81 FR 89183 - Pipeline Safety: Safeguarding and Securing Pipelines From Unauthorized Access
DEPARTMENT OF TRANSPORTATION
Pipeline and Hazardous Materials Safety Administration Federal Register Volume 81, Issue 237 (December 9, 2016)
Pipeline and Hazardous Materials Safety Administration
Federal Register Volume 81, Issue 237 (December 9, 2016)
| Page Range | 89183-89184 | |
| FR Document | 2016-29500 |
[Federal Register Volume 81, Number 237 (Friday, December 9, 2016)] [Notices] [Pages 89183-89184] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2016-29500] ----------------------------------------------------------------------- DEPARTMENT OF TRANSPORTATION Pipeline and Hazardous Materials Safety Administration [Docket No. PHMSA-2016-0137) Pipeline Safety: Safeguarding and Securing Pipelines From Unauthorized Access AGENCY: Pipeline and Hazardous Materials Safety Administration (PHMSA); DOT. ACTION: Notice; issuance of Advisory Bulletin. ----------------------------------------------------------------------- SUMMARY: PHMSA is issuing this Advisory Bulletin in coordination with the Department of Homeland Security's (DHS), Transportation Security Administration (TSA), to remind all pipeline owners and operators of the importance of safeguarding and securing their pipeline facilities and monitoring their Supervisory Control and Data Acquisition (SCADA) systems for abnormal operations and/or indications of unauthorized access or interference with safe pipeline operations. Additionally, this Advisory Bulletin is to remind the public of the dangers associated with tampering with pipeline system facilities. This Advisory Bulletin follows recent incidents in the United States that highlight threats to oil and gas infrastructure. On October 11, 2016, several unauthorized persons accessed and interfered with pipeline operations in four states, creating the potential for serious infrastructure damage and significant economic and environmental harm, as well as endangering public safety. While the incidents did not result in any damage or injuries, the potential impacts emphasize the need for increased awareness and vigilance. FOR FURTHER INFORMATION CONTACT: Operators of pipelines subject to regulation by DOT, PHMSA, should contact Nathan A. Schoenkin by phone at 202-366-4774 or by email at [email protected]. Information about PHMSA may be found at http://phmsa.dot.gov. Pipeline operators with questions on TSA's Pipeline Security Guidelines should contact Steven Froehlich by phone at 571-227-1240 or by email at [email protected]. SUPPLEMENTARY INFORMATION: I. Background Incident Details On Tuesday October 11, 2016, individuals contacted four pipeline operators informing them they would shut down the pipelines used to transport crude oil from Canada to the United States. The operators (Enbridge, Kinder Morgan, Spectra Energy, and TransCanada) took steps to prevent damage to the pipelines and contacted local and federal law enforcement. The individuals cut the chains and padlocks at valve sites near Leonard, Minnesota; Burlington, Washington; Eagle Butte, Montana; and Wahalla, North Dakota. The individuals then closed valves on Enbridge's Lines 4 and 67, Spectra Energy's Express Pipeline, and TransCanada's Keystone Pipeline. The Kinder Morgan Trans Mountain's Puget Sound Pipeline was not operating at the time. Several individuals were arrested by local law enforcement. Had the pipeline operators not shut down their lines in response to the threats, a pipeline rupture could have occurred. A pipeline rupture due to tampering with valves can have significant consequences such as death, injury, and economic and environmental harm. Pipeline Safety and Security PHMSA and TSA have a mutual interest in ensuring coordinated, consistent, and effective activities that improve interagency cooperation on transportation security and safety matters. PHMSA focuses on the safety of the Nation's pipelines and administers the pipeline safety regulatory program (49 CFR part 190-199). TSA focuses on the security of the Nation's pipelines and has authored Pipeline Security Guidelines for operators available online at https://www.tsa.gov/sites/default/files/tsapipelinesecurityguidelines-2011.pdf. II. Advisory Bulletin (ADB-2016-06) To: Owners and Operators of Hazardous Liquid, Carbon Dioxide and Gas Pipelines Subject: Safeguarding and Securing Pipelines from Unauthorized Access Advisory: PHMSA is issuing this Advisory Bulletin in coordination with TSA to remind all pipeline owners and operators of the importance of safeguarding and securing their pipeline