For other versions of this document, see http://wikileaks.org/wiki/CRS-RL33347 ------------------------------------------------------------------------------ Order Code RL33347 Pipeline Safety and Security: Federal Programs Updated October 6, 2008 Paul W. Parfomak Specialist in Energy and Infrastructure Policy Resources, Science, and Industry Division Pipeline Safety and Security: Federal Programs Summary Nearly half a million miles of oil and gas transmission pipeline crisscross the United States. While an efficient and fundamentally safe means of transport, many pipelines carry hazardous materials with the potential to cause public injury and environmental damage. The nation's pipeline networks are also widespread, running alternately through remote and densely populated regions; consequently, these systems are vulnerable to accidents and terrorist attack. The 109th Congress passed the Pipeline Safety Improvement Act of 2006 (P.L. 109-468) to improve pipeline safety and security practices, and to reauthorize the federal Office of Pipeline Safety. The 110th Congress passed the Implementing Recommendations of the 9/11 Commission Act of 2007 (P.L. 110-53), which President Bush signed on August 3, 2007. Provisions in P.L. 110-53 mandate pipeline security inspections and potential enforcement (§ 1557) and require federal plans for critical pipeline security and incident recovery (§ 1558). Congress is overseeing the implementation of these acts and examining ongoing policy issues related to the nation's pipeline network. The Office of Pipeline Safety (OPS), within the Department of Transportation (DOT), is the lead federal regulator of pipeline safety. The OPS uses a variety of strategies to promote compliance with its safety regulations, including inspections, investigation of safety incidents, and maintaining a dialogue with pipeline operators. The agency clarifies its regulatory expectations through a range of communications and relies upon a range of enforcement actions to ensure that pipeline operators correct safety violations and take preventive measures to preclude future problems. The Transportation Security Administration (TSA), within the Department of Homeland Security (DHS), is the lead federal agency for security in all modes of transportation -- including pipelines. The agency oversees industry's identification and protection of pipelines by developing security standards; implementing measures to mitigate security risk; building stakeholder relations; and monitoring compliance with security standards, requirements, and regulation. While the OPS and TSA have distinct missions, pipeline safety and security are intertwined. Federal activities in pipeline safety and security are evolving. Although pipeline impacts on the environment remain a concern of some public interest groups, both federal government and industry representatives suggest that federal pipeline programs have been on the right track. As oversight of the federal role in pipeline safety and security continues, Congress may focus on the effectiveness of state pipeline damage prevention programs, the promulgation of low-stress pipeline regulations, federal pipeline safety enforcement, and the relationship between DHS and the DOT with respect to pipeline security, among other provisions in federal pipeline safety regulation. In addition to these specific issues, Congress may wish to assess how the various elements of U.S. pipeline safety and security activity fit together in the nation's overall strategy to protect transportation infrastructure. Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Pipeline Industry Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Pipeline Safety Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Pipeline Security Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Office of Pipeline Safety . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Pipeline Safety Improvement Act of 2002 . . . . . . . . . . . . . . . . . . . . . . . 5 OPS Pipeline Security Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Transportation Security Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 TSA Pipeline Security Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 TSA Pipeline Security Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Security Incident Investigations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Federal Energy Regulatory Commission . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Key Policy Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Pipeline Damage Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Low-Stress Pipeline Regulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 OPS Safety Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Federal Pipeline Security Authority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Pipeline Security Regulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 TSA Pipelines Security Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Additional Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Distribution Integrity Management . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Mandatory Pipeline Assessment Intervals . . . . . . . . . . . . . . . . . . . . . . 21 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 List of Tables Table 1. TSA Pipeline Security Initiatives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Pipeline Safety and Security: Federal Programs Introduction1 Nearly half a million miles of oil and gas transmission pipeline crisscross the United States.2 These pipelines are integral to U.S. energy supply and have vital links to other critical infrastructure, such as power plants, airports, and military bases. While an efficient and fundamentally safe means of transport, many pipelines carry volatile or flammable materials with the potential to cause public injury and environmental damage. The nation's pipeline networks are also widespread, running alternately through remote and densely populated regions; consequently, these systems are vulnerable to accidents and terrorist attack. The 2006 partial shutdown of the Prudhoe Bay, Alaska oil field, the largest in the United States, due to pipeline safety problems demonstrated this vulnerability. The 109th Congress passed the Pipeline Safety Improvement Act of 2006 (P.L. 109-468) to improve pipeline safety and security practices, and to reauthorize the federal Office of Pipeline Safety. The 110th Congress passed the Implementing Recommendations of the 9/11 Commission Act of 2007 (P.L. 110-53), which President Bush signed on August 3, 2007. Provisions in P.L. 110-53 mandate pipeline security inspections and potential enforcement (§ 1557) and require federal plans for critical pipeline security and incident recovery (§ 1558). Congress is overseeing the implementation of these acts and examining ongoing policy issues related to the nation's pipeline network. Pipeline Industry Characteristics Roughly 170,000 miles of oil pipeline in the United States carry over 75% of the nation's crude oil and around 60% of its refined petroleum products.3 There are nearly 200 interstate oil pipelines, which account for roughly 80% of total pipeline mileage and transported volume.4 The U.S. natural gas pipeline network consists of around 210,000 miles of interstate transmission, 85,000 miles of intrastate 1 Parts of this report were previously published in CRS Report RL31990, Pipeline Security: An Overview of Federal Activities and Current Policy Issues, by Paul W. Parfomak. 2 Bureau of Transportation Statistics (BTS), "National Transportation Statistics," September 2008. [http://www.bts.gov/publications/national_transportation_statistics/html/ table_01_10.html]. In this report "oil" includes petroleum and other hazardous liquids such as gasoline, jet fuel, diesel fuel, and propane, unless otherwise noted. 3 BTS, September- 2008. 