More than 2.7 million miles of pipeline transport the natural gas, oil, and other hazardous liquids the nation needs. The Departments of Homeland Security and Transportation share responsibility for safeguarding these pipelines along with pipeline operators.
In 2010, DHS's Transportation Security Administration issued a plan to coordinate pipeline security incident responses among government agencies and with the private sector.
However, TSA has not updated this plan since its issuance, so it doesn't fully reflect developments in key areas, such as cybersecurity.
We recommended that TSA periodically review and update this plan.
Hazardous Liquid and Natural Gas Transmission Pipelines in the United States, September 2018
Map showing the pipelines
What GAO Found
The memorandum of understanding (MOU) Annex signed by the Transportation Security Administration (TSA) and Pipeline and Hazardous Materials Safety Administration (PHMSA) in 2006 delineates their mutually agreed-upon roles and responsibilities for pipeline security, but has not been reviewed to consider pipeline security developments since its inception. As a result, the annex may not fully reflect the agencies' pipeline security and safety-related activities. Efforts to update the annex were delayed by other priorities. As of June 2019, there are no timeframes for completion. By developing and implementing timeframes for reviewing the MOU Annex and updating it, as appropriate, TSA and PHMSA could better ensure any future changes to their respective roles and responsibilities are clearly delineated and updated on a regular basis.
TSA's Pipeline Security and Incident Recovery Protocol Plan, issued in March 2010, defines the roles and responsibilities of federal agencies and the private sector, among others, related to pipeline security incidents. For example, in response to a pipeline incident, TSA coordinates information sharing between federal and pipeline stakeholders and PHMSA coordinates federal activities with an affected pipeline operator to restore service. However, TSA has not revised the plan to reflect changes in at least three key areas: pipeline security threats, such as those related to cybersecurity, incident management policies, and DHS's terrorism alert system. By periodically reviewing and, as appropriate, updating its plan, TSA could better ensure it addresses changes in pipeline security threats and federal law and policy related to cybersecurity, incident management and DHS's terrorism alert system, among other things. TSA could also provide greater assurance that pipeline stakeholders understand federal roles and responsibilities related to pipeline incidents, including cyber incidents, and that response efforts to such incidents are well-coordinated.
Map of Hazardous Liquid and Natural Gas Transmission Pipelines in the United States, September 2018
Why GAO Did This Study
More than 2.7 million miles of pipeline transport natural gas, oil, and other hazardous liquids needed to operate vehicles and heat homes, among other things, in the United States.
Responsibility for safeguarding these pipelines is shared by TSA, within the Department of Homeland Security (DHS); PHMSA, within the Department of Transportation (DOT); and pipeline operators. TSA oversees the security of all transportation modes, including pipelines. PHMSA oversees pipeline safety. DHS and DOT signed a MOU on their roles across all transportation modes in 2004. In 2006, TSA and PHMSA signed an annex to the MOU (MOU Annex) to further delineate their pipeline security-related responsibilities.
The TSA Modernization Act includes a provision for GAO to review DHS and DOT roles and responsibilities for pipeline security. This report addresses, among other things: (1) the extent the MOU Annex delineates TSA's and PHMSA's pipeline security roles and responsibilities; and (2) the extent TSA has communicated federal incident response procedures for pipeline breaches to stakeholders. GAO reviewed the MOU annex and related documents and TSA's Pipeline Security and Incident Recovery Protocol Plan, and interviewed officials from PHMSA, TSA, and four pipeline associations.
GAO is making five recommendations, including that: (1) TSA and PHMSA develop and implement a timeline for reviewing and, as appropriate, updating the 2006 MOU Annex; and (2) TSA periodically review, and as appropriate, update its 2010 pipeline incident recovery plan. DHS and DOT concurred with these recommendations.
Recommendations for Executive Action
|Transportation Security Administration||1. The TSA Administrator should work with the PHMSA Administrator to develop and implement a timeline with milestone dates for reviewing and, as appropriate, updating the 2006 MOU Annex. (Recommendation 1)|
|Pipeline and Hazardous Materials Safety Administration||2. The PHMSA Administrator should work with the TSA Administrator to develop and implement a timeline with milestone dates for reviewing and, as appropriate, updating, the 2006 MOU Annex. (Recommendation 2)|
|Transportation Security Administration||3. The TSA Administrator, in consultation with the PHMSA Administrator should revise the 2006 MOU Annex to include a provision requiring periodic reviews of, and as appropriate, corresponding updates to the Annex.(Recommendation 3)|
|Pipeline and Hazardous Materials Safety Administration||4. The PHMSA Administrator, in consultation with the TSA Administrator should revise the 2006 MOU Annex to include a provision requiring periodic reviews of, and as appropriate, corresponding updates to the Annex.(Recommendation 4)|
|Transportation Security Administration||5. The TSA Administrator should periodically review, and as appropriate, update the 2010 <i>Pipeline Security and Incident Recovery Protocol Plan</i> to ensure the plan reflects relevant changes in pipeline security threats, technology, federal law and policy, and any other factors relevant to the security of the nation's pipeline systems. (Recommendation 5)|