{ "id": "R42660", "type": "CRS Report", "typeId": "REPORTS", "number": "R42660", "active": false, "source": "EveryCRSReport.com", "versions": [ { "source": "EveryCRSReport.com", "id": 413647, "date": "2012-08-16", "retrieved": "2016-04-06T23:59:03.602970", "title": "Pipeline Cybersecurity: Federal Policy", "summary": "The vast U.S. network of natural gas and hazardous liquid pipelines is integral to U.S. energy supply and has vital links to other critical infrastructure. While an efficient and fundamentally safe means of transport, this network is vulnerable to cyber attacks. In particular, cyber infiltration of supervisory control and data acquisition (SCADA) systems could allow successful \u201chackers\u201d to disrupt pipeline service and cause spills, explosions, or fires\u2014all from remote locations. In March 2012, the Department of Homeland Security (DHS) reported ongoing cyber intrusions among U.S. natural gas pipeline operators. These intrusions have heightened congressional concern about cybersecurity in the U.S. pipelines sector.\nThe Transportation Security Administration (TSA) is authorized by federal statute to promulgate pipeline physical security and cybersecurity regulations, if necessary, but the agency has not issued such regulations. TSA officials assert that security regulations could be counterproductive because they could establish a general standard below the level of security already in place for many pipelines. An April 2011 White House proposal and the Cybersecurity Act of 2012 (S. 2105) both would mandate cybersecurity regulations for privately owned critical infrastructures sectors like pipelines. A revised version of S. 2105, S. 3414, would permit the issuance of regulations but would focus on voluntary cybersecurity measures. \nWhile the pipelines sector has many cybersecurity issues in common with other critical infrastructure sectors, it is somewhat distinct in several ways:\nPipelines in the United States have been the target of several confirmed terrorist plots and attempted physical attacks since September 11, 2001.\nChanges to pipeline computer networks over the past 20 years, more sophisticated hackers, and the emergence of specialized malicious software have made pipeline SCADA operations increasingly vulnerable to cyber attacks.\nThere recently has been a coordinated series of cyber intrusions specifically targeting U.S. pipeline computer systems.\nTSA already has statutory authority to issue cybersecurity regulations for pipelines if the agency chooses to do so, but it may not have the resources to develop, implement, and enforce such regulations if they are mandated.\nTSA maintains that voluntary standards have been effective in protecting U.S. pipelines from cyber attacks. Based on the agency\u2019s corporate security reviews, TSA believes cybersecurity among major U.S. pipeline systems is effective. However, without formal cybersecurity plans and reporting requirements, it is difficult for Congress to know for certain. Whether the self-interest of pipeline operators is sufficient to generate the level of cybersecurity appropriate for a critical infrastructure sector is open to debate. If Congress concludes that current voluntary measures are insufficient to ensure pipeline cybersecurity, it may decide to provide specific direction to the TSA to develop regulations and provide additional resources to support them, as such an effort may be beyond the TSA Pipeline Security Division\u2019s existing capabilities.", "type": "CRS Report", "typeId": "REPORTS", "active": false, "formats": [ { "format": "HTML", "encoding": "utf-8", "url": "http://www.crs.gov/Reports/R42660", "sha1": "b0aeec5c49d2057d4ae690c35a20adca9d437a5f", "filename": "files/20120816_R42660_b0aeec5c49d2057d4ae690c35a20adca9d437a5f.html", "images": null }, { "format": "PDF", "encoding": null, "url": "http://www.crs.gov/Reports/pdf/R42660", "sha1": "32b8bcea3322a73ba3d023b5ac738dfea9e55f44", "filename": "files/20120816_R42660_32b8bcea3322a73ba3d023b5ac738dfea9e55f44.pdf", "images": null } ], "topics": [] } ], "topics": [ "Intelligence and National Security" ] }