Transportation Safety Board, Pipeline Accident Report PAR-03-01, February
2003.
12 W. Loy, “Slope Mayor Questions Leak Detection,” Anchorage Daily News, March 14,
2006; J. Nesmith and R. K. M. Haurwitz, “Pipelines: The Invisible Danger,” Austin
American-Statesman (Austin, TX), July 22, 2001.
CRS-3
Pipeline Security Risks. Pipelines are vulnerable to vandalism and terrorist
attack with firearms, with explosives, or by other physical means. Some pipelines
may also be vulnerable to “cyber-attacks” on computer control systems or attacks on
electricity grids or telecommunications networks.13 Oil and gas pipelines have been
a target of terrorists outside and within the United States. In Colombia, for example,
rebels have bombed the Caño Limón oil pipeline over 600 times since 1995.14 A
Mexican rebel group similarly detonated several bombs along Mexican natural gas
pipelines in July 2007.15 Nigerian militants, likewise, have repeatedly attacked
pipelines and related facilities, including the simultaneous bombing of three oil
pipelines in May 2007.16 In June 2007, the U.S. Department of Justice arrested
members of a terrorist group planning to attack jet fuel pipelines and storage tanks
at the John F. Kennedy (JFK) International Airport in New York.17 In 1996, London
police foiled a plot by the Irish Republican Army to bomb gas pipelines and other
utilities across the city.18 In 1997, Texas police prevented the bombing of natural gas
storage tanks at a processing plant by Ku Klux Klan members seeking to create a
diversion for a robbery (to finance other terrorist actions).19
Since September 11, 2001, federal warnings about Al Qaeda have mentioned
pipelines specifically as potential terror targets in the United States.20 One U.S.
pipeline of particular concern and with a history of terrorist and vandal activity is the
Trans Alaska Pipeline System (TAPS), which transports crude oil from Alaska’s
North Slope oil fields to the marine terminal in Valdez. TAPS runs some 800 miles
and delivers nearly 17% of United States domestic oil production.21 In 1999,
Vancouver police arrested a man planning to blow up TAPS for personal profit in oil
futures.22 In 2001, a vandal’s attack on TAPS with a high-powered rifle forced a
13 J.L. Shreeve. “Science&Technology: The Enemy Within.” The Independent. London. May
31, 2006, p. 8.
14 Government Accountability Office (GAO), Security Assistance: Efforts to Secure
Colombia’s Caño Limón-Coveñas Oil Pipeline Have Reduced Attacks, but Challenges
Remain, GAO-05-971, September 2005, p. 15.
15 James C. McKinley, Jr. “Mexico Increases Pipeline Security After Recent Rebel Bomb
Attacks,” New York Times, p. A8, July 11, 2007.
16 K. Houreld, “Militants Say 3 Nigeria Pipelines Bombed,” Associated Press, May 8, 2007.
17 U.S. Dept. of Justice. “Four Individuals Charged in Plot to bomb John F. Kennedy
International Airport,” Press release, June, 2, 2007.
18 President’s Commission on Critical Infrastructure Protection, Critical Foundations:
Protecting America’s Infrastructures, Washington, DC, October 1997.
19 S. A. Pressley, “Group Planned Massacre and Big Robbery, FBI Says,” Washington Post,
April 25, 1997, p. A02.
20 “Already Hard at Work on Security, Pipelines Told of Terrorist Threat,” Inside FERC,
McGraw-Hill Companies, January 3, 2002.
21 Alyeska Pipeline Service Co., Internet page, Anchorage, AK, March 2006, at [http://www.
alyeska-pipe.com/about.html].
22 D. S. Cloud, “A Former Green Beret’s Plot to Make Millions Through Terrorism,”
(continued...)
CRS-4
two-day shutdown and caused extensive economic and ecological damage.23 In
January 2006, federal authorities acknowledged the discovery of a detailed posting
on a website purportedly linked to Al Qaeda that reportedly encouraged attacks on
U.S. pipelines, especially TAPS, using weapons or hidden explosives.24 In February
2006, the Federal Bureau of Investigation arrested a U.S. citizen for trying to
conspire with Al Qaeda to attack TAPS and a major natural gas pipeline in the
eastern United States.25 To date, there have been no known Al Qaeda attacks on
TAPS or other U.S. pipelines, but operators remain alert.
Office of Pipeline Safety
The Natural Gas Pipeline Safety Act of 1968 (P.L. 90-481) and the Hazardous
Liquid Pipeline Act of 1979 (P.L. 96-129) are two of the key early acts establishing
the federal role in pipeline safety. Under both statutes, the Transportation Secretary
is given primary authority to regulate key aspects of interstate pipeline safety: design,
construction, operation and maintenance, and spill response planning. Pipeline safety
regulations are covered in Title 49 of the Code of Federal Regulations.26 The DOT
administers pipeline regulations through the Office of Pipeline Safety (OPS) within
the Pipelines and Hazardous Materials Safety Administration (PHMSA).27 The OPS
has approximately 170 full-time equivalent staff, including inspectors, based in
Washington, D.C., Atlanta, Kansas City, Houston, and Denver.28 In addition to its
own staff, the OPS’s enabling legislation allows the agency to delegate authority to
intrastate pipeline safety offices, and allows state offices to act as “agents”
administering interstate pipeline safety programs (excluding enforcement) for those
sections of interstate pipelines within their boundaries.29 Over 400 state pipeline
safety inspectors are available in 2007.
The OPS safety program is funded primarily by user fees assessed on a per-mile
basis on each regulated pipeline operator (49 U.S.C. § 60107). P.L. 109-468
22 (...continued)
Ottawa Citizen, December 24, 1999, p. E15.
23 Y. Rosen, “Alaska Critics Take Potshots at Line Security,” Houston Chronicle, February
17, 2002.
24 W. Loy, “Web Post Urges Jihadists to Attack Alaska Pipeline,” Anchorage Daily News,
January 19, 2006.
25 A. Lubrano and J. Shiffman, “Pa. Man Accused of Terrorist Plot,” Philadelphia Inquirer,
February 12, 2006, p. A1.
26 Safety and security of liquified natural gas (LNG) facilities used in gas pipeline
transportation is regulated under CFR Title 49, Part 193.
27 PHMSA succeeds the Research and Special Programs Administration (RSPA),
reorganized under P.L. 108-246, which was signed by the President on November 30, 2004.
28 U.S. Dept. of Transportation, “Budget Estimates Fiscal Year 2008, Submitted for the Use
of the Committees on Appropriations: Pipeline and Hazardous Materials Safety
Administration,” 2007, p.72.
29 49 U.S.C. 601. States may recover up to 50% of their costs for these programs from the
federal government.
