The U.S. Department of Homeland Security issued a 30-day notice that the Transportation Security Administration (TSA) has submitted an Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and approval. The request seeks to extend the current data collection related to pipeline security incidents, apart from the contact details of designated cybersecurity coordinators and their alternates.
Interested stakeholders have until July 2 to submit comments. To be most effective, comments should reach OMB within 30 days of the notice’s publication.
In a Monday notice published in the Federal Register, the TSA is inviting comments to evaluate whether the proposed information requirement is necessary for the proper performance of the agency’s functions, including whether the information will have practical utility. It also seeks to evaluate the accuracy of the agency’s estimate of the burden; enhance the quality, utility, and clarity of the information to be collected; and minimize the burden of the collection of information on those who are to respond, including using appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology.
Christina A. Walsh, Paperwork Reduction Act Officer at the TSA, identified that in addition to the transport agency’s broad responsibility and authority for ‘security in all modes of transportation,’ the TSA is statutorily required to develop and transmit to pipeline operators security recommendations for natural gas and hazardous liquid pipelines and pipeline facilities.
The TSA published a Federal Register notice, with a 60-day comment solicitation period, for the information collection last November. However, it did not receive any comments on the notice.
Consistent with these requirements, TSA produced Pipeline Security Guidelines in December 2010 and April 2011, with an update published in April 2021. As the lead federal agency for pipeline security and consistent with its statutory authorities, TSA requests to be notified of incidents that may indicate a deliberate attempt to disrupt pipeline operations, and activities that could be precursors to such an attempt.
In May 2021, in response to a ransomware attack on the Colonial Pipeline company, TSA issued a security directive series with requirements for owners/operators of hazardous liquid and natural gas pipelines and liquefied natural gas facilities that TSA designated as critical. The security directive series included two mandatory information collections – reporting pipeline security incidents and providing contact information for the cybersecurity coordinator(s) and alternate(s).
In its 2023 annual assessment, the Office of the Director of National Intelligence (ODNI) noted that “China almost certainly is capable of launching cyber attacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems.”