facilities and monitoring their SCADA systems for abnormal operations and/or indications of unauthorized access or interference with safe pipeline operations. Additionally, this Advisory Bulletin is to remind the public of the dangers associated with tampering with pipeline system facilities. If You See Something, Say SomethingTM Tampering with pipeline facilities can have deleterious effects on the safety of the Nation's pipeline system. Tampering or acts of sabotage can also lead to the loss of life, injury, and significant harm to the economy and environment. At 49 CFR 190.291, any person that willingly and knowingly injures or destroys, or attempts to injure or destroy a pipeline facility is subject to a fine in Title 18 of the United States Code and imprisonment for a term not to exceed 20 years for each offense. Individuals are reminded that ``If you See Something, Say Something''TM applies to the safety and security of our national pipeline infrastructure. Individuals that see something suspicious should reach out to their local law enforcement. Informed, alert communities play a vital role in keeping our Nation's energy infrastructure safe. Emphasizing that ``Homeland Security Starts with Hometown Security,'' DHS encourages businesses to ``Connect, Plan for, Train, and Report''. Tools and resources to help businesses plan, prepare, and protect themselves from suspicious activities or attacks are located online at https://www.dhs.gov/hometown-security. Relationships With Local Law Enforcement PHMSA reminds pipeline operators that a strong relationship with local law enforcement is extremely beneficial for safe pipeline operations. Two-way communications between operators and law enforcement can help to stop threats before they occur. Relationships should be cultivated well in advance of an incident to facilitate mutually dependable communication during an incident. [[Page 89184]] Increased Security Patrols Pipeline operators should consider increasing the frequency of security patrols along their right of ways. Operators may want to consider the use of new technologies to aid in pipeline security patrols, such as unmanned aerial systems if authorized in the areas of operation. Frequent patrols may help inform pipeline companies of individuals who regularly congregate near a pipeline, or of potentially unsafe conditions at a valve or pump station. Information regarding suspicious individuals should be promptly forwarded to federal, state, and local law enforcement. Protection of Facilities PHMSA's Office of Pipeline Safety requires pipeline operators to provide protection for valves on hazardous liquid pipelines at 49 CFR 195.420(c). Additionally, at 49 CFR 195.436, hazardous liquid pipeline operators are required to provide protection for each pumping station, breakout tank area, and other exposed facility from vandalism and unauthorized entry. Furthermore, at 49 CFR 192.179(b)(1), natural and other gas pipeline operators must ensure that the valve and operating device to open or close the valve must be protected from tampering and damage. PHMSA recommends that pipeline operators review their valve and facility protection measures and consider taking additional steps to secure them. Operators should evaluate what type of locks and security fences are being used at valve stations and if they are capable of preventing unauthorized personnel from gaining access to pipeline valve facilities. Pipeline operators may choose to make mechanical operation of valves more difficult without proper equipment. The use of deterrent text and signage at pipeline facilities may be beneficial to decrease acts of sabotage against a pipeline facility. The text should include the potential consequences if a valve is closed improperly and a rupture was to occur. Additionally the deterrent text should include reference to the PHMSA regulation found at 49 CFR 190.291 discussing the criminal penalties for tampering with pipeline facilities. Remote facilities should consider equipping the facilities with motion sensing cameras and/or motion detectors to alert control centers of tampering. SCADA System Monitoring Due to the criticality of SCADA systems in the safe operations of a pipeline, operators should have strong protocols in place to ensure the systems will not be tampered with. SCADA systems can be tampered with or disabled by a physical or cyber vector. PHMSA is aware of prior intrusion attempts on pipeline infrastructure. An operator should harden physical and software borders around SCADA systems to limit the risk to the safe operation of