4 Richard A Rabinow, "The Liquid Pipeline Industry in the United States: Where It's Been, Where It's Going," Prepared for the Association of Oil Pipe Lines, April 2004, p. 4. CRS-2 transmission, and 40,000 miles of field and gathering pipeline, which connect gas extraction wells to processing facilities. Around 100 systems make up the interstate network. Another 90 or so systems operate strictly within individual states.5 These interstate and intrastate gas transmission pipelines feed around 1.1 million miles of regional lines in some 1,300 local distribution networks.6 Natural gas pipelines also connect to 113 liquefied natural gas (LNG) storage sites, which augment pipeline gas supplies during peak demand periods.7 Pipeline Safety Record. Taken as a whole, releases from pipelines cause few annual fatalities compared to other product transportation modes. Oil pipelines reported an average of 2.2 deaths per year from 2003 through 2007; gas transmission pipelines reported an average of 1.2 deaths per year during the same period.8 Accidental pipeline releases result from a variety of causes, including third-party excavation, corrosion, mechanical failure, control system failure, and operator error. Natural forces, such as floods and earthquakes, can also damage pipelines. According to the Department of Transportation (DOT), there were 105 oil pipeline accidents and 76 gas transmission pipeline accidents in 2007.9 Although pipeline releases have caused relatively few fatalities in absolute numbers, a single pipeline accident can be catastrophic. For example, a 1999 gasoline pipeline explosion in Bellingham, Washington, killed two children and an 18-year-old man, and caused $45 million in damage to a city water plant and other property. In 2000, a natural gas pipeline explosion near Carlsbad, New Mexico, killed 12 campers, including four children.10 In 2006, damaged pipelines on the North Slope of Alaska leaked over 200,000 gallons of crude oil in an environmentally sensitive area. Such accidents have generated substantial scrutiny of pipeline regulation and increased state and community activity related to pipeline safety.11 Pipeline Security Risks. Pipelines are vulnerable to vandalism and terrorist attack with firearms, with explosives, or by other physical means. Some pipelines may also be vulnerable to "cyber-attacks" on computer control systems or attacks on 5 James Tobin, Changes in U.S. Natural Gas Transportation Infrastructure in 2004, Energy Information Administration (EIA), June 2005, p. 4. 6 BTS, September 2008. 7 Michelle M. Foss, "Introduction to LNG," Center for Energy Economics, University of Texas at Austin, January 2007, p. 5. 8 Pipeline and Hazardous Materials Safety Administration, "Significant Pipeline Incidents," Web page, September 28, 2008. [http://primis.phmsa.dot.gov/comm/reports/safety/SigPSI.html] 9 Ibid. 10 National Transportation Safety Board, Pipeline Accident Report PAR-03-01, February 2003. 11 See, for example: Janet Zink, "Fueling the Resistance," St. Petersburg Times, December 16, 2007; W. Loy, "Slope Mayor Questions Leak Detection," Anchorage Daily News, March 14, 2006; J. Nesmith and R. K. M. Haurwitz, "Pipelines: The Invisible Danger," Austin American-Statesman, July 22, 2001. CRS-3 electricity grids or telecommunications networks.12 Oil and gas pipelines have been a target of terrorists outside and within the United States. In Colombia, for example, rebels have bombed the Caño Limón oil pipeline and other pipelines over 950 times since 1993.13 In 1996, London police foiled a plot by the Irish Republican Army to bomb gas pipelines and other utilities across the city.14 Nigerian militants have repeatedly attacked pipelines and related facilities, including the simultaneous bombing of three oil pipelines in May, 2007.15 A Mexican rebel group similarly detonated bombs along Mexican oil and natural gas pipelines in July and September, 2007.16 In June, 2007, the U.S. Department of Justice arrested members of a terrorist group planning to attack jet fuel pipelines and storage tanks at the John F. Kennedy (JFK) International Airport in New York.17 Since September 11, 2001, federal warnings about Al Qaeda have mentioned pipelines specifically as potential terror targets in the United States.18 One U.S. pipeline of particular concern and with a history of terrorist and vandal activity is the Trans Alaska Pipeline System (TAPS), which transports crude oil from Alaska's North Slope oil fields to the marine terminal in Valdez. TAPS runs some 800 miles and delivers nearly 17% of United States domestic oil production.19 In 1999, Vancouver police arrested a man planning to blow up TAPS for personal profit in oil futures.20 In 2001, a vandal's attack on TAPS with a high-powered rifle forced a two-day shutdown and caused extensive economic and ecological damage.21 In January 2006, federal authorities acknowledged the discovery of a detailed posting on a website purportedly linked to Al Qaeda that reportedly encouraged attacks on 12 J.L. Shreeve, "Science & Technology: The Enemy Within," The Independent,. London, UK, May 31, 2006, p. 8. 13 Government Accountability Office (GAO), Security Assistance: Efforts to Secure Colombia's Caño Limón-Coveñas Oil Pipeline Have Reduced Attacks, but Challenges Remain, GAO-05-971, September 2005, p. 15; Stratfor Forecasting, Inc.,"Colombia: The FARC's Low-Level Pipeline Campaign," Stratfor Today, June 23, 2008. [http://www.stratfor.com/analysis/colombia_farcs_low_level_pipeline_campaign?ip_aut h_redirect=1] 14 President's Commission on Critical Infrastructure Protection, Critical Foundations: Protecting America's Infrastructures, Washington, DC, October 1997. 15 K. Houreld, "Militants Say 3 Nigeria Pipelines Bombed," Associated Press, May 8, 2007. 16 Reed Johnson, "Six Pipelines Blown Up in Mexico," Los Angeles Times, September 11, 2007. p A-3. 17 U.S. Dept. of Justice, "Four Individuals Charged in Plot to bomb John F. Kennedy International Airport," Press release, June 2, 2007. 18 "Already Hard at Work on Security, Pipelines Told of Terrorist Threat," Inside FERC, McGraw-Hill Companies, January 3, 2002. 19 Alyeska Pipeline Service Co., Internet page, Anchorage, AK, September 28, 2008. [http://www.alyeska-pipe.com/about.html]. 20 D. S. Cloud, "A Former Green Beret's Plot to Make Millions Through Terrorism," Ottawa Citizen, December 24, 1999, p. E15. 21 Y. Rosen, "Alaska Critics Take Potshots at Line Security," Houston Chronicle, February 17, 2002. CRS-4 U.S. pipelines, especially TAPS, using weapons or hidden explosives.22 In November 2007 a U.S. citizen was convicted of trying to conspire with Al Qaeda to attack TAPS and a major natural gas pipeline in the eastern United States.23 To date, there have been no known Al Qaeda attacks on TAPS or other U.S. pipelines, but operators remain alert. Office of Pipeline Safety The Natural Gas Pipeline Safety Act of 1968 (P.L. 90-481) and the Hazardous Liquid Pipeline Act of 1979 (P.L. 96-129) are two of the key early acts establishing the federal role in pipeline safety. Under both statutes, the Transportation Secretary is given primary authority to regulate key aspects of interstate pipeline safety: design, construction, operation and maintenance, and spill response planning. Pipeline safety regulations are covered in Title 49 of the Code of Federal Regulations.24 The DOT administers pipeline regulations through the Office of Pipeline Safety (OPS) within the Pipelines and Hazardous Materials Safety Administration (PHMSA).25 The OPS has approximately 180 full-time equivalent staff, including inspectors, based in Washington, D.C., Atlanta, Kansas City, Houston, and Denver.26 In addition to its own staff, the OPS's enabling legislation allows the agency to delegate authority to intrastate pipeline safety offices, and allows state offices to act as "agents" administering interstate pipeline safety programs (excluding enforcement) for those sections of interstate pipelines within their boundaries.27 Over 400 state pipeline safety inspectors are available in 2008. The OPS safety program is funded primarily by user fees assessed on a per-mile basis on each regulated pipeline operator (49 U.S.C. § 60107). P.L. 109-468 authorizes annual OPS expenditures (§ 18) of $79.0 million in FY2007, $86.2 million in FY2008, $91.5 million in FY2009, and $96.5 million in FY2010. The President's FY2009 budget request included $93.3 million for pipeline safety.28 22 W. Loy, "Web Post Urges Jihadists to Attack Alaska Pipeline," Anchorage Daily News, January 19, 2006. 23 U.S. Attorney's Office, Middle District of Pennsylvania, "Man Convicted of Attempting to Provide Material Support t o Al-Qaeda Sentenced to 30 Years' Imprisonment," Press release, November 6, 2007; A. Lubrano and J. Shiffman, "Pa. Man Accused of Terrorist Plot," Philadelphia Inquirer, February 12, 2006, p. A1. 24 Safety and security of liquified natural gas (LNG) facilities used in gas pipeline transportation is regulated under CFR Title 49, Part 193. 25 PHMSA succeeds the Research and Special Programs Administration (RSPA), reorganized under P.L. 108-246, which was signed by the President on November 30, 2004. 26 U.S. Office of Management and Budget, Budget of the United States Government, Fiscal Year 2009: Appendix, February 2008, p. 922. 27 49 U.S.C. 601. States may recover up to 50% of their costs for these programs from the federal government. 