CRS-5
authorizes annual OPS expenditures (Sec. 18) of $79.0 million in FY2007, $86.2
million in FY2008, $91.5 million in FY2009, and $96.5 million in FY2010. The
Revised Continuing Appropriations Resolution, 2007 (P.L. 110-5), appropriates $70
million for the OPS for FY2007. The President’s FY2008 budget requests $74.6
million for the OPS.30
The OPS uses a variety of strategies to promote compliance with its safety
standards. The agency conducts physical inspections of facilities and construction
projects; conducts programmatic inspections of management systems, procedures,
and processes; investigates safety incidents; and maintains a dialogue with pipeline
operators. The agency clarifies its regulatory expectations through published
protocols and regulatory orders, guidance manuals, and public meetings. The OPS
relies upon a range of enforcement actions, including administrative actions and civil
penalties, to ensure that operators correct safety violations and take measures to
preclude future safety problems. From 2002 through 2006, the OPS initiated 1,313
enforcement actions against pipeline operators. Civil penalties proposed by the OPS
for safety violations during this period totaled approximately $10.9 million.31 The
OPS also conducts accident investigations and systemwide reviews focusing on high-
risk operational or procedural problems and areas of the pipeline near sensitive
environmental areas, high-density populations, or navigable waters.
Since 1997, the OPS has increasingly encouraged industry’s implementation of
“integrity management” programs on pipeline segments near “high consequence”
areas. Integrity management provides for continual evaluation of pipeline condition;
assessment of risks to the pipeline; inspection or testing; data analysis; and followup
repair, as well as preventive or mitigative actions. High-consequence areas include
population centers, commercially navigable waters, and environmentally sensitive
areas, such as drinking water supplies or ecological reserves. The integrity
management approach directs priority resources to locations of highest consequence
rather than applying uniform treatment to the entire pipeline network.32 The OPS
made integrity management programs mandatory for most operators with 500 or
more miles of regulated oil pipeline as of March 31, 2001 (49 C.F.R. § 195).
Pipeline Safety Improvement Act of 2002. On December 12, 2002,
President Bush signed into law the Pipeline Safety Improvement Act of 2002 (P.L.
107-355). The act strengthens federal pipeline safety programs, state oversight of
pipeline operators, and public education regarding pipeline safety.33 Among other
30 U.S. Office of Management and Budget (OMB), Budget of the United States Government,
Fiscal Year 2008 — Appendix, Washington, DC, February 2007, p. 835.
31 Office of Pipeline Safety (OPS). “PHMSA Pipeline Safety Program: Summary of
Enforcement Actions.” Web page. May 15, 2007. [http://primis.phmsa.dot.gov/comm/
reports/enforce/Letters_opid_0.html].
32 Research and Special Programs Administration (RSPA), Pipeline Safety. Pipeline
Integrity Management in High Consequence Areas (Hazardous Liquid Operators with 500
or More Miles of Pipeline), Federal Register, December 1, 2000, p. 75378.
33 P.L. 107-355 encourages the implementation of state “one-call” excavation notification
(continued...)
CRS-6
provisions, P.L. 107-355 requires operators of regulated gas pipelines in high-
consequence areas to conduct risk analysis and implement integrity management
programs similar to those required for oil pipelines.34 The act authorizes the DOT
to order safety actions for pipelines with potential safety problems (Sec. 7) and
increases violation penalties (Sec. 8). The act attempts to streamline the permitting
process for emergency pipeline restoration by establishing an interagency committee,
including the DOT, the Environmental Protection Agency, the Bureau of Land
Management, the Federal Energy Regulatory Commission, and other agencies, to
ensure coordinated review and permitting of pipeline repairs (Sec. 16). The act
requires DOT to study ways to limit pipeline safety risks from population
encroachment and ways to preserve environmental resources in pipeline rights-of-
way (Sec. 11). P.L. 107-355 also includes provisions for public education, grants for
community pipeline safety studies, “whistle blower” and other employee protection,
employee qualification programs, and mapping data submission.
OPS Pipeline Security Activities. Presidential Decision Directive 63
(PDD-63), issued during the Clinton administration, assigned lead responsibility for
pipeline security to the DOT.35 At the time, these responsibilities fell to the OPS,
since the agency was already addressing some elements of pipeline security in its role
as safety regulator. In 2002, the OPS conducted a vulnerability assessment to
identify critical pipeline facilities and worked with industry groups and state pipeline
safety organizations “to assess the industry’s readiness to prepare for, withstand and
respond to a terrorist attack....”36 Together with the Department of Energy and state
pipeline agencies, the OPS promoted the development of consensus standards for
security measures tiered to correspond with the five levels of threat warnings issued
by the Office of Homeland Security.37 The OPS also developed protocols for
inspections of critical facilities to ensure that operators implemented appropriate
security practices. To convey emergency information and warnings, the OPS
established a variety of communication links to key staff at the most critical pipeline
facilities throughout the country. The OPS also began identifying near-term
33 (...continued)
programs (Sec. 2) and allows states to enforce “one-call” program requirements. The act
expands criminal responsibility for pipeline damage to cases where damage was not caused
“knowingly and willfully” (Sec. 3). The act adds provisions for ending federal-state pipeline
oversight partnerships if states do not comply with federal requirements (Sec. 4).
34 A 2006 Government Accountability Office (GAO) report found that the OPS’s gas
integrity management program benefitted public safety, although the report recommended
revisions to the OPS’s performance measures. See GAO. Natural Gas Pipeline Safety:
Integrity Management Benefits Public Safety, but Consistency of Performance Measures
Should Be Improved. GAO-06-946, September 8, 2006, pp. 2-3.
35 Presidential Decision Directive 63, Protecting the Nation’s Critical Infrastructures, May
22, 1998.
36 RSPA, RSPA Pipeline Security Preparedness, December 2001.
37 Ellen Engleman, RSPA Administrator, statement before the Subcommittee on Energy and
Air Quality, House Energy and Commerce Committee, March 19, 2002.
CRS-7
technology to enhance deterrence, detection, response, and recovery, and began
seeking to advance public and private sector planning for response and recovery.38
On September 5, 2002, the OPS circulated formal guidance developed in
cooperation with the pipeline industry associations defining the agency’s security
program recommendations and implementation expectations. This guidance
recommended that operators identify critical facilities, develop security plans
consistent with prior trade association security guidance, implement these plans, and
review them annually.39 While the guidance was voluntary, the OPS expected
compliance and informed operators of its intent to begin reviewing security programs
within 12 months, potentially as part of more comprehensive safety inspections.40
Transportation Security Administration
In November 2001, President Bush signed the Aviation and Transportation
Security Act (P.L. 107-71) establishing the Transportation Security Administration
(TSA) within the DOT. According to TSA, the act placed the DOT’s pipeline
security authority (under PDD-63) within TSA. The act specified for TSA a range
of duties and powers related to general transportation security, such as intelligence
management, threat assessment, mitigation, security measure oversight and
enforcement, among others. On November 25, 2002, President Bush signed the
Homeland Security Act of 2002 (P.L. 107-296) creating the Department of Homeland
Security (DHS). Among other provisions, the act transferred to DHS the
Transportation Security Administration from the DOT (Sec. 403). On December 17,
2003, President Bush issued Homeland Security Presidential Directive 7 (HSPD-7),
clarifying executive agency responsibilities for identifying, prioritizing, and
protecting critical infrastructure.41 HSPD-7 maintains DHS as the lead agency for
pipeline security (par. 15), and instructs the DOT to “collaborate in regulating the
transportation of hazardous materials by all modes (including pipelines)” (par. 22h).