pipelines. The following methods can be used to harden the software and physical borders around the SCADA system: (1) Segregating the control system network from the corporate network; (2) Limiting remote connection ports to the control system, and if necessary requiring token-based authentication to gain access; (3) Adding physical protection around remote sites with SCADA network access; (4) Enhancing user access control on SCADA system networks and devices and limiting access to critical system to individuals with a safety/business need; and [5] Employing application whitelisting and strict policies on peripheral devices (to include removable media, printers, scanners, etc.) connected to the SCADA network. Furthermore, DHS's Industrial Control System Cyber Emergency Response Team (ICS-CERT) developed a guidance document titled: ``Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies.'' The document provides guidance for developing mitigation strategies for specific cyber threats and direction on how to create a Defense-in-Depth security program for control system environments, and is available online at https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf. Incident and Accident Reporting Operators are reminded that incidents and accidents must be promptly reported to the appropriate federal, state, and local agency. Requirements for immediate notification of certain incident and accident reporting requirements are found at 49 CFR 191.5 and 195.52. Furthermore, since tampering with a pipeline can lead to a release, PHMSA recommends that operators should contact the National Response Center by telephone to 800-424-8802 (in Washington, DC, 202-267-2675) following any physical security event that may interfere with the safe operation of a pipeline. Please note only ``unclassified'' incident details should be reported by phone to the National Response Center. TSA recommends in its Pipeline Security Guidelines that pipeline operators notify the Transportation Security Operations Center via phone at 866-615-5150 or email at [email protected] as soon as possible to report security concerns or suspicious activity. Furthermore it is recommended that pipeline operators notify DHS's ICS-CERT if the operator has an Industrial Control System concern with a cyber security nexus. Operators can report to ICS-CERT by emailing [email protected] or by calling 877-776-7585. PHMSA has coordinated with several components within DHS and the Department of Energy on this Advisory Bulletin. Issued in Washington, DC, on December 5, 2016, under authority delegated in 49 CFR 1.97. Alan K. Mayberry, Acting Associate Administrator for Pipeline Safety. [FR Doc. 2016-29500 Filed 12-8-16; 8:45 am] BILLING CODE 4910-60-P
![Federal Register / Vol. 81, No. 237 / Friday, December 9, 2016 / Notices 89183
until the period of availability expires, harm, as well as endangering public default/files/
the funds are fully expended, the funds safety. While the incidents did not tsapipelinesecurityguidelines-2011.pdf.
are rescinded by Congress, or the funds result in any damage or injuries, the
II. Advisory Bulletin (ADB–2016–06)
are otherwise reallocated. To meet potential impacts emphasize the need
program oversight responsibilities, FTA for increased awareness and vigilance. To: Owners and Operators of
must continue to collect information Hazardous Liquid, Carbon Dioxide and
FOR FURTHER INFORMATION CONTACT:
until the period of availability expires, Gas Pipelines
Operators of pipelines subject to Subject: Safeguarding and Securing
the funds are fully expended, the funds regulation by DOT, PHMSA, should
are rescinded by Congress, or the funds Pipelines from Unauthorized Access
contact Nathan A. Schoenkin by phone Advisory: PHMSA is issuing this
are otherwise reallocated. at 202–366–4774 or by email at
Respondents: States, Metropolitan Advisory Bulletin in coordination with
Nathan.Schoenkin@dot.gov. TSA to remind all pipeline owners and
Planning Organizations, and Local Information about PHMSA may be
Governmental Authorities. operators of the importance of
found at http://phmsa.dot.gov. Pipeline safeguarding and securing their pipeline
Estimated Annual Burden on operators with questions on TSA’s
Respondents: 15 hours for each of the facilities and monitoring their SCADA
Pipeline Security Guidelines should systems for abnormal operations and/or
respondents. contact Steven Froehlich by phone at
Estimated Total Annual Burden: 303 indications of unauthorized access or
571–227–1240 or by email at interference with safe pipeline
hours. Steven.Froehlich@tsa.dhs.gov.