28 U.S. Office of Management and Budget, February 2008, p. 921. CRS-5 The OPS uses a variety of strategies to promote compliance with its safety standards. The agency conducts physical inspections of facilities and construction projects; conducts programmatic inspections of management systems, procedures, and processes; investigates safety incidents, and maintains a dialogue with pipeline operators. The agency clarifies its regulatory expectations through published protocols and regulatory orders, guidance manuals, and public meetings. The OPS relies upon a range of enforcement actions, including administrative actions and civil penalties, to ensure that operators correct safety violations and take measures to preclude future safety problems. From 2002 through 2007, the OPS initiated over 1,300 enforcement actions against pipeline operators. Civil penalties proposed by the OPS for safety violations during this period totaled approximately $17.2 million.29 The OPS also conducts accident investigations and systemwide reviews focusing on high-risk operational or procedural problems and areas of the pipeline near sensitive environmental areas, high-density populations, or navigable waters. Since 1997, the OPS has increasingly encouraged industry's implementation of "integrity management" programs on pipeline segments near "high consequence" areas. Integrity management provides for continual evaluation of pipeline condition; assessment of risks to the pipeline; inspection or testing; data analysis; and followup repair, as well as preventive or mitigative actions. High-consequence areas include population centers, commercially navigable waters, and environmentally sensitive areas, such as drinking water supplies or ecological reserves. The integrity management approach directs priority resources to locations of highest consequence rather than applying uniform treatment to the entire pipeline network.30 The OPS made integrity management programs mandatory for most operators with 500 or more miles of regulated oil pipeline as of March 31, 2001 (49 C.F.R. § 195). Pipeline Safety Improvement Act of 2002. On December 12, 2002, President Bush signed into law the Pipeline Safety Improvement Act of 2002 (P.L. 107-355). The act strengthened federal pipeline safety programs, state oversight of pipeline operators, and public education regarding pipeline safety.31 Among other provisions, P.L. 107-355 required operators of regulated gas pipelines in high- consequence areas to conduct risk analysis and implement integrity management programs similar to those required for oil pipelines.32 The act authorized the DOT 29 Office of Pipeline Safety (OPS), "PHMSA Pipeline Safety Program: Summary of Enforcement Actions," Web page, September 29, 2008. [http://primis.phmsa.dot.gov/comm/ reports/enforce/Actions_opid_0.html] 30 Research and Special Programs Administration (RSPA), Pipeline Safety. Pipeline Integrity Management in High Consequence Areas (Hazardous Liquid Operators with 500 or More Miles of Pipeline), Federal Register, December 1, 2000, p. 75378. 31 P.L. 107-355 encourages the implementation of state "one-call" excavation notification programs (§ 2) and allows states to enforce "one-call" program requirements. The act expands criminal responsibility for pipeline damage to cases where damage was not caused "knowingly and willfully" (§ 3). The act adds provisions for ending federal-state pipeline oversight partnerships if states do not comply with federal requirements (§ 4). 32 A 2006 Government Accountability Office (GAO) report found that the OPS's gas (continued...) CRS-6 to order safety actions for pipelines with potential safety problems (§ 7) and increased violation penalties (§ 8). The act streamlined the permitting process for emergency pipeline restoration by establishing an interagency committee, including the DOT, the Environmental Protection Agency, the Bureau of Land Management, the Federal Energy Regulatory Commission, and other agencies, to ensure coordinated review and permitting of pipeline repairs (§ 16). The act required DOT to study ways to limit pipeline safety risks from population encroachment and ways to preserve environmental resources in pipeline rights-of-way (§ 11). P.L. 107-355 also included provisions for public education, grants for community pipeline safety studies, "whistle blower" and other employee protection, employee qualification programs, and mapping data submission. OPS Pipeline Security Activities. Presidential Decision Directive 63 (PDD-63), issued during the Clinton administration, assigned lead responsibility for pipeline security to the DOT.33 At the time, these responsibilities fell to the OPS, since the agency was already addressing some elements of pipeline security in its role as safety regulator. In 2002, the OPS conducted a vulnerability assessment to identify critical pipeline facilities and worked with industry groups and state pipeline safety organizations "to assess the industry's readiness to prepare for, withstand and respond to a terrorist attack...."34 Together with the Department of Energy and state pipeline agencies, the OPS promoted the development of consensus standards for security measures tiered to correspond with the five levels of threat warnings issued by the Office of Homeland Security.35 The OPS also developed protocols for inspections of critical facilities to ensure that operators implemented appropriate security practices. To convey emergency information and warnings, the OPS established a variety of communication links to key staff at the most critical pipeline facilities throughout the country. The OPS also began identifying near-term technology to enhance deterrence, detection, response, and recovery, and began seeking to advance public and private sector planning for response and recovery.36 On September 5, 2002, the OPS circulated formal guidance developed in cooperation with the pipeline industry associations defining the agency's security 32 (...continued) integrity management program benefitted public safety, although the report recommended revisions to the OPS's performance measures. See GAO. Natural Gas Pipeline Safety: Integrity Management Benefits Public Safety, but Consistency of Performance Measures Should Be Improved, GAO-06-946, September 8, 2006, pp. 2-3. 33 Presidential Decision Directive 63, Protecting the Nation's Critical Infrastructures, May 22, 1998. 34 Research and Special Programs Administration (RSPA), RSPA Pipeline Security Preparedness, December 2001. 35 Ellen Engleman, Administrator, Research and Special Programs Administration (RSPA), statement before the Subcommittee on Energy and Air Quality, House Energy and Commerce Committee, March 19, 2002. 36 Ellen Engleman, Administrator, Research and Special Programs Administration (RSPA), statement before the Subcommittee on Highways and Transit, House Transportation and Infrastructure Committee, February 13, 2002. CRS-7 program recommendations and implementation expectations. This guidance recommended that operators identify critical facilities, develop security plans consistent with prior trade association security guidance, implement these plans, and review them annually.37 While the guidance was voluntary, the OPS expected compliance and informed operators of its intent to begin reviewing security programs within 12 months, potentially as part of more comprehensive safety inspections.38 Transportation Security Administration In November 2001, President Bush signed the Aviation and Transportation Security Act (P.L. 107-71) establishing the Transportation Security Administration (TSA) within the DOT. According to TSA, the act placed the DOT's pipeline security authority (under PDD-63) within TSA. The act specified for TSA a range of duties and powers related to general transportation security, such as intelligence management, threat assessment, mitigation, security measure oversight and enforcement, among others. On November 25, 2002, President Bush signed the Homeland Security Act of 2002 (P.L. 107-296) creating the Department of Homeland Security (DHS). Among other provisions, the act transferred to DHS the Transportation Security Administration from the DOT (§ 403). On December 17, 2003, President Bush issued Homeland Security Presidential Directive 7 (HSPD-7), clarifying executive agency responsibilities for identifying, prioritizing, and protecting critical infrastructure.39 HSPD-7 maintains DHS as the lead agency for pipeline security (par. 15), and instructs the DOT to "collaborate in regulating the transportation of hazardous materials by all modes (including pipelines)" (par. 22h). The order requires that DHS and other federal agencies collaborate with "appropriate private sector entities" in sharing information and protecting critical infrastructure (par. 25). TSA has joined both the Energy Government Coordinating Council and the Transportation Government Coordinating Council under provisions in HSPD-7. The missions of the councils are to work with their industry counterparts to coordinate critical infrastructure protection programs in the energy and transportation sectors, respectively, and to facilitate the sharing of security information. TSA Pipeline Security Plan. HSPD-7 also required DHS to develop a national plan for critical infrastructure and key resources protection (par. 27), which the agency issued in 2006 as the National Infrastructure Protection Plan (NIPP). The NIPP, in turn, required each critical infrastructure sector to develop a Sector Specific Plan (SSP) that describes strategies to protect its critical infrastructure, outlines a coordinated approach to strengthen its security efforts, and determines appropriate funding for these activities. Executive Order 13416 further required the transportation sector SSP to prepare annexes for each mode of surface transportation with the following information: 37 James K. O'Steen, Research and Special Programs Administration (RSPA), Implementation of RSPA Security Guidance, presentation to the National Association of Regulatory Utility Commissioners, February 25, 2003. 