Wednesday, January 12, 2011

TSA Pipeline Guideline Upgrade

Yesterday I discussed the recently issued TSA Pipeline Security Guidelines. I explained that it is a pretty generic document that is internally described as being risk based. To some extent it is since there is a discussion of baseline and enhanced security measures and the risk differentiation is based upon the criticality of the facility. There is no discussion of different levels of security based upon the risk the pipeline facility poses to neighbors as does the CFATS program.

The only real discussion of risk-based security measures is found in the last chapter of the Guidelines. This chapter provides a very (VERY) brief description of the Homeland Security Advisory System (HSAS) and then it states:

“TSA has developed a supplement to this document containing a series of progressive security measures to reduce vulnerabilities to pipeline systems and facilities during periods of heightened threat conditions and to establish a consistent security posture within the pipeline industry. This supplement is unclassified but sensitive and is marked as Sensitive Security Information (SSI). The password-protected document may be obtained by email request to”
I have reviewed a copy of this supplemental document and it is an interesting series of security recommendations for each of the five levels of heightened threat conditions. The way it was written it theoretically assumes that security measures were adopted at a threat condition below blue and provides a brief description of the escalation of those security measures as the threat level increases.

I would like to provide my readers with additional information and a discussion of the measures described, but this document is clearly marked as ‘Sensitive Security Information’ and I don’t need to run afoul of the folks at DHS over such a discussion. I will recommend that anyone with any responsibility for pipeline security should contact the folks at Pipeline Security at TSA for a copy of the document.

Misuse of SSI Markings

I think that TSA has little justification for marking this document as ‘Security Sensitive Information’. First the security measures listed are not associated with any facility. Since the Pipeline Security Guidelines that this document supplements is a purely voluntary program there is no requirement for any particular facility to implement these particular security measures.

Furthermore, all of the security measures discussed are generic enough that the general availability of the information would provide little useable information for a terrorist planning an attack on a facility implementing these measures.

Finally, I don’t understand how the security measures described in a similar level of detail in the unmarked Pipeline Security Guidelines are substantially less sensitive than the measures described in this document. Those initial security measures are not considered by TSA to be SSI, why should these?

Overly restricting access to important security information is counter productive. People have a natural tendency to share information and when it is obviously over classified as is this document it allows people to self-justify ignoring the security markings. Once that happens is becomes easier for that individual to ignore those markings on other documents.

The other thing that it does is to stifle legitimate discussion of marked information. There are many items in this document that I would normally specifically address in this blog. That discussion would include pointing out some measures that are in my opinion less than adequate with suggestions for improving upon the measures. Because of the markings on this document I am prohibited from initiating that discussion.

Inadequate Markings

I spent a great deal of time in my Army career handling classified documents. There were extensive rules for handling and marking those documents. One of those rules required the marking of individual paragraphs in a classified document with the security classification of the information in that paragraph when there was information in the document with varying levels of security classification. This made it clear what information could be disclosed in varying security environments.

Chemical-Terrorism Vulnerability Information (CVI) authorized users will recognize this requirement as it is included in the rules for handling and marking that information. CVI and SSI are similar in their general scope and requirements, but agencies and individuals applying SSI markings do not have access to the same level of document handling guidance that the CFATS community does in its CVI Procedures Manual. So there is no particular requirement to include paragraph markings in SSI documents.

Having said that I would like to propose that, once again, the failure to mark uncontrolled information within a document makes it easier for individuals to self-justify ignoring the markings in general. This subverts the intent of the SSI markings. For example, since the title of this TSA document is on an SSI marked page and there are no markings on the title noting that it is not SSI, I am prohibited from publishing the name of the document. This is patently silly, and it sorely tempts my rebellious side to publish the title in spite, but I will refrain. How many others won’t?

No comments:

/* Use this with templates/template-twocol.html */