TSA Has Been Underfunded, Understaffed While Overseeing Pipeline Cybersecurity
MARY LOUISE KELLY, HOST:
The hack of the Colonial Pipeline created shortages and panic buying last week and also raised questions about federal oversight of critical energy infrastructure. The TSA is responsible for regulating pipeline cybersecurity, but until recently, it has been underfunded and understaffed. NPR's Brian Naylor reports.
BRIAN NAYLOR, BYLINE: When we think of the Transportation Security Administration, we think of officers at airport check-in gates screening our luggage and carry-ons. But perhaps surprisingly, the TSA has another responsibility. Rob Knake is a senior fellow at the Council on Foreign Relations.
ROB KNAKE: This dates back to the 9/11 era when Congress created TSA. They also gave TSA responsibility for pipelines and for surface transportation.
NAYLOR: But the TSA's pipeline cybersecurity responsibilities were overlooked even within the agency. A 2018 report by the Government Accountability Office found what it labeled significant weaknesses in TSA's management of pipeline security. It noted that there were only six positions focused on the entire nation's pipeline infrastructure. And, Knake points out, the TSA relies on voluntary compliance from the private pipeline owners.
KNAKE: They don't have the capacity. They haven't staffed for it. They haven't budgeted for it. And so the first thing that needs to happen is the department and the Biden administration need to make the decision that, yes, we're going to regulate and yes, we're going to use these existing authorities.
NAYLOR: Neil Chatterjee is a commissioner with and former chairman of the Federal Energy Regulatory Commission. Chatterjee has suggested transferring TSA's pipeline oversight to another agency such as the Department of Energy.
NEIL CHATTERJEE: My colleagues and I have been warning about the need to really beef up the security of these critical infrastructure assets. And I think this ransomware attack on the Colonial Pipeline is the first sort of real-world illustrative impact of this security concern.
NAYLOR: The TSA has hired more staff for pipeline oversight. The agency says there are now 34 positions and a $3 million budget. Chatterjee applauds that action, but says it's not enough.
CHATTERJEE: They did beef up their pipeline security operations. But clearly, as evidenced by this incident, there's more work to be done.
NAYLOR: Rob Knake says right now, we don't really know if there are ongoing cyber incidents with other pipelines.
KNAKE: The most important thing that TSA needs to do is set requirements for pipelines to notify the agency of any new incidents that are occurring and then to have the authority to investigate those incidents.
NAYLOR: Democratic Congressman Jim Langevin of Rhode Island worries that an attack on, say, natural gas pipelines or the electric grid in the middle of winter could lead to widespread economic damages and even loss of life.
JIM LANGEVIN: This whole incident with Colonial should be a wake-up call to everyone, including regulators and the government and American people that our critical infrastructure is incredibly vulnerable.
NAYLOR: Langevin is co-sponsor of one of several measures before Congress aimed at strengthening the TSA's hand in oversight of pipeline security.
Brian Naylor, NPR News.
(SOUNDBITE OF EL TEN ELEVEN'S "FANSHAWE") Transcript provided by NPR, Copyright NPR.