With natural gas playing an increasing role in power generation, the Department of Energy (DOE) is recommending that it coordinate with other government agencies to determine whether additional cybersecurity protections for the nation's natural gas pipeline network are warranted.
One month after tangling with the incoming Trump administration over a controversial questionnaire sent to DOE officials on climate change, the department laid out 76 policy recommendations in the second installment of its Quadrennial Energy Review (QER), which it released last Friday.
While acknowledging in "Transforming the Nation's Electricity System," also dubbed "QER 1.2," that natural gas "plays an increasingly important role as fuel for the nation's electricity system," the DOE warned that a gas pipeline outage or malfunction caused by a cyberattack "could affect not only pipeline and related infrastructures, but also the reliability of the nation's electricity system."
And while the DOE also lauded Congress for passing, and President Obama for signing, the Fixing America's Surface Transportation (FAST) Act into law in December 2015, the department warned that the types of national security threats envisioned by the law stand "in stark contrast to other major reliability events that have caused regional blackouts and reliability failures in the past.
"In the current environment, the U.S. grid faces imminent danger from cyber attacks, absent a discrete set of actions and clear authorities to inform both responses and threats. Widespread disruption of electric service because of a transmission failure initiated by a cyberattack at various points of entry could undermine U.S. lifeline networks, critical defense infrastructure, and much of the economy; it could also endanger the health and safety of millions of citizens."
Among its recommendations, the DOE called for amending the Federal Power Act even further than the changes enacted under the FAST Act. Congress should "clarify and affirm the DOE's authority to develop preparation and response capabilities that will ensure it is able to issue a grid-security emergency order to protect critical electric infrastructure" from damage, including cyberattacks,” it said.
The DOE also recommended that Congress grant FERC with authority to either modify reliability standards proposed by the North American Electric Reliability Corp. (NERC) or to promulgate new standards on its own, depending on whether lawmakers feel expeditious action by the Federal Energy Regulatory Commission is necessary.
"This narrow expansion of FERC's authority would complement DOE's national security authorities related to grid-security emergencies affecting critical electric infrastructure and defense-critical electricity infrastructure," the DOE said. "This approach would maintain the productive NERC-FERC structure for developing and enforcing reliability standards, but would ensure that the federal government could act directly if necessary to address national security issues."
Another recommendation calls for DOE, in cooperation with FAST Act authorities and FERC, to assess current cybersecurity protections for the nation's gas pipelines and associated infrastructure. Such an assessment would aid the department in determining whether additional measures needed to be enacted to protect pipelines, or if certain measures needed to become mandatory.
"If the assessment concludes that additional cybersecurity protections -- including mandatory cybersecurity protocols -- for natural gas pipelines and associated infrastructure are necessary to protect the electricity system, such measures and protocols should be developed and implemented," the DOE said. "This work should build on existing assessments, including those underway at the Transportation Security Administration (TSA)."
The TSA, part of the Department of Homeland Security, holds regulatory authority for the security of natural gas and hazardous liquid pipelines, but pipeline safety is the dominion of the Pipeline and Hazardous Materials Safety Administration (PHMSA) within the Department of Transportation. PHMSA and the TSA have cooperated on pipeline safety issues since 2004, when the two agencies signed a memorandum of understanding (MOU). An annex to the MOU was signed in 2006.
Last October, a group of environmental activists disrupted operations at five crude oil pipelines in the United States and Canada. According to reports, the activists used bolt cutters to cut padlocks and chains to access remote shutoff valves on pipelines operated by Enbridge Inc., Kinder Morgan Inc., Spectra Energy Partners LP and TransCanada Corp. The pipelines, which collectively can transport 2.8 million boe/d, were restarted within days.
Two individuals were arrested after making separate attempts to blow up natural gas pipelines in Oklahoma in 2011 and in Texas in 2012. Meanwhile, a survey conducted in November 2015 of more than 150 information technology professionals in the oil and gas industry found that 82% had seen an increase in successful cyberattacks in the preceding 12 months.
Trump has nominated former Texas Gov. Rick Perry as secretary of the DOE, despite Perry's pledge on the campaign trail to dismantle the department if he were elected president. According to reports, Perry's confirmation hearing in the Senate may be held next week.