[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3699 Reported in House (RH)]
<DOC>
Union Calendar No. 224
116th CONGRESS
1st Session
H. R. 3699
[Report No. 116-279]
To codify the Transportation Security Administration's responsibility
relating to securing pipelines against cybersecurity threats, acts of
terrorism, and other nefarious acts that jeopardize the physical
security or cybersecurity of pipelines, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
July 11, 2019
Mr. Cleaver introduced the following bill; which was referred to the
Committee on Homeland Security
November 12, 2019
Additional sponsor: Mr. Taylor
November 12, 2019
Committed to the Committee of the Whole House on the State of the Union
and ordered to be printed
_______________________________________________________________________
A BILL
To codify the Transportation Security Administration's responsibility
relating to securing pipelines against cybersecurity threats, acts of
terrorism, and other nefarious acts that jeopardize the physical
security or cybersecurity of pipelines, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Pipeline Security Act''.
SEC. 2. PIPELINE SECURITY RESPONSIBILITIES.
Subsection (f) of section 114 of title 49, United States Code, is
amended--
(1) in paragraph (15), by striking ``and'' after the
semicolon at the end;
(2) by redesignating paragraph (16) as paragraph (17); and
(3) by inserting after paragraph (15) the following new
paragraph:
``(16) maintain responsibility, in coordination with the
Director of the Cybersecurity and Infrastructure Security
Agency, as appropriate, relating to securing pipeline
transportation and pipeline facilities (as such terms are
defined in section 60101 of this title) against cybersecurity
threats (as such term is defined in section 102 of the
Cybersecurity Information Sharing Act of 2015 (Public Law 114-
113; 6 U.S.C. 1501)), an act of terrorism (as such term is
defined in section 3077 of title 18), and other nefarious acts
that jeopardize the physical security or cybersecurity of such
transportation or facilities; and''.
SEC. 3. PIPELINE SECURITY SECTION.
(a) In General.--Title XII of the Implementing Recommendations of
the 9/11 Commission Act of 2007 (Public Law 110-53) is amended by
adding at the end the following new section:
``SEC. 1209. PIPELINE SECURITY SECTION.
``(a) Establishment.--There is within the Transportation Security
Administration a pipeline security section to carry out pipeline
security programs in furtherance of section 114(f)(16) of title 49,
United States Code.
``(b) Mission.--The mission of the section referred to in
subsection (a) is to oversee, in coordination with the the
Cybersecurity and Infrastructure Security Agency of the Department of
Homeland Security, the security of pipeline transportation and pipeline
facilities (as such terms are defined in section 60101 of title 49,
United States Code) against cybersecurity threats (as such term is
defined in section 102 of the Cybersecurity Information Sharing Act of
2015 (Public Law 114-113; 6 U.S.C. 1501)), an act of terrorism (as such
term is defined in section 3077 of title 18, United States Code), and
other nefarious acts that jeopardize the physical security or
cybersecurity of such transportation or facilities.
``(c) Leadership; Staffing.--The Administrator of the
Transportation Security Administration shall appoint as the head of the
section an individual with knowledge of the pipeline industry and
security best practices, as determined appropriate by the
Administrator. The section shall be staffed by a workforce that
includes personnel with cybersecurity expertise.
``(d) Responsibilities.--The section shall be responsible for
carrying out the duties of the section as directed by the Administrator
of the Transportation Security Administration, acting through the head
appointed pursuant to subsection (c). Such duties shall include the
following:
``(1) Developing, in consultation with relevant Federal,
State, local, Tribal, territorial entities and public and
private sector stakeholders, guidelines for improving the
security of pipeline transportation and pipeline facilities
against cybersecurity threats, an act of terrorism, and other
nefarious acts that jeopardize the physical security or
cybersecurity of such transportation or facilities, consistent
with the National Institute of Standards and Technology
Framework for Improvement of Critical Infrastructure
Cybersecurity and any update to such guidelines pursuant to
section 2(c)(15) of the National Institute for Standards and
Technology Act (15 U.S.C. 272(c)(15)).
``(2) Updating such guidelines as necessary based on
intelligence and risk assessments, but not less frequently than
every three years.
``(3) Sharing of such guidelines and, as appropriate,
intelligence and information regarding such security threats to
pipeline transportation and pipeline facilities, as
appropriate, with relevant Federal, State, local, Tribal, and
territorial entities and public and private sector
stakeholders.
