Regulatory Submissions

Earlier in August, APGA and trade associations representing all aspects of the oil and natural gas value chain submitted a letter to the head of the Transportation Security Administration (TSA) outlining concerns with recently-issued regulations, as well as considerations for how to address them. Members from the trade associations have had challenges implementing the Security Directives (SDs), specifically SD 02. There are also questions about the process with which they were developed. The oil and natural gas industry understands the ongoing situation presented by ransomware and other cyber threats to critical infrastructure and are committed to working with TSA to continue sound pipeline security practices and policies. However, these recent actions from the regulator could negatively impact the nearly two decades-long relationship between operators and TSA to apply risk-based methodology that properly balances pipeline security with operational reliability and safety. Below is a summary of the requests from APGA and others.

• TSA and its technical experts should work closely and quickly with industry experts to ensure mutual understanding of how requirements in the Directives could impact operational safety and reliability.

• TSA should release the technical Frequently Asked Questions (FAQs) associated with the Directives immediately.

• TSA should provide clarity on anticipated criteria and timelines for review of alternative proposals, which are allowed if not able to meet the requirements of SD 02, including addressing operator recourse if TSA disagrees with the alternative proposal or there are supply chain limitations.

• TSA should ensure operators are not penalized for awaiting the review of alternative proposals.

• TSA should provide more clarity on the scope of SD 02, so that operators can make more sound determinations of what is necessary to avoid disrupting operations or threatening pipeline safety.

• TSA should reconsider its process for implementing pipeline security initiatives in the future to ensure better input on the compatibility of proposed security requirements with pipeline operational technology.

• TSA and the pertinent government intelligence community should brief all potentially affected pipelines on relevant cybersecurity threat intelligence as soon as possible.

In the days following this letter, TSA has begun to engage those affected pipeline companies, as such this letter is having impacts. However, industry hopes the regulator will act on all these requests. APGA staff will work through the Security Task Group to continue engagement with the federal government on physical and cyber security issues.