Paul W. Parfomak
Specialist in Energy and Infrastructure Policy
The vast U.S. network of natural gas and hazardous liquid pipelines is integral to U.S. energy supply and has vital links to other critical infrastructure. While an efficient and fundamentally safe means of transport, this network is vulnerable to cyber attacks. In particular, cyber infiltration of supervisory control and data acquisition (SCADA) systems could allow successful “hackers” to disrupt pipeline service and cause spills, explosions, or fires—all from remote locations. In March 2012, the Department of Homeland Security (DHS) reported ongoing cyber intrusions among U.S. natural gas pipeline operators. These intrusions have heightened congressional concern about cybersecurity in the U.S. pipelines sector.
The Transportation Security Administration (TSA) is authorized by federal statute to promulgate pipeline physical security and cybersecurity regulations, if necessary, but the agency has not issued such regulations. TSA officials assert that security regulations could be counterproductive because they could establish a general standard below the level of security already in place for many pipelines. An April 2011 White House proposal and the Cybersecurity Act of 2012 (S. 2105) both would mandate cybersecurity regulations for privately owned critical infrastructures sectors like pipelines. A revised version of S. 2105, S. 3414, would permit the issuance of regulations but would focus on voluntary cybersecurity measures.
While the pipelines sector has many cybersecurity issues in common with other critical infrastructure sectors, it is somewhat distinct in several ways:
- Pipelines in the United States have been the target of several confirmed terrorist plots and attempted physical attacks since September 11, 2001.
- Changes to pipeline computer networks over the past 20 years, more sophisticated hackers, and the emergence of specialized malicious software have made pipeline SCADA operations increasingly vulnerable to cyber attacks.
- There recently has been a coordinated series of cyber intrusions specifically targeting U.S. pipeline computer systems.
- TSA already has statutory authority to issue cybersecurity regulations for pipelines if the agency chooses to do so, but it may not have the resources to develop, implement, and enforce such regulations if they are mandated.
Date of Report: August 16, 2012
Number of Pages: 13
Order Number: R42660
R42660.pdf to use the SECURE SHOPPING CART
For email and phone orders, provide a Visa, MasterCard, American Express, or Discover card number, expiration date, and name on the card. Indicate whether you want e-mail or postal delivery. Phone orders are preferred and receive priority processing.
Follow us on TWITTER at http://www.twitter.com/alertsPHP or #CRSreports