Politico's 2022-03-17 ‘TSA has screwed this up’: Pipeline cyber rules hitting major hurdles describes challenges to getting computer systems that control oil and gas pipelines to quickly meet requirements imposed by the Transportation Security Administration or TSA (of airport security fame) under the Biden administration.
The Biden administration has been scrambling to upgrade the digital security of U.S. critical infrastructure, from water utilities to power plants, amid heightened concerns about Russian cyberattacks stemming from the war in Ukraine. But few of the 16 critical infrastructure sectors have mandatory cyber standards, and many are regulated by agencies with little experience in this area. The TSA pipeline rules are an early test of the government’s ability to craft regulations that balance the security needed to keep out hackers with the flexibility needed to accommodate complex, idiosyncratic equipment.
Though the TSA is best known for airport security, it has a sprawling remit including mass transit systems, ports and pipelines.
Many of the TSA’s new requirements are based on protections for personal computers, not pipeline control systems, frustrating companies that aren’t sure how to comply with them. Other rules could require months or even years of painstaking upgrades that could interrupt pipeline operations. The result, companies and security experts say, is a confusing mess that has strained a once-harmonious partnership between the industry and its regulator.
It links to republicans-energycommerce.house.gov's 2021-05-18 blogpost Pipeline and LNG Cybersecurity is a Job for DOE — Not TSA. which links to a press release from same site six days earlier Energy and Commerce Committee Leaders Introduce Bipartisan Solutions to Enhance Cybersecurity for U.S. Energy Infrastructure which lists four legislative efforts, including the 116th Congress' H.R.370 - Pipeline and LNG Facility Cybersecurity Preparedness Act with a summary:
This bill requires the Department of Energy to implement a program to ensure the security, resiliency, and survivability of natural gas pipelines, hazardous liquid pipelines, and liquefied natural gas facilities.
Question: How are efforts progressing to move US oil and gas pipeline cybersecurity regulation and oversight from the TSA to the DOE?
I'm also curious about the likelihood that it will actually happen any time soon, and I think an examination of H.R.370 and related legislation may be indicative of this.