The order requires that DHS and other federal agencies collaborate with “appropriate
private sector entities” in sharing information and protecting critical infrastructure
(par. 25). TSA has joined both the Energy Government Coordinating Council and
the Transportation Government Coordinating Council under provisions in HSPD-7.
The missions of the councils are to work with their industry counterparts to
coordinate critical infrastructure protection programs in the energy and transportation
sectors, respectively, and to facilitate the sharing of security information.
TSA Pipeline Security Plan. HSPD-7 also required DHS to develop a
national plan for critical infrastructure and key resources protection (par. 27), which
the agency issued in 2006 as the National Infrastructure Protection Plan (NIPP).
The NIPP, in turn, required each critical infrastructure sector to develop a Sector
38 Ellen Engleman, RSPA Administrator, statement before the Subcommittee on Highways
and Transit, House Transportation and Infrastructure Committee, February 13, 2002.
39 James K. O’Steen, RSPA, Implementation of RSPA Security Guidance, presentation to
the National Association of Regulatory Utility Commissioners, February 25, 2003.
40 Office of Pipeline Safety (OPS), personal communication, June 10, 2003.
41 HSPD-7 supersedes PDD-63 (par. 37).
CRS-8
Specific Plan (SSP) that describes strategies to protect its critical infrastructure,
outlines a coordinated approach to strengthen its security efforts, and determines
appropriate funding for these activities. Executive Order 13416 further required the
transportation sector SSP to prepare annexes for each mode of surface transportation
with the following information:
! identification of existing security guidelines, requirements, and gaps,
! description of how the SSP plan will be implemented for each mode,
! respective roles of government entities and the private sector,
! processes for review of information sharing mechanisms, and
! processes for assessing security guideline compliance and revision.42
In accordance with the above requirements, the TSA issued its Transportation
Systems Sector Specific Plan and Pipeline Modal Annex in May 2007.
TSA Pipeline Security Activities. Pipeline security activities at TSA are
led by the Pipeline Security Division (PSD) within the agency’s Office of
Transportation Sector Network Management.43 According to the agency’s Pipeline
Modal Annex (PMA), TSA has been engaged in a number of specific pipeline
security initiatives since 2003, as summarized in Table 1.
In 2003, TSA initiated its Corporate Security Review (CSR) program, wherein
the agency visits the largest pipeline and natural gas distribution operators to review
their security plans and inspect their facilities. (The OPS participated with TSA in
a number of security reviews in 2003, but has not done so since then.) During the
reviews, TSA evaluates whether each company is following the intent of the OPS
security guidance, and seeks to collect the list of assets each company had identified
meeting the criteria established for critical facilities. In 2004, the DOT reported that
the plans reviewed to date (approximately 25) had been “judged responsive to the
OPS guidance.”44 As of July 2007, TSA had completed 65 CSR reviews, with a
long-term goal of one per month. According to TSA, virtually all of the companies
reviewed have developed security plans, identified critical assets, and conducted
background checks on new employees. Most have also implemented employee
security training programs and raised local community and law enforcement
awareness of pipeline security as part of their emergency response obligations.45
Nonetheless, the CSR reviews also have identified inadequacies in some company
security programs such as poor access controls, deficient security equipment, lack of
real-time threat information, and irregular security exercises.46
42 Executive Order 13416, “Strengthening Surface Transportation Security,” December 5,
2006.
43 These offices were formerly known as the Pipeline Security Program Office and the
Intermodal Security Program Office, respectively.
44 Department of Transportation (DOT), “Action Taken and Actions Needed to Improve
Pipeline Safety,” CC-2004-061, June 16, 2004, p. 21.
45 TSA, Pipeline Security Division, personal communication, July 6, 2007.
46 TSA, Intermodal Security Program Office, presentation to the DGC Homeland Security
(continued...)
CRS-9
Table 1. TSA Pipeline Security Initiatives
Initiative
Description
Participantsa
Pipeline Policy and
Coordination, development, implementation, and
TSA, DHS,
Planning
monitoring of pipeline security plans
DOT, DOE
Sector Coordinating
Government partners coordinate interagency and
TSA, DOE,
Councils and Joint
cross-jurisdictional implementation of critical
Other agencies,
Sector Committee
infrastructure security
Industry
Corporate Security
On-site reviews of pipeline operator security
TSA, Industry
Reviews (CSR)
Pipeline System Risk
Statistical tool used for relative risk ranking and
TSA, Industry
Tool
prioritizing of CSR findings
Pipeline Cross-
U.S. and Canadian security assessment and
TSA, Canada
Border Vulnerability
planning for critical cross-border pipeline
Assessment
Regional Gas
Regional supply studies for key natural gas
TSA, DOE,
Pipeline Studies
markets
INGAA, GTI,
NETL, Industry
Cyber Attack
Training/presentations on Supervisory Control and
TSA, GTI
Awareness
Data Acquisition (SCADA) system vulnerabilities
Landscape Depiction
Incorporates depiction of the pipeline domain
TSA
and Analysis Tool
with risk analysis components
International Pipeline
International forum for U.S. and Canadian
TSA, Canada,
Security Forum
governments and pipeline industry officials
Other agencies,
Industry
“G8” Multinational
Multinational-sharing of pipeline threat assessment
TSA, DHS,
Security Assessment
methods, advisory levels, effective practices, and
State Dept.,
and Planning
vulnerability information; also develops a G8-
G8 Nations
based contingency planning guidance document
Security Awareness
Informational compact discs about pipeline
TSA
Training
security issues and improvised explosive devices
Stakeholder
Periodic information-sharing conference calls
TSA, Other
Conference Calls
between key pipeline security stakeholders
agencies,
Industry
Pipeline Blast
Explosives tests on various pipe configurations to
TSA, DOD,
Mitigation Studies
determine resiliency characteristics
Other agencies
Virtual Library
Development of TSA information-sharing Web
TSA
Pipeline Site
portal
Source: Transportation Security Administrtaion, Pipeline Modal Annex, June 2007, pp. 10-11.
