The Transportation Security Administration (TSA), the US agency in charge of the US oil and gas pipeline system, has a serious staffing issue on physical and cybersecurity positions.
According to a report published by the Government Accountability Office (GAO), a bipartisan government agency that provides auditing, evaluation, and investigative services for Congress, the TSA employs only six full-time staffers for its pipeline security branch.
These six staffers are supposed to handle both physical and cybersecurity risk assessments and reviews for more than 2.7 million miles of pipeline that carry natural gas, oil, and other hazardous products across all of the United States. Although US oil and gas pipelines are privately owned and thousands of private sector employees and contractors are providing additional security services, the TSA staff is the one who sets rules and enforces compliance, and the low number of employees tasked with pipeline security affects the system's overall security posture.
The GAO report's findings were the main topic at a House Energy Subcommittee hearing on "The State of Pipeline Safety and Security in America."
"We know ... that TSA staffing issues are a major limitation," US Representative Fred Upton (R-Michigan) said at the hearing.
"TSA has some 50,000 employees, but only a handful, that's actually a handful plus one, six, are assigned to pipeline security," Rep. Upton said. "That's not very good."
Furthermore, the GAO report also found that TSA's pipeline safety staffers are also underprepared for the issues they're facing.
"The TSA does not have a strategic workforce plan to help ensure it identifies the skills and competencies, such as the required level of cybersecurity expertise, necessary to carry out its pipeline security responsibilities," GAO investigators wrote in the report.
GAO officials said that interviews with pipeline operators and industry representatives highlighted the low level of training of the TSA's existing staff, which is in charge of enforcing security audits and compliance checks among private sector pipeline owners.
"Specifically, six of the 10 pipeline operators and three of the five industry representatives we interviewed reported that the level of cybersecurity expertise among TSA staff and contractors may challenge the Pipeline Security Branch's ability to fully assess the cybersecurity portions of its security reviews," the GAO said.