``(4) Conducting voluntary security assessments based on
the guidelines developed pursuant to paragraph (1) to provide
recommendations for the improvement of the security of pipeline
transportation and pipeline facilities against cybersecurity
threats, an act of terrorism, and other nefarious acts that
jeopardize the physical security or cybersecurity of such
transportation or facilities, including the security policies,
plans, practices, and training programs maintained by owners
and operators of pipeline facilities.
``(5) Carrying out a program through which the
Administrator identifies and ranks the relative risk of
pipelines and inspects pipeline facilities designated by owners
and operators of such facilities as critical based on the
guidelines developed pursuant to paragraph (1).
``(6) Preparing notice and comment regulations for
publication, if determined necessary by the Administrator.
``(e) Details.--In furtherance of the section's mission, as set
forth in subsection (b), the Administrator and the Director of the
Cybersecurity and Infrastructure Security Agency may detail personnel
between their components to leverage expertise. Personnel detailed from
the Cybersecurity and Infrastructure Security Agency may be considered
as fulfilling the cybersecurity expertise requirements in referred to
in subsection (c).''.
(b) Updated Guidelines.--Not later than March 31, 2021, the section
shall publish updated guidelines pursuant to section 1209 of the
Implementing Recommendations of the 9/11 Commission Act of 2007, as
added by subsection (a).
(c) Clerical Amendment.--The table of contents for the Implementing
Recommendations of the 9/11 Commission Act of 2007 is amended by
inserting after the item relating to section 1208 the following new
item:
``Sec. 1209. Pipeline security section.''.
SEC. 4. PERSONNEL STRATEGY.
(a) In General.--Not later than 180 days after the date of the
enactment of this Act, the Administrator of the Transportation Security
Administration, in coordination with the Director of the Cybersecurity
and Infrastructure Security Agency of the Department of Homeland
Security, shall develop a personnel strategy for enhancing operations
within the pipeline security section of the Transportation Security
Administration, as established pursuant to section 1209 of the
Implementing Recommendations of the 9/11 Commission Act of 2007, as
added by section 3.
(b) Contents.--The strategy required under subsection (a) shall
take into consideration the most recently published versions of each of
the following documents:
(1) The Transportation Security Administration National
Strategy for Transportation Security.
(2) The Department of Homeland Security Cybersecurity
Strategy.
(3) The Transportation Security Administration
Cybersecurity Roadmap.
(4) The Department of Homeland Security Balanced Workforce
Strategy.
(5) The Department of Homeland Security Quadrennial
Homeland Security Review.
(c) Resources.--The strategy shall include an assessment of
resources determined necessary by the Administrator.
(d) Submission to Congress.--Upon development of the strategy, the
Administrator of the Transportation Security Administration shall
provide to the Committee on Homeland Security of the House of
Representatives and the Committee on Commerce, Science, and
Transportation of the Senate a copy of such strategy.
SEC. 5. OVERSIGHT.
(a) Report to Congress.--The Administrator of the Transportation
Security Administration shall report to the Committee on Homeland
Security of the House of Representatives and the Committee on Commerce,
Science, and Transportation of the Senate not less than annually on
activities of the pipeline security section of the Administration, as
established pursuant to section 1209 of the Implementing
Recommendations of the 9/11 Commission Act of 2007, as added by section
3, including information with respect to guidelines, security
assessments, and inspections. Each such report shall include a
determination by the Administrator regarding whether there is a need
for new regulations or non-regulatory initiatives and the basis for
such determination.
(b) GAO Review.--Not later than two years after the date of the
enactment of this Act, the Comptroller General of the United States
shall conduct a review of the implementation of this Act and the
amendments made by this Act.
SEC. 6. STAKEHOLDER ENGAGEMENT.
Not later than one year after the date of the enactment of this
Act, the Administrator of the Transportation Security Administration
shall convene not less than two industry days to engage with relevant
pipeline transportation and pipeline facilities stakeholders on matters
related to the security of pipeline transportation and pipeline
facilities (as such terms are defined in section 60101 of title 49,
United States Code).
Union Calendar No. 224
116th CONGRESS
1st Session
H. R. 3699
[Report No. 116-279]
_______________________________________________________________________
A BILL
To codify the Transportation Security Administration's responsibility
relating to securing pipelines against cybersecurity threats, acts of
terrorism, and other nefarious acts that jeopardize the physical
security or cybersecurity of pipelines, and for other purposes.
_______________________________________________________________________
November 12, 2019
Committed to the Committee of the Whole House on the State of the Union
and ordered to be printed