[http://www.dhs.gov/xlibrary/assets/Transportation_Pipeline_Modal_Annex_5_21_07.pdf].
Note:
a. Key: DHS = Dept. Of Homeland Security, DOE = Dept. of Energy, G8 = Group of Eight (U.S.,
U.K., Canada, France, Germany, Italy, Japan, and Russia), GTI = Gas Technology Institute,
INGAA = Interstate Natural Gas Association of America, NETL = National Energy Technology
Laboratory, TSA = Transportation Security Administration.
46 (...continued)
Conference, Alexandria, VA, December 7, 2005, pp. 18-20.
CRS-10
In addition to the initiatives in Table 1, TSA has worked to establish
qualifications for personnel seeking unrestricted access to critical pipeline assets, and
has developed its own inventory of critical pipeline infrastructure.47 The agency has
also addressed legal issues regarding recovery from terrorist attacks, such as FBI
control of crime scenes and eminent domain in pipeline restoration. In October 2005,
TSA issued an overview of recommended security practices for pipeline operators
“for informational purposes only ... not intended to replace security measures already
implemented by individual companies.”48 The agency released revised guidance on
security best practices at the end of 2006.
The mission of TSA’s Pipeline Security Division currently includes developing
security standards; implementing measures to mitigate security risk; building and
maintaining stakeholder relations, coordination, education and outreach; and
monitoring compliance with security standards, requirements, and regulations. The
President’s FY2008 budget request for DHS does not include a separate line item for
TSA’s pipeline security activities. The budget request does include a $41.4 million
line item for “Surface Transportation Security,” which encompassed all security
activities in non-aviation transportation modes, including pipelines.49 The PSD has
traditionally received from the agency’s general operational budget an allocation for
routine operations such as regulation development, travel, and outreach. According
to the PSD, the current budget funds 11 full-time staff within the office. These staff
will conduct pipeline security inspections, maintain TSA’s asset database, support
TSA’s multi-modal risk models, develop new security standards, and issue
regulations as required. In addition, the PSD has access to approximately 100 surface
transportation inspectors within TSA who could potentially be trained to perform
pipeline inspections in the future should the need arise.50
In January 2007 testimony before Congress, the TSA Administrator stated that
the agency intended to conduct a pipeline infrastructure study to identify the “highest
risk” pipeline assets, building upon such a list developed through the CSR program.
He also stated that the agency would use its ongoing security review process to
determine the future implementation of baseline risk standards against which to set
measurable pipeline risk reduction targets.51 The Surface Transportation and Rail
Security Act of 2007 (S. 184) would require TSA, in consultation with the OPS, to
develop a plan for the federal government to provide increased security support to the
“most critical” pipelines at high or severe security alert levels and when there is
specific security threat information relating to such pipeline infrastructure (Sec.
47 TSA, TSA Multi-Modal Criticality Evaluation Tool, TSA Threat Assessment and Risk
Management Program, slide presentation, April 15, 2003.
48 TSA, Intermodal Security Program Office, Pipeline Security Best Practices, October 19,
2005, p. 1.
49 U.S. Office of Management and Budget (OMB), Budget of the United States Government,
Fiscal Year 2008 — Appendix, Washington, DC, February 2007, p. 455.
50 TSA, July 6, 2007.
51 Hawley, Kip, Asst. Secretary, Dept. of Homeland Security. Testimony before the Senate
Committee on Commerce, Science, and Transportation hearing on Federal Efforts for Rail
and Surface Transportation Security. January 18, 2007.
CRS-11
208(a)(1)). The act also requires a recovery protocol plan in the event of an incident
affecting the interstate and intrastate pipeline system (Sec. 208(a)(2)).
Security Incident Investigations. In addition to the above pipeline security
initiatives, the TSA Pipeline Security Division has also performed a limited number
of vulnerability assessments and supported investigations for specific companies and
assets where intelligence information has suggested potential terrorist activity.52 The
PSD, along with the OPS, was involved in the investigation of an August 2006
security breach at an LNG peak-shaving plant in Lynn, MA.53 Although not a
terrorist incident, the security breach involved the penetration of intruders through
several security barriers and alert systems, permitting them to access the main LNG
storage tank at the facility. The PSD also became aware of the JFK terrorist plot in
its early stages and supported the Federal Bureau of Investigation’s associated
investigation. The PSD engaged the private sector in helping to assess potential
targets and determine potential consequences. The PSD worked with the pipeline
company to keep it informed about the plot, discuss its security practices, and review
its emergency response plans.54
Federal Energy Regulatory Commission
One area related to pipeline safety and security not under either the OPS’s or
TSA’s primary jurisdiction is the siting approval of new gas pipelines, which is the
responsibility of the Federal Energy Regulatory Commission (FERC). Companies
building interstate gas pipelines must first obtain from FERC certificates of public
convenience and necessity. (FERC does not oversee oil pipeline construction.)
FERC must also approve the abandonment of gas facility use and services. These
approvals may include safety and security provisions with respect to pipeline routing,
safety standards and other factors.55 As a practical matter, however, FERC has
traditionally left these considerations to the OPS.56
On September 14, 2001, the Federal Energy Regulatory Commission (FERC)
notified FERC regulated companies that it would “approve applications proposing
the recovery of prudently incurred costs necessary to further safeguard the nation’s
energy systems and infrastructure” in response to the terror attacks of 9/11. FERC
also committed to “expedite the processing on a priority basis of any application that
would specifically recover such costs from wholesale customers.” Companies could
propose a surcharge over currently existing rates or some other cost recovery
52 TSA, Intermodal Security Program Office, personal communication, August 30, 2006.
53 Pipeline and Hazardous Materials Safety Administration (PHMSA). “Pipeline Safety:
Lessons Learned From a Security Breach at a Liquefied Natural Gas Facility.” Docket No.
PHMSA — 04 — 19856. Federal Register. Vol. 71. No. 249. December 28, 2006, p. 78269;
TSA, Intermodal Security Program Office, personal communication, August 30, 2006.
54 TSA, July 6, 2007.
55 U.S. Code of Federal Regulations. 18 CFR 157.
56 FERC. Personal communication. May 22, 2003.
CRS-12
method.57 In FY2005, the commission processed security cost recovery requests
from 14 oil pipelines and 3 natural gas pipelines.58
In February 2003, FERC handed down a new rule (RM02-4-000) to protect
critical energy infrastructure information (CEII). The rule defines CEII as information
that “must relate to critical infrastructure, be potentially useful to terrorists, and be
exempt from disclosure under the Freedom of Information Act.” According to the
rule, critical infrastructure is “existing and proposed systems and assets, whether
physical or virtual, the incapacity or destruction of which would negatively affect
security, economic security, public health or safety, or any combination of those
matters.” CEII excludes “information that identifies the location of infrastructure.”