38 Office of Pipeline Safety (OPS), personal communication, June 10, 2003. 39 HSPD-7 supersedes PDD-63 (par. 37). CRS-8 ! identification of existing security guidelines, requirements, and gaps, ! description of how the SSP plan will be implemented for each mode, ! respective roles of government entities and the private sector, ! processes for review of information sharing mechanisms, and ! processes for assessing security guideline compliance and revision.40 In accordance with the above requirements the TSA issued its Transportation Systems Sector Specific Plan and Pipeline Modal Annex in May, 2007. TSA Pipeline Security Activities. Pipeline security activities at TSA are led by the Pipeline Security Division (PSD) within the agency's Office of Transportation Sector Network Management.41 According to the agency's Pipeline Modal Annex (PMA), TSA has been engaged in a number of specific pipeline security initiatives since 2003 as summarized in Table 1. 40 Executive Order 13416, "Strengthening Surface Transportation Security," December 5, 2006. 41 These offices were formerly known as the Pipeline Security Program Office and the Intermodal Security Program Office, respectively. CRS-9 Table 1. TSA Pipeline Security Initiatives Initiative Description Participants* Pipeline Policy and Coordination, development, implementation, and TSA, DHS, DOT, Planning monitoring of pipeline security plans DOE Sector Coordinating Government partners coordinate interagency and TSA, DOE, Councils and Joint cross-jurisdictional implementation of critical Other agencies, Sector Committee infrastructure security Industry Corporate Security On-site reviews of pipeline operator security TSA, Industry Reviews (CSR) Pipeline System Risk Statistical tool used for relative risk ranking and TSA, Industry Tool prioritizing CSR findings Pipeline Cross-Border U.S. and Canadian security assessment and TSA, Canada Vulnerability planning for critical cross-border pipeline Assessment Regional Gas Pipeline Regional supply studies for key natural gas markets TSA, DOE, Studies INGAA, GTI, NETL, Industry Cyber Attack Training/presentations on Supervisory Control and TSA, GTI Awareness Data Acquisition (SCADA) system vulnerabilities Landscape Depiction Incorporates depiction of the pipeline domain TSA and Analysis Tool with risk analysis components International Pipeline International forum for U.S. and Canadian TSA, Canada, Security Forum governments and pipeline industry officials Other agencies, Industry "G8" Multinational Multinational-sharing of pipeline threat assessment TSA, DHS, Security Assessment methods, advisory levels, effective practices, and State Dept., and Planning vulnerability information; also develops a G8-based G8 Nations contingency planning guidance document Security Awareness Informational compact discs about pipeline security TSA Training issues and improvised explosive devices Stakeholder Periodic information-sharing conference calls TSA, Other Conference Calls between key pipeline security stakeholders agencies, Industry Pipeline Blast Explosives tests on various pipe configurations to TSA, DOD, Mitigation Studies determine resiliency characteristics Other agencies Virtual Library Development of TSA information-sharing Web TSA Pipeline Site portal Source: Transportation Security Administration, Pipeline Modal Annex, June 2007, pp. 10- 11. [http://www.dhs.gov/xlibrary/assets/Transportation_Pipeline_Modal_Annex_ 5_21_07.pdf] *Key: DHS = Dept. Of Homeland Security, DOE = Dept. of Energy, G8 = Group of Eight (U.S., U.K., Canada, France, Germany, Italy, Japan, and Russia),GTI = Gas Technology Institute, INGAA = Interstate Natural Gas Association of America, NETL = National Energy Technology Laboratory, TSA = Transportation Security Administration. CRS-10 In 2003, TSA initiated its Corporate Security Review (CSR) program, wherein the agency visits the largest pipeline and natural gas distribution operators to review their security plans and inspect their facilities. (The OPS participated with TSA in a number of security reviews in 2003, but has not done so since then.) During the reviews, TSA evaluates whether each company is following the intent of the OPS security guidance, and seeks to collect the list of assets each company had identified meeting the criteria established for critical facilities. In 2004, the DOT reported that the plans reviewed to date (approximately 25) had been "judged responsive to the OPS guidance."42 TSA completed 13 CSR reviews in 2007, and plans to complete another 25 by the end of 2008.43 As of April, 2008, TSA had completed CSR's for 91% of the largest 100 pipeline systems, the latter accounting for 85% of total U.S. pipeline throughput.44 According to TSA, virtually all of the companies reviewed have developed security plans, identified critical assets, and conducted background checks on new employees. Most have also implemented employee security training programs and raised local community and law enforcement awareness of pipeline security as part of their emergency response obligations.45 Nonetheless, the CSR reviews also have identified inadequacies in some company security programs such as not updating security plans, lack of management support, poor employee involvement, inadequate threat intelligence, and employee apathy or error.46 In addition to the initiatives in Table 1, TSA has worked to establish qualifications for personnel seeking unrestricted access to critical pipeline assets and has developed its own inventory of critical pipeline infrastructure.47 The agency has also addressed legal issues regarding recovery from terrorist attacks, such as FBI control of crime scenes and eminent domain in pipeline restoration. In October 2005, TSA issued an overview of recommended security practices for pipeline operators "for informational purposes only ... not intended to replace security measures already implemented by individual companies."48 The agency released revised guidance on security best practices at the end of 2006. 42 Department of Transportation (DOT), "Action Taken and Actions Needed to Improve Pipeline Safety," CC-2004-061, June 16, 2004, p. 21. 43 U.S. Office of Management and Budget, Detailed Information on the Transportation Security Administration: Surface Transportation Security Assessment, September 6, 2008. [http://www.whitehouse.gov/OMB/expectmore/detail/10003631.2008.html] 44 Jack Fox, Transportation Security Administration, "TSA Pipeline Security Programs and Activities Update," Presentation to the American Petroleum Institute Pipeline Conference, Orlando, FL, April 8, 2008, p. 7. 45 Mike Gillenwater, TSA, "Pipeline Security Overview," Presented to the Alabama Public Service Commission Gas Pipeline Safety Seminar, Montgomery, AL, December 11, 2007. 46 Mike Gillenwater, December 11, 2007. 47 TSA, TSA Multi-Modal Criticality Evaluation Tool, TSA Threat Assessment and Risk Management Program, slide presentation, April 15, 2003. 