Frequency: Annual. operations. Additionally, this Advisory
SUPPLEMENTARY INFORMATION: Bulletin is to remind the public of the
William Hyre, dangers associated with tampering with
I. Background
Deputy Associate Administrator for pipeline system facilities.
Administration. Incident Details
If You See Something, Say SomethingTM
[FR Doc. 2016–29505 Filed 12–8–16; 8:45 am]
On Tuesday October 11, 2016, Tampering with pipeline facilities can
BILLING CODE P
individuals contacted four pipeline have deleterious effects on the safety of
operators informing them they would the Nation’s pipeline system. Tampering
DEPARTMENT OF TRANSPORTATION shut down the pipelines used to or acts of sabotage can also lead to the
transport crude oil from Canada to the loss of life, injury, and significant harm
Pipeline and Hazardous Materials United States. The operators (Enbridge, to the economy and environment. At 49
Safety Administration Kinder Morgan, Spectra Energy, and CFR 190.291, any person that willingly
TransCanada) took steps to prevent and knowingly injures or destroys, or
[Docket No. PHMSA–2016–0137) damage to the pipelines and contacted attempts to injure or destroy a pipeline
local and federal law enforcement. The facility is subject to a fine in Title 18 of
Pipeline Safety: Safeguarding and individuals cut the chains and padlocks
Securing Pipelines From Unauthorized the United States Code and
at valve sites near Leonard, Minnesota; imprisonment for a term not to exceed
Access Burlington, Washington; Eagle Butte, 20 years for each offense. Individuals
AGENCY: Pipeline and Hazardous Montana; and Wahalla, North Dakota. are reminded that ‘‘If you See
Materials Safety Administration The individuals then closed valves on Something, Say Something’’TM applies
(PHMSA); DOT. Enbridge’s Lines 4 and 67, Spectra to the safety and security of our national
ACTION: Notice; issuance of Advisory Energy’s Express Pipeline, and pipeline infrastructure. Individuals that
Bulletin. TransCanada’s Keystone Pipeline. The see something suspicious should reach
Kinder Morgan Trans Mountain’s Puget out to their local law enforcement.
SUMMARY: PHMSA is issuing this Sound Pipeline was not operating at the Informed, alert communities play a vital
Advisory Bulletin in coordination with time. Several individuals were arrested role in keeping our Nation’s energy
the Department of Homeland Security’s by local law enforcement. infrastructure safe. Emphasizing that
(DHS), Transportation Security Had the pipeline operators not shut ‘‘Homeland Security Starts with
Administration (TSA), to remind all down their lines in response to the Hometown Security,’’ DHS encourages
pipeline owners and operators of the threats, a pipeline rupture could have businesses to ‘‘Connect, Plan for, Train,
importance of safeguarding and securing occurred. A pipeline rupture due to and Report’’. Tools and resources to
their pipeline facilities and monitoring tampering with valves can have help businesses plan, prepare, and
their Supervisory Control and Data significant consequences such as death, protect themselves from suspicious
Acquisition (SCADA) systems for injury, and economic and activities or attacks are located online at
abnormal operations and/or indications environmental harm. https://www.dhs.gov/hometown-
of unauthorized access or interference security.
Pipeline Safety and Security
with safe pipeline operations.
Additionally, this Advisory Bulletin is PHMSA and TSA have a mutual Relationships With Local Law
to remind the public of the dangers interest in ensuring coordinated, Enforcement
associated with tampering with pipeline consistent, and effective activities that PHMSA reminds pipeline operators
system facilities. improve interagency cooperation on that a strong relationship with local law
This Advisory Bulletin follows recent transportation security and safety enforcement is extremely beneficial for
incidents in the United States that matters. PHMSA focuses on the safety of safe pipeline operations. Two-way
mstockstill on DSK3G9T082PROD with NOTICES
highlight threats to oil and gas the Nation’s pipelines and administers communications between operators and
infrastructure. On October 11, 2016, the pipeline safety regulatory program law enforcement can help to stop threats
several unauthorized persons accessed (49 CFR part 190–199). TSA focuses on before they occur. Relationships should
and interfered with pipeline operations the security of the Nation’s pipelines be cultivated well in advance of an
in four states, creating the potential for and has authored Pipeline Security incident to facilitate mutually
serious infrastructure damage and Guidelines for operators available dependable communication during an
significant economic and environmental online at https://www.tsa.gov/sites/ incident.