The rule also establishes procedures for the public to request and obtain such critical
information, and applies both to proposed and existing infrastructure.59
On May 14, 2003, FERC handed down new rules (RM03-4) facilitating the
restoration of pipelines after a terrorist attack. The rules allow owners of a damaged
pipeline to use blanket certificate authority to immediately start rebuilding, regardless
of project cost, even outside existing rights-of-way. Pipeline owners would still need
to notify landowners and comply with environmental laws. Prior rules limited
blanket authority to $17.5 million projects and 45-day advance notice.60
Key Policy Issues
The 110th Congress is overseeing the implementation of the Pipeline Safety
Improvement Act of 2006 (P.L. 109-468) which amends pipeline safety and security
law, and reauthorizes the federal Office of Pipeline Safety. In its ongoing oversight
of federal pipeline safety and security activities, Congress may examine a number of
key issues which have drawn particular attention in policy debate. P.L. 109-468
contains additional provisions not discussed in this report
Pipeline Damage Prevention
According to OPS statistics, third-party excavation damage is the single greatest
cause of accidents among natural gas distribution pipelines.61 It is also a leading
cause of damage among natural gas transmission and hazardous liquids pipelines.
57 Federal Energy Regulatory Commission (FERC). News release. R-01-38. Washington,
DC. September 14, 2001.
58 Federal Energy Regulatory Commission (FERC). Federal Energy Regulatory Commission
Annual Report FY2005, 2006, p. 19. These are the most recent figures reported by FERC.
59 Federal Energy Regulatory Commission (FERC).. News release. R-03-08. Washington,
DC. February 20, 2003.
60 Schmollinger, Christian. “FERC OKs Emergency Reconstruction.” Natural Gas Week.
May 13, 2003.
61 Office of Pipeline Safety (OPS). “Distribution Pipeline Incident Summary by Cause:
1/1/2006 - 12/31/2006.” April 19, 2007. [http://ops.dot.gov/stats/NGDIST06.HTM].
CRS-13
Some policy makers have proposed the establishment of federal civil penalties for
violations of state “one-call” notification programs to prevent excavation damage to
underground pipelines. While supporting stronger enforcement of excavation
damage prevention programs, other stakeholders have argued that such enforcement
is best performed by state regulators responsible for administering one-call programs
rather than by the federal government. They favor an approach which encourages
state enforcement, unless the federal government determines that a state’s
enforcement efforts are ineffective.62 Consistent with this approach, P.L. 109-468
prohibits federal enforcement in states already imposing such penalties (Sec. 2). The
act also authorizes grants to states (and certain municipalities) for improving damage
prevention programs if the states have been certified (under 49 U.S.C. § 60105-
60106) or can demonstrate that they are establishing an “effective” program, as
subsequently defined (Sec. 2).
Low-Stress Pipeline Regulations
Pipelines operated at less than 20% of the specified minimum strength of the
material from which they are constructed are classified as “low-stress” pipelines
under 49 C.F.R. § 195.2. According to the OPS, federal pipeline safety regulations
originally did not apply to low-stress pipelines because they operated at low
pressures, were not prone to accidents, and were thought to pose little risk to the
public. In 1994, however, the OPS extended its hazardous liquid pipeline regulations
under 49 C.F.R. § 195 to include low-stress pipelines that 1) transport highly volatile
liquids, 2) are not located in rural areas, 3) are located offshore, or 4) are located in
waterways used for commercial navigation (§ 195.1(b)(3)).
The regulation of low-stress pipeline regulations has come under greater
Congressional scrutiny since March 2006, after a spill from a BP pipeline oil pipeline
led to the partial shutdown of the Prudhoe Bay area oil field on the North Slope of
Alaska. In its March 15, 2006, Corrective Action Order (CAO) issued to BP, the
OPS found that BP’s pipelines met the definition of a “hazardous pipeline facility”
under 49 U.S.C. § 60112(a), which grants general authority under the statute, but that
specific federal pipeline safety regulations under 49 C.F.R. § 195 did not apply at that
time because BP’s pipelines were classified as “low-stress” and fell under the
exception in 49 C.F.R. § 195.1(b)(3).63 In August 2006, BP announced additional
disruption of North Slope oil supplies to conduct major pipeline repairs “following
the discovery of unexpectedly severe corrosion and a small spill from a Prudhoe Bay
oil transit line.”64 BP has since admitted to flaws in its maintenance models and, in
62 Felt, T., President and CEO, Explorer Pipeline. Statement before the House Committee
on Energy and Commerce, Subcommittee on Energy and Air Quality hearing on
Reauthorization of the Pipeline Safety Act. July 27, 2006.
63 Pipeline and Hazardous Material Safety Admin. (PHMSA). Corrective Action Order in
the Matter of BP Exploration (Alaska), Inc., Respondent. CPF No. 5-2006-5015H. March
15, 2006. [http://ops.dot.gov/regions/west/BP%205-2006-5015H%20-%20Final.pdf].
64 BP Exploration Alaska, Inc. “BP to Shutdown Prudhoe Bay Oil Field.” Press release.
August 6, 2006. [http://usresponse.bp.com/go/doc/1249/127496].
CRS-14
retrospect, the inadequacy of its overall maintenance program for its North Slope
operations.65
On September 6, 2006, the OPS published in the Federal Register proposed
rules for risk-based regulation of hazardous liquid low-stress pipelines located in
“unusually sensitive areas” and exempted from its regulations under 49 C.F.R. §
195.66 The OPS defines an unusually sensitive area (USA) as “a drinking water or
ecological resource area that is unusually sensitive to environmental damage from a
hazardous liquid pipeline release” (49 C.F.R. § 195.6).67 Although USAs would be
identified on a site-by-site basis, the OPS has indicated that the North Slope is a
USA.68 The agency expected to finalize regulations for low-stress hazardous liquids
pipelines in USAs by the end of 2006, but has required more time to incorporate
additional provisions under P.L. 109-648. The agency announced modifications to
its 2006 proposed rules for low-stress hazardous liquid pipelines on May 18, 2007.69
P.L. 109-648 requires the OPS to promulgate final regulations by December 31, 2007
(Sec. 4). In reviewing the OPS’s final criteria for low-stress pipeline regulation,
Congress may consider the balance between the potential safety benefits and the
potential costs of stricter safety programs in light of BP’s pipeline problems and
potential problems among similar pipeline systems elsewhere in the United States.