48 TSA, Intermodal Security Program Office, Pipeline Security Best Practices, October 19, 2005, p. 1. CRS-11 The mission of TSA's Pipeline Security Division currently includes developing security standards; implementing measures to mitigate security risk; building and maintaining stakeholder relations, coordination, education and outreach; and monitoring compliance with security standards, requirements, and regulations. The President's FY2009 budget request for DHS did not include a separate line item for TSA's pipeline security activities. The budget request did include a $37 million line item for "Surface Transportation Security," which encompasses security activities in non-aviation transportation modes, including pipelines.49 The PSD has traditionally received from the agency's general operational budget an allocation for routine operations such as regulation development, travel, and outreach. According to the PSD, the budget funds 11 full-time equivalent staff within the office. These staff will conduct pipeline security inspections, maintain TSA's asset database, support TSA's multi-modal risk models, develop new security standards, and issue regulations, as required. In addition, the PSD has access to approximately 100 surface transportation inspectors within TSA who could potentially be trained to perform pipeline inspections in the future should the need arise.50 In January, 2007 testimony before Congress, the TSA Administrator stated that the agency intended to conduct a pipeline infrastructure study to identify the "highest risk" pipeline assets, building upon such a list developed through the CSR program. He also stated that the agency would use its ongoing security review process to determine the future implementation of baseline risk standards against which to set measurable pipeline risk reduction targets.51 Provisions in the Implementing Recommendations of the 9/11 Commission Act of 2007 (P.L. 110-53) require TSA, in consultation with the OPS, to develop a plan for the federal government to provide increased security support to the "most critical" pipelines at high or severe security alert levels and when there is specific security threat information relating to such pipeline infrastructure (§ 1558(a)(1)). The act also requires a recovery protocol plan in the event of an incident affecting the interstate and intrastate pipeline system (§ 1558(a)(2)). Security Incident Investigations. In addition to the above pipeline security initiatives, the TSA Pipeline Security Division has performed a limited number of vulnerability assessments and supported investigations for specific companies and assets where intelligence information has suggested potential terrorist activity.52 The PSD, along with the OPS, was involved in the investigation of an August, 2006 49 U.S. Office of Management and Budget, Budget of the United States Government, Fiscal Year 2009: Appendix, February 2008, p.486. 50 Transportation Security Administration, Intermodal Security Program Office, personal communication, February 27, 2008. 51 Hawley, Kip, Asst. Secretary, Dept. of Homeland Security, Testimony before the Senate Committee on Commerce, Science, and Transportation hearing on Federal Efforts for Rail and Surface Transportation Security, January 18, 2007. 52 Transportation Security Administration, Intermodal Security Program Office, personal communication, August 30, 2006. CRS-12 security breach at an LNG peak-shaving plant in Lynn, MA.53 Although not a terrorist incident, the security breach involved the penetration of intruders through several security barriers and alert systems, permitting them to access the main LNG storage tank at the facility. The PSD also became aware of the JFK terrorist plot in its early stages and supported the Federal Bureau of Investigation's associated investigation. The PSD engaged the private sector in helping to assess potential targets and determine potential consequences. The PSD worked with the pipeline company to keep it informed about the plot, discuss its security practices, and review its emergency response plans.54 Federal Energy Regulatory Commission One area related to pipeline safety and security not under either the OPS's or TSA's primary jurisdiction is the siting approval of new gas pipelines, which is the responsibility of the Federal Energy Regulatory Commission (FERC). Companies building interstate gas pipelines must first obtain from FERC certificates of public convenience and necessity. (FERC does not oversee oil pipeline construction.) FERC must also approve the abandonment of gas facility use and services. These approvals may include safety and security provisions with respect to pipeline routing, safety standards and other factors.55 As a practical matter, however, FERC has traditionally left these considerations to the OPS.56 On September 14, 2001, the Federal Energy Regulatory Commission (FERC) notified FERC regulated companies that it would "approve applications proposing the recovery of prudently incurred costs necessary to further safeguard the nation's energy systems and infrastructure" in response to the terror attacks of 9/11. FERC also committed to "expedite the processing on a priority basis of any application that would specifically recover such costs from wholesale customers." Companies could propose a surcharge over currently existing rates or some other cost recovery method.57 In FY2005, the commission processed security cost recovery requests from 14 oil pipelines and 3 natural gas pipelines.58 The FERC's FY2006 annual report states that "the Commission continues to give the highest priority to deciding any requests made for the recovery of extraordinary expenditures to safeguard the reliability and security of the Nation's energy transportation systems and energy 53 Pipeline and Hazardous Materials Safety Administration (PHMSA), "Pipeline Safety: Lessons Learned From a Security Breach at a Liquefied Natural Gas Facility," Docket No. PHMSA-04-19856, Federal Register, Vol. 71, No. 249, December 28, 2006, p. 78269; TSA, Intermodal Security Program Office, personal communication, August 30, 2006. 54 TSA, July 6, 2007. 55 U.S. Code of Federal Regulations. 18 C.F.R. 157. 56 Federal Energy Regulatory Commission (FERC), personal communication, May 22, 2003. 57 Federal Energy Regulatory Commission (FERC), News release, R-01-38, Washington, DC, September 14, 2001. 58 Federal Energy Regulatory Commission (FERC), Federal Energy Regulatory Commission Annual Report FY2005, 2006, p. 19. These are the most recent specific figures reported. CRS-13 supply infrastructure."59 The FY2007 annual report does not mention pipeline security. In February 2003, FERC handed down a new rule (RM02-4-000) to protect critical energy infrastructure information (CEII). The rule defines CEII as information that "must relate to critical infrastructure, be potentially useful to terrorists, and be exempt from disclosure under the Freedom of Information Act." According to the rule, critical infrastructure is "existing and proposed systems and assets, whether physical or virtual, the incapacity or destruction of which would negatively affect security, economic security, public health or safety, or any combination of those matters." CEII excludes "information that identifies the location of infrastructure." The rule also establishes procedures for the public to request and obtain such critical information, and applies both to proposed and existing infrastructure.60 On May 14, 2003, FERC handed down new rules (RM03-4) facilitating the restoration of pipelines after a terrorist attack. The rules allow owners of a damaged pipeline to use blanket certificate authority to immediately start rebuilding, regardless of project cost, even outside existing rights-of-way. Pipeline owners would still need to notify landowners and comply with environmental laws. Prior rules limited blanket authority to $17.5 million projects and 45-day advance notice.61 Key Policy Issues The 110th Congress is overseeing the implementation of the Pipeline Safety Improvement Act of 2006 (P.L. 109-468) and pipeline security provisions in the Implementing Recommendations of the 9/11 Commission Act of 2007 (P.L. 110-53). In its ongoing oversight of federal pipeline safety and security activities, Congress may examine a number of key issues which have drawn particular attention in policy debate. P.L. 109-468 and P.L. 110-53 contain additional provisions not discussed in this report Pipeline Damage Prevention According to OPS statistics, third-party excavation damage is the single greatest cause of accidents among natural gas distribution pipelines.62 It is also a leading cause of damage among natural gas transmission and hazardous liquids pipelines. Some policy makers have proposed the establishment of federal civil penalties for violations of state "one-call" notification programs to prevent excavation damage to 59 Federal Energy Regulatory Commission (FERC), Federal Energy Regulatory Commission Annual Report FY2006, 2007, p. 23. 60 Federal Energy Regulatory Commission (FERC), News release, R-03-08, Washington, DC. February 20, 2003. 