TSA Has Been Underfunded, Understaffed While Overseeing Pipeline Cybersecurity The TSA is one of federal agencies overseeing security of the nation's pipelines. Critics say the TSA is understaffed and needs to do more than set voluntary guidelines for the industry to follow.

TSA Has Been Underfunded, Understaffed While Overseeing Pipeline Cybersecurity

TSA Has Been Underfunded, Understaffed While Overseeing Pipeline Cybersecurity

  • Download
  • <iframe src="https://www.npr.org/player/embed/997983710/997983711" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

The TSA is one of federal agencies overseeing security of the nation's pipelines. Critics say the TSA is understaffed and needs to do more than set voluntary guidelines for the industry to follow.

MARY LOUISE KELLY, HOST:

The hack of the Colonial Pipeline created shortages and panic buying last week and also raised questions about federal oversight of critical energy infrastructure. The TSA is responsible for regulating pipeline cybersecurity, but until recently, it has been underfunded and understaffed. NPR's Brian Naylor reports.

BRIAN NAYLOR, BYLINE: When we think of the Transportation Security Administration, we think of officers at airport check-in gates screening our luggage and carry-ons. But perhaps surprisingly, the TSA has another responsibility. Rob Knake is a senior fellow at the Council on Foreign Relations.

ROB KNAKE: This dates back to the 9/11 era when Congress created TSA. They also gave TSA responsibility for pipelines and for surface transportation.

NAYLOR: But the TSA's pipeline cybersecurity responsibilities were overlooked even within the agency. A 2018 report by the Government Accountability Office found what it labeled significant weaknesses in TSA's management of pipeline security. It noted that there were only six positions focused on the entire nation's pipeline infrastructure. And, Knake points out, the TSA relies on voluntary compliance from the private pipeline owners.

KNAKE: They don't have the capacity. They haven't staffed for it. They haven't budgeted for it. And so the first thing that needs to happen is the department and the Biden administration need to make the decision that, yes, we're going to regulate and yes, we're going to use these existing authorities.

NAYLOR: Neil Chatterjee is a commissioner with and former chairman of the Federal Energy Regulatory Commission. Chatterjee has suggested transferring TSA's pipeline oversight to another agency such as the Department of Energy.

NEIL CHATTERJEE: My colleagues and I have been warning about the need to really beef up the security of these critical infrastructure assets. And I think this ransomware attack on the Colonial Pipeline is the first sort of real-world illustrative impact of this security concern.

NAYLOR: The TSA has hired more staff for pipeline oversight. The agency says there are now 34 positions and a $3 million budget. Chatterjee applauds that action, but says it's not enough.

CHATTERJEE: They did beef up their pipeline security operations. But clearly, as evidenced by this incident, there's more work to be done.

NAYLOR: Rob Knake says right now, we don't really know if there are ongoing cyber incidents with other pipelines.

KNAKE: The most important thing that TSA needs to do is set requirements for pipelines to notify the agency of any new incidents that are occurring and then to have the authority to investigate those incidents.

NAYLOR: Democratic Congressman Jim Langevin of Rhode Island worries that an attack on, say, natural gas pipelines or the electric grid in the middle of winter could lead to widespread economic damages and even loss of life.

JIM LANGEVIN: This whole incident with Colonial should be a wake-up call to everyone, including regulators and the government and American people that our critical infrastructure is incredibly vulnerable.

NAYLOR: Langevin is co-sponsor of one of several measures before Congress aimed at strengthening the TSA's hand in oversight of pipeline security.

Brian Naylor, NPR News.

(SOUNDBITE OF EL TEN ELEVEN'S "FANSHAWE")

Copyright © 2021 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.