VerDate Sep<11>2014 18:13 Dec 08, 2016 Jkt 241001 PO 00000 Frm 00142 Fmt 4703 Sfmt 4703 E:\FR\FM\09DEN1.SGM 09DEN1](https://thefederalregister.org/doc/81_FR_89420/page/1.svg)
![89184 Federal Register / Vol. 81, No. 237 / Friday, December 9, 2016 / Notices
Increased Security Patrols pipeline, operators should have strong TSA recommends in its Pipeline
Pipeline operators should consider protocols in place to ensure the systems Security Guidelines that pipeline
increasing the frequency of security will not be tampered with. SCADA operators notify the Transportation
patrols along their right of ways. systems can be tampered with or Security Operations Center via phone at
Operators may want to consider the use disabled by a physical or cyber vector. 866–615–5150 or email at TSOC.ST@
PHMSA is aware of prior intrusion dhs.gov as soon as possible to report
of new technologies to aid in pipeline
attempts on pipeline infrastructure. An security concerns or suspicious activity.
security patrols, such as unmanned
operator should harden physical and Furthermore it is recommended that
aerial systems if authorized in the areas
software borders around SCADA pipeline operators notify DHS’s ICS–
of operation. Frequent patrols may help
systems to limit the risk to the safe CERT if the operator has an Industrial
inform pipeline companies of
operation of pipelines. The following Control System concern with a cyber
individuals who regularly congregate
methods can be used to harden the security nexus. Operators can report to
near a pipeline, or of potentially unsafe
software and physical borders around ICS–CERT by emailing ics-cert@
conditions at a valve or pump station.
the SCADA system: (1) Segregating the hq.dhs.gov or by calling 877–776–7585.
Information regarding suspicious PHMSA has coordinated with several
control system network from the
individuals should be promptly corporate network; (2) Limiting remote components within DHS and the
forwarded to federal, state, and local connection ports to the control system, Department of Energy on this Advisory
law enforcement. and if necessary requiring token-based Bulletin.
Protection of Facilities authentication to gain access; (3) Issued in Washington, DC, on December 5,
Adding physical protection around 2016, under authority delegated in 49 CFR
PHMSA’s Office of Pipeline Safety
remote sites with SCADA network 1.97.
requires pipeline operators to provide
access; (4) Enhancing user access Alan K. Mayberry,
protection for valves on hazardous
control on SCADA system networks and Acting Associate Administrator for Pipeline
liquid pipelines at 49 CFR 195.420(c).
devices and limiting access to critical Safety.
Additionally, at 49 CFR 195.436,
system to individuals with a safety/ [FR Doc. 2016–29500 Filed 12–8–16; 8:45 am]
hazardous liquid pipeline operators are business need; and [5] Employing
required to provide protection for each BILLING CODE 4910–60–P
application whitelisting and strict
pumping station, breakout tank area, policies on peripheral devices (to
and other exposed facility from include removable media, printers,
vandalism and unauthorized entry. DEPARTMENT OF VETERANS
scanners, etc.) connected to the SCADA AFFAIRS
Furthermore, at 49 CFR 192.179(b)(1), network.
natural and other gas pipeline operators Furthermore, DHS’s Industrial Control
must ensure that the valve and MyVA Federal Advisory Committee;
System Cyber Emergency Response Notice of Meeting
operating device to open or close the Team (ICS–CERT) developed a guidance
valve must be protected from tampering document titled: ‘‘Recommended The Department of Veterans Affairs
and damage. PHMSA recommends that Practice: Improving Industrial Control (VA) gives notice under the Federal
pipeline operators review their valve System Cybersecurity with Defense-in- Advisory Committee Act, 5 U.S.C. App.