61 Schmollinger, Christian, "FERC OKs Emergency Reconstruction," Natural Gas Week, May 13, 2003. 62 Office of Pipeline Safety (OPS), "Distribution Pipeline Incident Summary by Cause: 1/1/2006 - 12/31/2006," November 13, 2007. [http://ops.dot.gov/stats/NGDIST06.HTM] CRS-14 underground pipelines. While supporting stronger enforcement of excavation damage prevention programs, other stakeholders have argued that such enforcement is best performed by state regulators responsible for administering one-call programs rather than by the federal government. They favor an approach which encourages state enforcement, unless the federal government determines that a state's enforcement efforts are ineffective.63 Consistent with this approach, P.L. 109-468 prohibits federal enforcement in states already imposing such penalties (§ 2). The act also authorizes grants to states (and certain municipalities) for improving damage prevention programs if the states have been certified (under 49 U.S.C. § 60105- 60106) or can demonstrate that they are establishing an "effective" program, as subsequently defined (§ 2). Low-Stress Pipeline Regulations Pipelines operated at less than 20% of the specified minimum strength of the material from which they are constructed are classified as "low-stress" pipelines under 49 C.F.R. § 195.2. According to the OPS, federal pipeline safety regulations originally did not apply to low-stress pipelines because they operated at low pressures, were not prone to accidents, and were thought to pose little risk to the public. In 1994, however, the OPS extended its hazardous liquid pipeline regulations under 49 C.F.R. § 195 to include low-stress pipelines that 1) transport highly volatile liquids, 2) are not located in rural areas, 3) are located offshore, or 4) are located in waterways used for commercial navigation (§ 195.1(b)(3)). The regulation of low-stress pipeline regulations has come under greater Congressional scrutiny since March 2006, after a spill from a BP pipeline oil pipeline led to the partial shutdown of the Prudhoe Bay area oil field on the North Slope of Alaska. In its March 15, 2006, Corrective Action Order (CAO) issued to BP, the OPS found that BP's pipelines met the definition of a "hazardous pipeline facility" under 49 U.S.C. § 60112(a), which grants general authority under the statute, but that specific federal pipeline safety regulations under 49 C.F.R. § 195 did not apply at that time because BP's pipelines were classified as "low-stress" and fell under the exception in 49 C.F.R. § 195.1(b)(3).64 In August, 2006, BP announced additional disruption of North Slope oil supplies to conduct major pipeline repairs "following the discovery of unexpectedly severe corrosion and a small spill from a Prudhoe Bay oil transit line."65 BP subsequently admitted to flaws in its maintenance models and, 63 Felt, T., President and CEO, Explorer Pipeline, Statement before the House Committee on Energy and Commerce, Subcommittee on Energy and Air Quality hearing on Reauthorization of the Pipeline Safety Act, July 27, 2006. 64 Pipeline and Hazardous Material Safety Admin. (PHMSA), Corrective Action Order in the Matter of BP Exploration (Alaska), Inc., Respondent, CPF No. 5-2006-5015H, March 15, 2006. [http://ops.dot.gov/regions/west/BP%205-2006-5015H%20-%20Final.pdf]. 65 BP Exploration Alaska, Inc., "BP to Shutdown Prudhoe Bay Oil Field," Press release, August 6, 2006. CRS-15 in retrospect, the inadequacy of its overall maintenance program for its North Slope operations.66 On September 6, 2006, the OPS published in the Federal Register proposed rules for risk-based regulation of hazardous liquid low-stress pipelines located in "unusually sensitive areas" and exempted from its regulations under 49 C.F.R. § 195.67 The OPS defines an unusually sensitive area (USA) as "a drinking water or ecological resource area that is unusually sensitive to environmental damage from a hazardous liquid pipeline release" (49 C.F.R. § 195.6).68 Although USAs would be identified on a site-by-site basis, the OPS has indicated that the North Slope is a USA.69 P.L. 109-648 required the OPS to promulgate final regulations for low-stress hazardous liquids pipelines by December 31, 2007 (§ 4). Although the OPS initially expected to finalize regulations in USAs by the end of 2006, the agency required more time to incorporate additional provisions under P.L. 109-648. The agency announced modifications to its 2006 proposed rules for low-stress hazardous liquid pipelines on May 18, 2007.70 On September 7, 2007, the OPS requested approval from the Office of Management and Budget to collect additional data needed to develop its low-stress pipelines regulations.71 The agency issued the final regulations effective July 3, 2008.72 In reviewing the OPS's final criteria for low-stress pipeline regulation, Congress may consider the balance between the potential safety benefits and the potential costs of stricter safety programs in light of BP's pipeline problems and potential problems among similar pipeline systems elsewhere in the United States. 66 Marshall, S., President, BP Exploration (Alaska) Inc., Comments to the Joint Alaska Senate and House Resources Committee, August 18, 2006. 67 Pipeline and Hazardous Materials Safety Administration (PHMSA), "Pipeline Safety: Protecting Unusually Sensitive Areas From Rural Onshore Hazardous Liquid Gathering Lines and Low-Stress Lines," Federal Register, Vol. 71, No. 172, September 6, 2006, pp. 52504-52519. 68 49 C.F.R. § 195.6 further define "drinking water" or "ecological resource" areas. 69 Dept. of Transportation (DOT), "U.S. Department of Transportation Proposes New Safety Requirements for Rural Low-Stress and Gathering Pipelines in Unusually Sensitive Areas," Press release, PHMSA 8-06, August 31, 2006. 70 Pipeline and Hazardous Materials Safety Administration (PHMSA), "Pipeline Safety: Protecting Unusually Sensitive Areas From Rural Low-Stress Hazardous Liquid Pipelines," Federal Register, Vol. 72, No. 96, May 18, 2007, pp. 28008-28016. 71 Pipeline and Hazardous Materials Safety Administration (PHMSA), "Request for Public Comment and Office of Management and Budget Approval for a New Information Collection," Federal Register, Vol. 72, No. 173, September 7, 2007, pp. 51489-51490. 72 Pipeline and Hazardous Materials Safety Administration (PHMSA), "Protecting Unusually Sensitive Areas From Rural Onshore Hazardous Liquid Gathering Lines and Low-Stress Lines: Final Rule," PHMSA -- RSPA -- 2003 -- 15864, Federal Register, Vol. 73, June 3, 2008. p. 31634. CRS-16 OPS Safety Enforcement The adequacy of the OPS's enforcement strategy has been an ongoing concern of Congress, particularly after the fatal pipeline accidents in Washington and New Mexico. A report from the General Accounting Office in 2000 called into question fundamental changes in OPS's enforcement strategy at the time, such as sharply reducing the use of fines to enforce compliance with pipeline safety regulations.73 Provisions in the Pipeline Safety Improvement Act of 2002 (P.L. 107-355) put added scrutiny on the effectiveness of the OPS's enforcement strategy and assessment of civil penalties (§ 8). A 2004 Government Accountability Office (GAO) report reexamining OPS enforcement stated that the agency had made a number of changes in its enforcement strategy with the potential to improve pipeline safety. The report concluded, however, that the effectiveness of the strategy could not yet be determined because OPS's program had not incorporated "clear program goals, a well-defined strategy for achieving those goals, and performance measures linked to the program goals."74 In March 2006 testimony before Congress, the GAO reported that the OPS had adopted measures that appeared to be responsive to the agency's earlier concerns, although the GAO had not reviewed the strategy or its implementation in depth.75 In April 2006, PHMSA testified before Congress that the OPS had institutionalized a "tough-but-fair" approach to enforcement, "imposing and collecting larger penalties, while guiding pipeline operators to enhance higher performance."76 According to the agency, $4 million in proposed civil penalties in 2005 was three times greater than penalties proposed in 2003, the first year higher penalties could be imposed under P.L. 107-355 (§ 8(a)).77 Proposed penalties totaled $3 million in 2006, and $4 million in 2007.78 Notwithstanding the agency's efforts to change its pipeline safety enforcement strategy, some analysts have held that the OPS's enforcement actions have not been sufficiently transparent to the public, other government agencies, or industry.79 P.L. 109-468 requires the agency to issue monthly summaries of OPS enforcement actions 73 General Accounting Office (GAO), Pipeline Safety: The Office of Pipeline Safety Is Changing How It Oversees the Pipeline Industry, GAO/RCED-00-128, May 2000, p. 22. 74 Government Accountability Office (GAO), Pipeline Safety: Management of the Office of Pipeline Safety's Enforcement Program Needs Further Strengthening, GAO-04-801, p. 3. 75 Siggerud, K. Government Accountability Office (GAO), Testimony before the House Committee on Transportation and Infrastructure, Subcommittee on Highways, Transit and Pipelines hearing on Pipeline Safety, GAO-06-474T, March 16, 2006, p. 11. 76 Gerard, S.L., Pipeline and Hazardous Materials Admin.(PHMSA), Testimony before the House Energy and Commerce Committee, Energy and Air Quality Subcommittee hearing on Pipeline Safety, Serial No. 109-84, April 27, 2006, p. 14. 77 Ibid. 78 Pipelines and Hazardous Materials Safety Admin. (PHMSA), "Summary of Enforcement Actions," Web page, February 1, 2008. [http://primis.phmsa.dot.gov/comm/reports/enforce/ Actions_opid_0.html] 79 Epstein, L.N. July 27, 2006. CRS-17 including violation and penalty information for each action, and provide a mechanism for pipeline operators to make response information available to the public (§ 6). To meet these requirements, the OPS has established an Internet portal with pipeline safety enforcement information.80 Federal Pipeline Security Authority Congress has repeatedly raised questions about the appropriate division of pipeline security authority between the OPS and TSA.81 Both the OPS and TSA have played important roles in the federal pipeline security program, with TSA the designated lead agency since 2002. In 2004, the DOT and DHS entered into a memorandum of understanding (MOU) concerning their respective security roles in all modes of transportation. The MOU notes that DHS has the primary responsibility for transportation security with support from the DOT, and establishes a general framework for cooperation and coordination. The MOU states that "specific tasks and areas of responsibility that are appropriate for cooperation will be documented in annexes ... individually approved and signed by appropriate representatives of DHS and DOT."82 On August 9, 2006, the departments signed an annex "to delineate clear lines of authority and responsibility and promote communications, efficiency, and nonduplication of effort through cooperation and collaboration between the parties in the area of transportation security."83 In January, 2007, the PHMSA Administrator testified before Congress that the agency had established a joint working group with TSA "to improve interagency coordination on transportation security and safety matters, and to develop and advance plans for improving transportation security," presumably including pipeline security.84 According to TSA, the working group has developed a multi-year action plan specifically delineating roles, responsibilities, resources and actions to execute 11 program elements: identification of critical infrastructure/key resources and risk assessments; strategic planning; developing regulations and guidelines; conducting inspections and enforcement; providing technical support; sharing information during 80 Office of Pipeline Safety (OPS), "PHMSA Pipeline Safety Program: Enforcement," Web page, May 15, 2007. [http://primis.phmsa.dot.gov/comm/reports/enforce/Enforcement.html] 81 For example, see Hon. William J. Pascrell, Jr., statement at the House Committee on Transportation and Infrastructure, Subcommittee on Highways, Transit and Pipelines, hearing on Pipeline Safety, March 16, 2006. 82 Dept. of Homeland Security (DHS) and Dept. of Transportation (DOT), Memorandum of Understanding Between the Department of Homeland Security and the Department of Transportation on Roles and Responsibilities, September 28, 2004, p. 4. 83 Transportation Security Admin. and Pipelines and Hazardous Materials Safety Admin., "Transportation Security Administration and Pipelines and Hazardous Materials Safety Administration Cooperation on Pipelines and Hazardous Materials Transportation Security," August 9, 2006. [http://www.tsa.gov/assets/pdf/tsa-phmsa_annex_to_dhs-dot_mou.pdf] 84 Barrett, T.J., Administrator, Pipeline and Hazardous Materials Safety Administration (PHMSA), Testimony before the Senate Committee on Commerce, Science, and Transportation hearing on Federal Efforts for Rail and Surface Transportation Security, January 18, 2007. CRS-18 emergencies; communications; stakeholder relations; research and development; legislative matters; and budgeting.85 P.L. 109-468 required the DOT Inspector General (IG) to assess the pipeline security actions taken by the DOT in implementing its 2004 MOU with the DHS (§ 23). The Inspector General published this assessment in May 2008. The IG report states that PHMSA and TSA have taken initial steps toward formulating an action plan to implement the provisions of the pipeline security annex.... However, further actions need to be taken with a sense of urgency because the current situation is far from an "end state" for enhancing the security of the Nation's pipelines.86 The report recommended that PHMSA (OPS) and TSA finalize and execute their security annex action plan, clarify their respective roles specifically in LNG facility security, and jointly develop a pipeline security strategy that maximizes the effectiveness of their respective capabilities and efforts.87 It remains to be determined whether the subsequent activities put in place between the OPS and TSA based on the provisions in their MOU annex will be implemented effectively given the two agencies' existing structures and obligations. Pipeline Security Regulations As noted earlier in this report, federal pipeline security activities to date have relied upon voluntary industry compliance with OPS security guidance and TSA security best practices. By initiating this voluntary approach, the OPS sought to speed adoption of security measures by industry and avoid the publication of sensitive security information (e.g., critical asset lists) that would normally be required in public rulemaking.88 Provisions in P.L. 109-468 require the DOT Inspector General to "address the adequacy of security standards for gas and oil pipelines" (§ 23(b)(4)). P.L. 110-53 similarly directs TSA to promulgate pipeline security regulations and carry out necessary inspection and enforcement -- if the agency determines that regulations are appropriate (§ 1557(d)). Addressing this issue the 2008 IG report states that TSA's current security guidance is not mandatory and remains unenforceable unless a regulation is issued to require industry compliance.... PHMSA and TSA 85 TSA, Pipeline Security Division, personal communication, July 6, 2007. 86 U.S. Dept. of Transportation, Office of Inspector General, Actions Needed to Enhance Pipeline Security, Pipeline and Hazardous Materials Safety Administration, Report No. AV-2008-053, May 21, 2008, p. 3. 87 Ibid. pp. 5-6. 88 GAO, Pipeline Security and Safety: Improved Workforce Planning and Communication Needed, GAO-02-785, August 2002, p. 22. CRS-19 will need to conduct covert tests of pipeline systems' vulnerabilities to assess the current guidance as well as the operators' compliance.89 Although TSA's FY2005 budget justification stated that the agency would "issue regulations where appropriate to improve the security of the [non-aviation transportation] modes," the agency has not done so for pipelines.90 TSA believes that the pipeline industry has taken the security guidance seriously and has done a "good job" to date.91 The pipelines industry has expressed concern that new security regulations and related requirements may be "redundant" and "may not be necessary to increase pipeline security."92 The PHMSA Administrator in 2007 testified that enhancing security "does not necessarily mean that we must impose regulatory requirements."93 More recently, TSA officials have questioned the IG assertions regarding pipeline security regulations, particularly the IG's call for covert testing of pipeline operator security measures. They argue that TSA is complying with the letter of P.L. 110-53 and that its pipeline operator security reviews are more than paper reviews.94 In its oversight of potential pipeline security regulations, Congress may evaluate the effectiveness of the current voluntary pipeline security standards based on findings from the TSA's CSR reviews and future DOT Inspector General reports. P.L. 110-53 also requires TSA, in consultation with the OPS, to establish within one year of enactment a program for reviewing the adoption by pipeline operators of the 2002 OPS security guidance, including the review of security plans and critical facility inspections "of the 100 most critical pipeline operators" (§ 1557 (b)). According to TSA, the agency's existing CSR program fulfills much of this requirement. TSA Pipelines Security Resources Congress has long been critical of TSA's funding of non-aviation security activities, including pipeline activities. For example, as one Member remarked in 2005, "aviation security has received 90% of TSA's funds and virtually all of its 89 U.S. Dept. of Transportation, Office of Inspector General, May 21, 2008, p. 6. 90 Department of Homeland Security (DHS), Transportation Security Administration Fiscal Year 2005 Congressional Budget Justification, Washington, DC, February 2, 2004, p. 20. 91 TSA, February 27, 2008. 92 American Gas Association (AGA), American Petroleum Institute (API), Association of Oil Pipelines (AOPL), and American Public Gas Association (APGA), joint letter to members of the Senate Commerce Committee providing views on S. 1052, August 22, 2005. 93 Barrett, T.J. January 18, 2007. 94 Sammon, John, Transportation Security Administration, Testimony before the House Transportation and Infrastructure Committee, Railroad, Pipelines, and Hazardous Materials Subcommittee hearing on Implementation of the Pipeline Inspection, Protection, Enforcement, and Safety Act of 2006, June 24, 2008. CRS-20 attention. There is simply not enough being done to address ... pipeline security."95 At its current staffing level, TSA's Pipelines Security Division has limited field presence for inspections and possible enforcement of future regulations. TSA's plan to focus security inspections on the largest pipeline and distribution system operators seeks to make the best use of limited resources. The concern is that TSA currently lacks sufficient resources for rigorous security plan verification and a credible threat of enforcement, so operator compliance with security guidance may be inadequate, leaving the pipeline network as a whole less secure than it might be with more universal inspection and enforcement coverage. P.L. 110-53 specifically authorizes funding of $2 million annually through FY2010 for TSA's pipeline security inspections and enforcement program (§ 1557(e)). It is an open question whether $2 million annually would be sufficient to enable TSA to meet congressional expectations for federal pipeline security activities. Additional Issues In addition to the issues mentioned above, Congress may consider several issues related to proposed legislation or otherwise raised by pipeline stakeholders. Distribution Integrity Management. As noted earlier in this report, the OPS made integrity management programs mandatory for oil transmission pipelines in 2001 and for gas transmission pipelines in 2003. Congress and other stakeholders have since sought to extend these regulations to natural gas distribution pipelines, such as those operated by regional natural gas utilities. Because distribution pipelines are designed and operate differently from transmission lines, the OPS has been developing approaches to structuring unique regulations for distribution systems. Natural gas distribution companies have sought flexible, risk-based options in any future integrity management regulations directed at distribution systems.96 P.L. 109-468 mandates the promulgation by OPS of minimum standards for integrity management programs for distribution pipelines by December 31, 2007 (§ 9). The agency issued proposed standards for public comment on June 25, 2008.97 PHMSA officials reportedly have indicated that they seek to issue final regulations in December 2008.98 As the OPS's study of distribution integrity management measures continues, Congress may act to ensure that any resulting regulations 95 Sen. Daniel K. Inouye, opening statement before the Senate Committee on Commerce, Science and Transportation, hearing on the President's FY2006 Budget Request for the Transportation Security Administration (TSA), February 15, 2005. 96 E. F. Bender, Baltimore Gas and Electric Company, testimony before the House Committee on Transportation and Infrastructure, Subcommittee on Highways, Transit and Pipelines, hearing on Pipeline Safety, March 16, 2006, p. 10. 97 Pipeline and Hazardous Materials Safety Administration (PHMSA), "Pipeline Safety: Integrity Management Program for Gas Distribution Pipelines," PHMSA-RSPA-2004- 19854, Federal Register, Vol. 73, No. 123, June 25, 2008, p. 36015. 98 American Gas Association (AGA), "Summary of Discussions at the AGA Public Meeting," Chicago, IL, August 13, 2008, p. 2. [http://www.aga.org/NR/rdonlyres/ FEA58F64-0FB7-48AC-8EB9-88DCC2E9C57F/0/0808DIMPWKSHOPNOTES.PDF] CRS-21 balance the potential benefits of improved pipeline safety with the potential costs to distribution pipeline operators. Mandatory Pipeline Assessment Intervals. The Pipeline Safety Improvement Act of 2002 requires that natural gas pipelines operators subject to the act perform integrity management reassessments at least every seven years after an initial baseline assessment (§ 14a). Some pipeline operators believe that this reassessment interval may be too prescriptive and may not be appropriate for all pipelines. Operators argue that assessing pipelines too frequently is costly and inefficient, diverting limited safety resources from other uses with greater pipeline safety benefits.99 Based on assessments conducted through 2005, "and the generally safe condition of gas transmission pipelines," the GAO concluded in 2006 that the seven year reassessment interval "appears to be conservative."100 The GAO recommended that Congress permit pipeline operators to reassess gas transmission pipelines at intervals based on risk factors, technical data, and engineering analyses. The agency believed such a revision would allow the OPS more flexibility to establish longer or shorter reassessment intervals as warranted by pipeline conditions.101 According to OPS testimony in June 2008, the Secretary of Transportation has corresponded with House Energy and Commerce committee regarding the agency's plans for exempting pipeline operators from the seven year interval requirement, but this correspondence has not been released publicly.102 Conclusion Both government and industry have taken numerous steps to improve pipeline safety and security since 2001. Federal activities in these areas are evolving and agency responsibilities are still being sorted out. Although pipeline impacts on the environment remain a concern of some public interest groups, both federal government and industry representatives suggest that federal pipeline programs have been on the right track. As oversight of the federal role in pipeline safety and security continues, questions may be raised concerning the effectiveness of state pipeline damage prevention programs, the promulgation of low-stress pipeline regulations, federal 99 J. L. Mohn, Panhandle Energy, testimony before the House Committee on Transportation and Infrastructure, Subcommittee on Highways, Transit and Pipelines, hearing on pipeline Safety, March 16, 2006, p. 9. 100 Government Accountability Office (GAO), Natural Gas Pipeline Safety: Risk-Based Standards Should Allow Operators to Better Tailor Reassessments to Pipeline Threats, GAO-06-945, September 8, 2006. p. 3. 101 Ibid. p. 6. 102 Gerard, Stacy, Asst. Administrator, Pipeline and Hazardous Materials Safety Administration (PHMSA), Testimony before the House Transportation and Infrastructure Committee, Railroad, Pipelines, and Hazardous Materials Subcommittee hearing on Implementation of the Pipeline Inspection, Protection, Enforcement, and Safety Act of 2006, June 24, 2008. CRS-22 pipeline safety enforcement, the relationship between DHS and the DOT with respect to pipeline security, and particular provisions in federal pipeline safety regulation. In addition to these specific issues, Congress may wish to assess how the various elements of U.S. pipeline safety and security activity fit together in the nation's overall strategy to protect transportation infrastructure. For example, diverting pipeline resources away from safety to enhance security might further reduce terror risk, but not overall pipeline risk, if safety programs become less effective as a result. Pipeline safety and security necessarily involve many groups: federal agencies, oil and gas pipeline associations, large and small pipeline operators, and local communities. Reviewing how these groups work together to achieve common goals could be an oversight challenge for Congress. ------------------------------------------------------------------------------ For other versions of this document, see http://wikileaks.org/wiki/CRS-RL33347