OPS Safety Enforcement
The adequacy of the OPS’s enforcement strategy has been an ongoing concern
of Congress, particularly after the fatal pipeline accidents in Washington and New
Mexico. A report from the General Accounting Office in 2000 called into question
fundamental changes in OPS’s enforcement strategy at the time, such as sharply
reducing the use of fines to enforce compliance with pipeline safety regulations.70
Provisions in the Pipeline Safety Improvement Act of 2002 (P.L. 107-355) put added
scrutiny on the effectiveness of the OPS’s enforcement strategy and assessment of
civil penalties (Sec. 8). A 2004 Government Accountability Office (GAO) report
reexamining OPS enforcement stated that the agency had made a number of changes
in its enforcement strategy with the potential to improve pipeline safety. The report
65 Marshall, S., President, BP Exploration (Alaska) Inc. Comments to the Joint Alaska
Senate and House Resources Committee. August18, 2006; Malone, R., August 7, 2006.
66 Pipeline and Hazardous Materials Safety Administration (PHMSA). “Pipeline Safety:
Protecting Unusually Sensitive Areas From Rural Onshore Hazardous Liquid Gathering
Lines and Low-Stress Lines.” Federal Register. Vol. 71. No. 172. September 6, 2006, pp.
52504-52519.
67 49 C.F.R. § 195.6 further define “drinking water” or “ecological resource” areas.
68 Dept. of Transportation (DOT). “U.S. Department of Transportation Proposes New Safety
Requirements for Rural Low-Stress and Gathering Pipelines in Unusually Sensitive Areas.”
Press release. PHMSA 8-06. August 31, 2006.
69 Pipeline and Hazardous Materials Safety Administration (PHMSA). “Pipeline Safety:
Protecting Unusually Sensitive Areas From Rural Low-Stress Hazardous Liquid Pipelines.”
Federal Register. Vol. 72. No. 96. May 18, 2007, pp. 28008-28016.
70 General Accounting Office (GAO). Pipeline Safety: The Office of Pipeline Safety Is
Changing How It Oversees the Pipeline Industry. GAO/RCED-00-128. May 2000, p. 22.
CRS-15
concluded, however, that the effectiveness of the strategy could not yet be determined
because OPS’s program had not incorporated “clear program goals, a well-defined
strategy for achieving those goals, and performance measures linked to the program
goals.”71 In March 2006 testimony before Congress, the GAO reported that the OPS
had adopted measures that appeared to be responsive to the agency’s earlier concerns,
although the GAO had not reviewed the strategy or its implementation in depth.72
In April 2006, PHMSA testified before Congress that the OPS had
institutionalized a “tough-but-fair” approach to enforcement, “imposing and
collecting larger penalties, while guiding pipeline operators to enhance higher
performance.”73 According to the agency, $4 million in proposed civil penalties in
2005 was three times greater than penalties proposed in 2003, the first year higher
penalties could be imposed under P.L. 107-355 (Sec. 8(a)).74 Proposed penalties in
2006 totaled $2 million.75
Notwithstanding the agency’s efforts to change its pipeline safety enforcement
strategy, some analysts have held that the OPS’s enforcement actions have not been
sufficiently transparent to the public, other government agencies, or industry.76 P.L.
109-468 requires the agency to issue monthly summaries of OPS enforcement actions
including violation and penalty information for each action, and provide a
mechanism for pipeline operators to make response information available to the
public (Sec. 6). To meet these requirements, the OPS has established an Internet
portal with pipeline safety enforcement information.77
Federal Pipeline Security Authority
Congress has repeatedly raised questions about the appropriate division of
pipeline security authority between the OPS and TSA.78 Both the OPS and TSA have
played important roles in the federal pipeline security program, with TSA the
designated lead agency since 2002. In 2004, the DOT and DHS entered into a
memorandum of understanding (MOU) concerning their respective security roles in
71 Ibid. GAO. July 2004, p. 3.
72 Siggerud, K. Government Accountability Office (GAO). Testimony before the House
Committee on Transportation and Infrastructure, Subcommittee on Highways, Transit and
Pipelines hearing on Pipeline Safety. GAO-06-474T. March 16, 2006, p. 11.
73 Gerard, S.L., Pipeline and Hazardous Materials Admin.(PHMSA). Testimony before the
House Energy and Commerce Committee, Energy and Air Quality Subcommittee hearing
on Pipeline Safety. Serial No. 109-84. April 27, 2006, p. 14.
74 Ibid.
75 OPS. May 15, 2007.
76 Ibid. Epstein, L.N. July 27, 2006.
77 Office of Pipeline Safety (OPS). “PHMSA Pipeline Safety Program: Enforcement.” Web
page. May 15, 2007. [http://primis.phmsa.dot.gov/comm/reports/enforce/Enforcement.html].
78 For example, see Hon. William J. Pascrell, Jr., statement at the House Committee on
Transportation and Infrastructure, Subcommittee on Highways, Transit and Pipelines,
hearing on Pipeline Safety, March 16, 2006.
CRS-16
all modes of transportation. The MOU notes that DHS has the primary responsibility
for transportation security with support from the DOT, and establishes a general
framework for cooperation and coordination. The MOU states that “specific tasks
and areas of responsibility that are appropriate for cooperation will be documented
in annexes ... individually approved and signed by appropriate representatives of
DHS and DOT.”79 On August 9, 2006, the departments signed an annex “to delineate
clear lines of authority and responsibility and promote communications, efficiency,
and nonduplication of effort through cooperation and collaboration between the
parties in the area of transportation security.”80
In January 2007, the PHMSA Administrator testified before Congress that the
agency had established a joint working group with TSA “to improve interagency
coordination on transportation security and safety matters, and to develop and
advance plans for improving transportation security,” presumably including pipeline
security.81 According to TSA, the working group has developed a multi-year action
plan specifically delineating roles, responsibilities, resources, and actions to execute
11 program elements: identification of critical infrastructure/key resources and risk
assessments; strategic planning; developing regulations and guidelines; conducting
inspections and enforcement; providing technical support; sharing information during
emergencies; communications; stakeholder relations; research and development;
legislative matters; and budgeting. The working group meets quarterly to update the
plan.82 P.L. 109-468 requires the DOT Inspector General to assess the pipeline
security actions taken by the DOT in implementing its 2004 MOU with the DHS
(Sec. 23). It remains to be determined whether the cooperative activities put in place
between the OPS and TSA based on the provisions in their MOU annex will be
implemented effectively, given the two agencies’ existing structures and obligations.
Pipeline Security Regulations
As noted earlier in this report, federal pipeline security activities have to date
relied upon voluntary industry compliance with OPS security guidance and TSA
security best practices. By initiating this voluntary approach, the OPS sought to
speed adoption of security measures by industry and avoid the publication of
sensitive security information (e.g., critical asset lists) that would normally be
79 Dept. of Homeland Security (DHS) and Dept. Of Transportation (DOT). Memorandum
of Understanding Between the Department of Homeland Security and the Department of
Transportation on Roles and Responsibilities. September 28, 2004, p. 4.
80 Transportation Security Admin. and Pipelines and Hazardous Materials Safety Admin.,
“Transportation Security Administration and Pipelines and Hazardous Materials Safety
Administration Cooperation on Pipelines and Hazardous Materials Transportation Security,”
August 9, 2006. [http://www.tsa.gov/assets/pdf/tsa-phmsa_annex_to_dhs-dot_mou.pdf].
81 Barrett, T.J., Administrator, Pipeline and Hazardous Materials Safety Administration
(PHMSA). Testimony before the Senate Committee on Commerce, Science, and
Transportation hearing on Federal Efforts for Rail and Surface Transportation Security.
January 18, 2007.
82 TSA, Pipeline Security Division, personal communication, July 6, 2007.
CRS-17
required in public rulemaking.83 Likewise, although TSA’s FY2005 budget
justification stated that the agency would “issue regulations where appropriate to
improve the security of the [non-aviation transportation] modes,” the agency has not
done so for pipelines.84 TSA believes that the pipeline industry “has taken the
security guidance seriously and has done a good job” to date.85 The pipelines
industry has expressed concern that new security regulations and related requirements
may be “redundant” and “may not be necessary to increase pipeline security.”86
Likewise the PHMSA Administrator has testified that enhancing security “does not
necessarily mean that we must impose regulatory requirements.”87 Accordingly,
neither TSA nor OPS appear to be actively developing pipeline security regulations,
although they have not ruled out doing so in the future.
Provisions in P.L. 109-468 require the DOT Inspector General to “address the
adequacy of security standards for gas and oil pipelines” (Sec. 23(b)(4)). S. 184
would require TSA, in consultation with the OPS, to establish within one year of
enactment a program for reviewing the adoption by pipeline operators of the 2002
OPS security guidance, including the review of security plans and critical facility
inspections (Sec. 209 (a)). The act would also require within nine months of
enactment the security plan reviews and inspections of the 100 “most critical”
pipeline operators using risk assessment methods to target inspections and
enforcement (Sec. 209 (b), (c)). Finally, the act would direct TSA to promulgate
pipeline security regulations and carry out necessary inspection and enforcement, if
the agency determines that regulations are appropriate (Sec. 209(d)). In considering
potential pipeline security regulations, Congress may evaluate the effectiveness of the
current voluntary pipeline security standards based on findings from the TSA’s CSR
reviews and future DOT Inspector General reports.
TSA Pipelines Security Resources
Congress has long been critical of TSA’s funding of non-aviation security
activities, including pipeline activities. For example, as one Member remarked in
2005, “aviation security has received 90% of TSA’s funds and virtually all of its
attention. There is simply not enough being done to address ... pipeline security.”88
At its current staffing level, TSA’s Pipelines Security Division has limited field
83 GAO, Pipeline Security and Safety: Improved Workforce Planning and Communication
Needed, GAO-02-785, August 2002, p. 22.
84 Department of Homeland Security (DHS), Transportation Security Administration Fiscal
Year 2005 Congressional Budget Justification, Washington, DC, February 2, 2004, p. 20.
85 TSA, July 6, 2007.
86 American Gas Association (AGA), American Petroleum Institute (API), Association of
Oil Pipelines (AOPL), and American Public Gas Association (APGA), joint letter to
members of the Senate Commerce Committee providing views on S. 1052, August 22, 2005.
87 Barrett, T.J. January 18, 2007.
88 Sen. Daniel K. Inouye, opening statement before the Senate Committee on Commerce,
Science and Transportation, hearing on the President’s FY2006 Budget Request for the
Transportation Security Administration (TSA), February 15, 2005.
CRS-18
presence for inspections and possible enforcement of future regulations. TSA’s plan
to focus security inspections on the largest pipeline and distribution system operators
seeks to make the best use of limited resources. The concern is that TSA currently
lacks sufficient resources for rigorous security plan verification and a credible threat
of enforcement, so operator compliance with security guidance may be inadequate,
leaving the pipeline network as a whole less secure than it might be with more
universal inspection and enforcement coverage. S. 184 would specifically authorize
funding of $2 million annually through FY2009 for TSA’s pipeline security
inspections and enforcement program (Sec. 209(e)). It is an open question whether
$2 million annually would be sufficient to enable TSA to meet congressional
expectations for federal pipeline security activities.
Identifying Critical Assets
Pipeline operators seek clear definitions of pipeline asset “criticality” so they
will know exactly what assets to protect and how well to protect them. The
definition of “criticality” developed by industry in 2002 (and supported in the OPS
guidance) avoided numerical thresholds, relying instead on discretionary qualitative
metrics like “significance” of impact.89 The OPS has since expressed its belief that
this definition may be too general and that clearer criticality thresholds are needed.90
The HSPD-7 directive appears to narrow the definition of “criticality” by
emphasizing infrastructure “that could be exploited to cause catastrophic health
effects or mass casualties” (par. 13), but it is not clear how this emphasis applies to
pipelines. The Information Analysis and Infrastructure Protection (IAIP) directorate
within DHS developed a list of critical pipelines within its national asset database,
but Congress, the GAO, and the DHS Inspector General have identified problems
with DHS’s criteria for critical asset identification.91
As discussed above, TSA has developed its own confidential list of critical
pipeline systems in support of its CSR program. According to the PSD, this list is
based on a simple ranking of pipelines by total energy transported per year. This
approach was used to identify within the entire U.S. pipeline system a small number
of pipelines for further security evaluation. The agency also used (unspecified)
qualitative methods from subject matter experts, where applicable, to consider the
criticality of certain pipeline systems not adequately addressed by the quantitative
89 American Gas Association (AGA) and the Interstate Natural Gas Association of America
(INGAA), Security Guidelines Natural Gas Industry Transmission and Distribution,
Washington, DC, September 6, 2002, p. 6.
90 OPS, personal communication, June 9, 2003.
91 For example, see Rep. Zoe Lofgren, remarks at the House Homeland Security Committee,
Intelligence, Information Sharing, and Terrorism Risk Assessment Subcommittee, hearing
on Terrorism Risk Assessment at the Department of Homeland Security,” November 17,
2005; Government Accountability Office (GAO), Risk Management: Further Refinements
Needed to Assess Risks and Prioritize Protective Measures at Ports and Other Critical
Infrastructure, GAO-06-91, December 15, 2005, pp. 81-82; Dept. of Homeland Security
(DHS), Office of Inspector General. Progress in Developing the National Asset Database.
OIG-06-04. June 2006.
CRS-19
screening.92 Given the continuing uncertainty among industry and policy makers
about what constitutes a critical asset, how the DOT or TSA identify critical pipelines
currently or under the provisions in S. 184 may require clarification.
Additional Issues
In addition to the issues mentioned above, Congress may consider several
issues related to proposed legislation or otherwise raised by pipeline stakeholders.
Distribution integrity management. As noted earlier in this report, the
OPS made integrity management programs mandatory for oil transmission pipelines
in 2001 and for gas transmission pipelines in 2003. Congress and other stakeholders
have since sought to extend these regulations to natural gas distribution pipelines,
such as those operated by regional natural gas utilities. Because distribution
pipelines are designed and operate differently from transmission lines, the OPS has
been developing approaches to structuring unique regulations for distribution
systems.93 Natural gas distribution companies seek flexible, risk-based options in any
future integrity management regulations directed at distribution systems.94 P.L. 109-
468 mandates the promulgation by OPS of minimum standards for integrity
management programs for distribution pipelines by December 31, 2007 (Sec. 9). As
the OPS’s study of distribution integrity management measures continues, Congress
may act to ensure that any resulting regulations balance the potential benefits of
improved pipeline safety with the potential costs to distribution pipeline operators.
Mandatory Pipeline Assessment Intervals. The Pipeline Safety
Improvement Act of 2002 requires that natural gas pipelines operators subject to the
act perform integrity management reassessments at least every seven years after an
initial baseline assessment (Sec. 14a). Some pipeline operators believe that this
reassessment interval may be too prescriptive and may not be appropriate for all
pipelines. Operators argue that assessing pipelines too frequently is costly and
inefficient, diverting limited safety resources from other uses with greater pipeline
safety benefits.95 Based on assessments conducted through 2005, “and the generally
safe condition of gas transmission pipelines,” the GAO has concluded that the seven
year reassessment interval “appears to be conservative.”96 The GAO recommends
that Congress permit pipeline operators to reassess gas transmission pipelines at
92 TSA, July 6, 2007.
93 Pipeline and Hazardous Materials Safety Admin. (PHMSA) et al. Integrity Management
for Gas Distribution Pipelines, Report of Phase 1 Investigations. December 2005.
94 E. F. Bender, Baltimore Gas and Electric Company, testimony before the House
Committee on Transportation and Infrastructure, Subcommittee on Highways, Transit and
Pipelines, hearing on Pipeline Safety, March 16, 2006, p. 10.
95 J. L. Mohn, Panhandle Energy, testimony before the House Committee on Transportation
and Infrastructure, Subcommittee on Highways, Transit and Pipelines, hearing on pipeline
Safety, March 16, 2006, p. 9.
96 Government Accountability Office (GAO). Natural Gas Pipeline Safety: Risk-Based
Standards Should Allow Operators to Better Tailor Reassessments to Pipeline Threats.
GAO-06-945. September 8, 2006, p. 3.
CRS-20
intervals based on risk factors, technical data, and engineering analyses. The agency
believes such a revision would allow the OPS more flexibility to establish longer or
shorter reassessment intervals as warranted by pipeline conditions.97 P.L. 109-468
does not change gas pipeline assessment intervals.
National Pipeline Mapping System. The National Pipeline Mapping
System (NPMS) was established by the OPS as a publicly accessible geographic
information system (GIS) containing geospatial and attribute data for pipelines and
LNG facilities under OPS jurisdiction. The NPMS is an essential decision support
tool for emergency planning, inspection planning, and safety enhancement in the
nation’s pipeline system. In response to the terror attacks of September 11, 2001, the
OPS restricted NPMS access to government officials and pipeline operators only and
prohibited the transfer of NPMS data outside the NPMS system. Some analysts
believe that access and data restrictions have hampered the ability of local agencies
and the general public to incorporate essential pipeline information into local safety
planning. They believe that NPMS restrictions are also ineffective in preventing
terrorist attacks because pipeline location maps are publicly available elsewhere and
because pipelines must be physically marked under federal regulation.98 Other critics
have questioned the accuracy of the NPMS pipeline data, citing recent media reports
that the NPMS contains significant errors because the system relies on unverified
pipeline operator submissions.99 According to the NPMS, nominal accuracy of
geospatial data in the NPMS is +/-500 feet.100 In response to concerns about access,
the OPS now permits public access to certain maps and data in the NPMS on a
county-by-county basis.101 The OPS reportedly has acknowledged limitations in
NPMS accuracy, but has not publicly discussed plans to address them.102 Congress
may reevaluate whether the OPS’s security restrictions on NPMS data, and the
quality of NPMS maps, are appropriately balanced with respect to their potential
impacts on local community safety and security planning.
97 Ibid., p. 6.
98 C. Weimer, Executive Director, Pipeline Safety Trust, testimony before the House
Committee on Transportation and Infrastructure, Subcommittee on Highways, Transit and
Pipelines, hearing on Pipeline Safety, March 16, 2006.
99 Cappielo, D. “What Lies Beneath.” Houston Chronicle. November 12, 2006, p. A1.
100 National Pipeline Mapping System, “About the NPMS,” Web page, June 21, 2007.
[https://www.npms.phmsa.dot.gov/application.asp?tact=npms&page=subapp.asp?app=ab
outnpms&act=about].
101 National Pipeline Mapping System, “Welcome to the NPMS Public Map Viewer,” Web
page, April 2, 2007. [https://www.npms.phmsa.dot.gov/searchp/newlogin.asp?search=Pub].
102 Cappiel, D. November 12, 2006.
CRS-21
Conclusions
Both government and industry have taken numerous steps to improve pipeline
safety and security since 2001. Federal activities in these areas are evolving and
agency responsibilities are still being sorted out. Although pipeline impacts on the
environment remain a concern of some public interest groups, both federal
government and industry representatives suggest that federal pipeline programs have
been on the right track. Furthermore, ongoing dialogue among the operators and
federal agencies appears to be addressing many elements of federal pipeline safety
and security policy that have been causing concern.
As oversight of the federal role in pipeline safety and security continues,
questions may be raised concerning the effectiveness of state pipeline damage
prevention programs, the promulgation of low-stress pipeline regulations, federal
pipeline safety enforcement, the relationship between DHS and the DOT with respect
to pipeline security, and particular provisions in federal pipeline safety regulation.
In addition to these specific issues, Congress may wish to assess how the various
elements of U.S. pipeline safety and security activity fit together in the nation’s
overall strategy to protect transportation infrastructure. For example, mandating
pipeline security requirements could be of limited value if asset “criticality” is not
clearly defined and federal threat information remains ambiguous. Likewise,
diverting pipeline resources away from safety to enhance security might further
reduce terror risk, but not overall pipeline risk, if safety programs become less
effective as a result. Pipeline safety and security necessarily involve many groups:
federal agencies, oil and gas pipeline associations, large and small pipeline operators,
and local communities. Reviewing how these groups work together to achieve
common goals could be an oversight challenge for Congress.