Regulatory Submissions

Late last week, APGA responded to two Transportation Security Administration (TSA) Information Collection Requests (ICRs). APGA joined several other trade associations from the natural gas supply chain to offer this input. The actions the pipeline security regulator will take based on the data collected will significantly impact in the near term those companies having to comply with the recently issued Pipeline Security Directives 1 and 2 (PSD 01 and PSD 02). However, there is potential for all public natural gas utilities to be affected in the future from how the regulator acts, which is why APGA sought to offer input.

The first ICR asked for public comment on a three-year renewal to collect information involving the submission of data concerning pipeline security incidents, appointment of cybersecurity coordinators, and these coordinators’ contact information, which are requirements of PSD 01 and PSD 02. APGA and the other associations support federal efforts to enhance the security of the nation’s pipeline systems, in partnership with operators. However, TSA has not accurately calculated the time burden to operators, considering the broad scope of applicability for cybersecurity incidents that requires reporting across both the information technology (IT) and operational technology (OT) networks. As well, it is important to have cybersecurity coordinators working with TSA, but no account is made for the increased resources required to maintain such a position at little-to-no added security benefit for the pipeline system. Ultimately, a three-year extension would basically codify PSD 01 and PSD 02, which were meant to be temporary. APGA and the other associations acknowledge TSA’s authority to regulate pipeline cybersecurity, but the agency should proceed through notice and comment rulemaking, not through Security Directives.

The second ICR requested public comment on the renewal and revision to continue collection of critical facility security information for TSA-identified critical pipeline systems. Again, operators in the natural gas supply chain strongly support federal efforts to further security of critical infrastructure. However, the criteria used to identify critical facilities remains ambiguous and industry would like to work with TSA to make it clearer. If the renewal is approved, then, the opportunity to modify the critical facility criteria would be missed.