House energy panel leaders eye enforceable reliability regime for pipelines

A key US House Energy and Commerce Committee member has proposed legislation to create a new entity charged with developing enforceable reliability standards for energy products pipelines, with oversight from the Federal Energy Regulatory Commission.

Introduced Nov. 30 by Energy Subcommittee Chairman Bobby Rush, Democrat-Illinois, HR 6084 would sweep in a range of pipelines – carrying natural gas, hydrogen, petroleum and petroleum products. FERC would gain authority to approve the standards for pipeline reliability and cybersecurity, proposed by an independent entity known as the Energy Product Reliability Organization.

Rush and Energy and Commerce Chairman Frank Pallone, Democrat-New Jersey, plan a hearing on the legislation Dec. 7, with testimony from FERC Chairman Richard Glick and Energy Deputy Secretary David Turk, to kick off discussion of the proposal.

"From the Colonial Pipeline cyberattack to the winter storm that devastated Texas's natural gas infrastructure, it has never been clearer that ensuring the reliability of our nation's pipeline system is both necessary and urgent," the lawmakers said in a Nov. 30 statement. The effort would enable enforceable new standards for pipelines, "just as we have long had for the electric sector," they said.

The approach is modeled on the federal oversight structure for bulk electricity reliability under the Federal Power Act, in which FERC reviews standards proposed by the North American Electric Reliability Corp.

Glick has recently urged Congress weigh such an approach for natural gas pipelines; he made that case Nov. 18, for instance, when FERC issued its joint staff report with NERC analyzing the deadly mid-February electric grid outage.

"There is such a linkage, as was demonstrated this past winter, between gas reliability and electric reliability," he told reporters then.

The FERC/NERC staff report emphasized a need to safeguard gas-fired power plants and related pipeline infrastructure against extreme cold weather, and made multiple recommendations for gas infrastructure, noting that gas-fired generators and gas supply infrastructure are "inextricably linked."

It called on Congress, state legislatures, and other regulatory agencies, such as the Transportation Security Administration, with jurisdiction over gas pipelines to act. In particular, it said they should consider requiring safeguards for natural gas gathering and processing equipment, such as injection facilities and flow lines.

Legislative details

Under Rush's legislation, within two years FERC would certify one EPRO, provided the organization has the ability to develop and enforce reliability standards and has rules to ensure its independence from pipeline operators, although there are provisions for stakeholder input in the EPRO processes.

The standards would pertain to cybersecurity, physical security and coordination and delivery of energy products to ensure reliable generation. FERC would review proposed standards to ensure that they are just, reasonable, not unduly discriminatory, and that they are in the public interest.

The legislation also includes provisions for enforcement, allowing for penalties for violations.

While FERC would not defer to the EPRO on the impacts of standards on competition, it would give "due weight" to the organization's technical expertise on the standards.

The TSA and the Energy Department also would be consulted in the development of the rule to establish the organization, as well as in standards related to cybersecurity.

TSA efforts

The legislation comes as the TSA earlier this year stepped up efforts to protect pipelines from cybersecurity attacks in the aftermath of a May 7 ransomware attack that forced Colonial Pipeline to shut operations for nearly a week, triggering gasoline and diesel price spikes, panic-buying and supply shortages across the Southeast and East Coast.

The TSA issued a directive July 20 requiring pipelines transporting natural gas, gasoline and other hazardous liquids to put in place mitigation measures to protect against ransomware attacks.

An earlier TSA directive also required critical pipeline owners and operators to report cybersecurity incidents to the Cybersecurity & Infrastructure Security Agency, have a designated cybersecurity coordinator readily available, review their current practices for security gaps and potential mediation efforts, and report the results to the TSA and the CISA within 30 days.

INGAA concerns

The Interstate Natural Gas Association of America said Dec. 1 it has "significant concerns" about the new legislation, though it shares Rush's focus on ensuring safe, reliable and affordable energy delivery.

"The bill does not seem to reflect the strong reliability record of our nation's natural gas pipelines," the trade group said in a statement. "Further, the proposal to create an entire new energy reliability regulator risks duplicating or conflicting with existing federal and state agency regulatory authorities—including FERC, [the Pipeline and Hazardous Materials Safety Administration] and TSA—which would not enhance pipeline reliability and risks harming ongoing efforts to protect pipelines against cyber threats."