Thanks to a posting at the ChemicalSecurity blog I had a chance this weekend to review a recent Congressional Research Services report on US pipeline safety and security. This is a good overview of the current state of the regulation of various hazardous material pipelines in the United States. Most of the security issues identified in the report have been discussed in various postings here, but this is a valuable one-stop summary of a lot of valuable information.
One issue covered in some detail here needs to be emphasized, the current shortage of pipeline safety and security inspectors. The relative small size of the Federal inspection force in both PHMSA and TSA is addressed, but the report also addresses an issue that I haven’t seen specifically addressed to date and that is the State pipeline safety inspection force.
In order to justify the small size of the PHMSA inspection force, the federal government (both DOT and Congress) have long relied on inspectors from the various States to pick up a large part of the pipeline inspection work load. With this in mind the report notes (page 18, Adobe 22) that “another important consideration is how the number of state inspectors might be affected by budget shortfalls and possible agency funding cuts faced by many states due to the recent U.S. economic recession”. The report goes on to warn that:
“Nonetheless, the future availability of state pipeline safety inspectors remains uncertain. In particular, the possibility that some states may choose to end their roles as agents for the federal pipeline safety program—or that states may lose federal pipeline safety program certification for performance reasons—and thereby shift a greater burden for pipeline inspections back to the federal government, may warrant continued attention from Congress.”
While Congress has attempted to address this issue with a grant program to help fund the State programs, that program has been underfunded. Of more concern than the underfunding is the fact that, according to the report, the limited funds available in the grant program have not all been dispersed.
Pipeline SCADA Systems
One of the major new initiatives being pursued by PHMSA (at the direction of Congress) is expanding the requirements for using automated shutoff valves on various pipelines. The report notes (page 23, Adobe 27) that this “may require associated investments in supervisory control and data acquisition (SCADA) systems”. They go on to note that the cost estimates upon which the ASV requirements have been based may need to be revised to include the costs of the SCADA systems to support them. They go on to note:
“These costs may also include significant reliability and security components, since increasing reliance upon new or expanded SCADA systems may also expose pipeline systems to greater risk from operating software failure or cyberterrorism.”
Since remote shutoff valves are by definition not co-located with the control system, the communications requirements for the system places another level of potential attack surface on the control system. That plus the cost of physical security to protect the remote node of the system from a hands-on hack adds additional complications to the fielding of these safety devices.
Good System Overview
The researchers at CRS have done another good job of defining the issues involved in a complex regulatory environment. This report is certainly worth the read by anyone involved in pipeline safety or security; Congressional staffs in particular.