and facility protection measures and Depth Strategies.’’ The document 2., that the MyVA Advisory Committee
consider taking additional steps to provides guidance for developing (MVAC) will meet January 10–11, 2017,
secure them. mitigation strategies for specific cyber at the Department of Veterans Affairs,
Operators should evaluate what type threats and direction on how to create Georgetown University Lohrfink
of locks and security fences are being a Defense-in-Depth security program for Auditorium—Ground Floor,
used at valve stations and if they are control system environments, and is Georgetown McDonough School of
capable of preventing unauthorized available online at https://ics-cert.us- Business, Rafik B. Hariri Building, 37th
personnel from gaining access to cert.gov/sites/default/files/ and O Street NW., Washington, DC
pipeline valve facilities. Pipeline recommended_practices/NCCIC_ICS- 20057. The meeting is open to the
operators may choose to make CERT_Defense_in_Depth_2016_ public.
mechanical operation of valves more S508C.pdf. The purpose of the Committee is to
difficult without proper equipment. advise the Secretary, through the
The use of deterrent text and signage Incident and Accident Reporting Executive Director, MyVA Task Force
at pipeline facilities may be beneficial to Operators are reminded that incidents Office, regarding the MyVA initiative
decrease acts of sabotage against a and accidents must be promptly and VA’s ability to rebuild trust with
pipeline facility. The text should reported to the appropriate federal, Veterans and other stakeholders,
include the potential consequences if a state, and local agency. Requirements improve service delivery with a focus
valve is closed improperly and a rupture for immediate notification of certain on Veteran outcomes, and set the course
was to occur. Additionally the deterrent incident and accident reporting for longer-term excellence and reform of
text should include reference to the requirements are found at 49 CFR 191.5 VA.
PHMSA regulation found at 49 CFR and 195.52. Furthermore, since On January 10, from 8:00 a.m. to 6:00
190.291 discussing the criminal tampering with a pipeline can lead to a p.m., the Committee will convene an
penalties for tampering with pipeline release, PHMSA recommends that open session to discuss the progress on
facilities. Remote facilities should operators should contact the National and the integration of the work in the
Response Center by telephone to 800– five key MyVA work streams—Veteran
mstockstill on DSK3G9T082PROD with NOTICES
consider equipping the facilities with
motion sensing cameras and/or motion 424–8802 (in Washington, DC, 202– Experience (explaining the efforts
detectors to alert control centers of 267–2675) following any physical conducted to improve the Veteran’s
tampering. security event that may interfere with experience), Employees Experience,
the safe operation of a pipeline. Please Support Services Excellence (such as
SCADA System Monitoring note only ‘‘unclassified’’ incident information technology, human
Due to the criticality of SCADA details should be reported by phone to resources, and finance), Performance
systems in the safe operations of a the National Response Center. Improvement (projects undertaken to
VerDate Sep<11>2014 18:13 Dec 08, 2016 Jkt 241001 PO 00000 Frm 00143 Fmt 4703 Sfmt 4703 E:\FR\FM\09DEN1.SGM 09DEN1](https://thefederalregister.org/doc/81_FR_89420/page/2.svg)
Document Created: 2018-02-14 09:03:35
Document Modified: 2018-02-14 09:03:35
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice; issuance of Advisory Bulletin. | |
| Contact | Operators of pipelines subject to regulation by DOT, PHMSA, should contact Nathan A. Schoenkin by phone at 202-366-4774 or by email at [email protected] Information about PHMSA may be found at http://phmsa.dot.gov. Pipeline operators with questions on TSA's Pipeline Security Guidelines should contact Steven Froehlich by phone at 571-227-1240 or by email at [email protected] | |
| FR Citation | 81 FR 89183 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR