The North American Electric Reliability Corp. (NERC) has set mandatory standards that are enforced to secure the reliability of the nation's electric grid, but security requirements under the Transportation Security Administration (TSA) are voluntary, not mandatory, making natural gas pipelines "the weak link in U.S. national energy infrastructure," according to the Industrial Energy Consumers of America (IECA).
In letters sent Wednesday to the chairmen of both the Senate Committee on Energy and Natural Resources and the House Committee on Energy and Commerce, IECA called for oversight hearings and "appropriate action to ensure that Congress has done all that is reasonable and cost-effective to ensure the security of natural gas pipelines."
IECA said it supports an enforceable nationwide pipeline security standard with accountability resting "on the pipeline companies.” However, it does not support creating an organization like the North American Electric Reliability Corp. (NERC) only for natural gas pipelines.
“One could make the argument that NERC's responsibilities could be changed to include natural gas pipelines, given their in-house knowledge and the importance of the gas/electricity interface issues."
In June, FERC Commissioners Neil Chatterjee and Richard Glick said regulation of natural gas pipeline security should be shifted from TSA to the Department of Energy (DOE). Electricity grid operators are required to comply with Federal Energy Regulatory Commission security standards, but there are no comparable standards for the nation's network of natural gas pipelines, they said. DOE established a cybersecurity office in February.
Last year, TSA, the same agency that oversees commercial air traffic, rail lines and highways, said it had just six full-time employees tasked with securing more than 2.7 million miles of U.S. natural gas, oil, and hazardous liquids pipelines.
Earlier this year, several agencies within the federal government said they were investigating a series of cyberattacks directed at a third-party software system used by several U.S. natural gas pipeline companies. The cyberattacks were directed at pipelines using the Electronic Data Interchange, a platform offered by Latitude Technologies Inc., a subsidiary of Norwell, MA-based Energy Services Group LLC.
The Trump administration previously accused Russian government operatives of targeting the U.S. energy sector, government agencies and other critical infrastructure sectors with a series of cyberattacks for at least the last two years. The accusation followed an investigation by Department of Homeland Security and the Federal Bureau of Investigation.