From the U.S. Government Accountability Office, www.gao.gov Transcript for: TSA's Pipeline Security Program Description: In addition to airline security, the Transportation Security Administration is also responsible for securing the nation's nearly 3-million-mile pipeline system carrying oil, natural gas, and other resources. This episode of the watchdog report explores this TSA function. Related GAO Work: GAO-19-48: Critical Infrastructure Protection: Actions Needed to Address Significant Weaknesses in TSA's Pipeline Security Program Management Released: December 2018 [ Background Music ] [ Chris Currie: ] You can't secure everything all at one time with a snap of a finger. [ Matt Oldham: ] Welcome to GAO's Watchdog Report, your source for news and information from the U.S. Government Accountability Office. I'm Matt Oldham. More than two and a half million miles of pipeline carry oil, natural gas, and other products throughout the United States. Its critical infrastructure that is vulnerable to accidents, operating errors, and both physical and cyber attacks. And the Transportation Security Administration is primarily responsible for overseeing the security of this interstate system. I'm with Chris Currie, a Homeland Security and Justice director, who led a GAO Report assessing the TSA's efforts to ensure the security of these pipelines. Chris, is the TSA doing everything it could to prevent accidents or attacks? [ Chris Currie: ] Well we found that TSA's doing a number of things but the bottom line is we're nowhere close to where we need to be in this area yet. TSA's issued security guidelines to pipeline operators. These are voluntary guidelines. These aren't strict regulations. And also it assesses the most critical pipeline facilities in the country. So it's done a number of things. However, unfortunately, we found that, you know, most of TSA's efforts and resources in this area have varied wildly since 2010 which is the timeframe we looked at. For example, in 2015, TSA had one person dedicated to pipeline security compared to other things it does like aviation security. [ Matt Oldham: ] So what are the risks involved here? I mean as you said one person is in charge of pipeline security at the TSA and a lot of these guidelines are voluntary. What risks are we running without addressing this? [ Chris Currie: ] Well pipelines, they're often referred to as the veins of our economy. They transport commodities and energy that fuel our entire country. We couldn't live without them. So as you can imagine, they're lucrative targets to terrorists or just those that want to sabotage them because they don't agree with their existence or their construction. So they're at risk of physical attacks such as explosives and firearms or blow torches. That has actually happened. Also increasingly more at risk of virtual or cyber attacks. Like most other critical infrastructure systems, pipelines rely on very sophisticated and networked computer systems that are more vulnerable to these types of attacks. [ Matt Oldham: ] So looking at the TSA, what are some of the problems they're facing? [ Chris Currie: ] One of the things that raised concerns for us particularly is we actually looked at pipeline security back in 2010. We issued a report at that time with, I think, over eight recommendations. We were very surprised and concerned to find that we revisit -- when we revisited this issue recently, not much progress had been made over the years in some of these areas. So that concerns us very much. We would expect to see incremental progress over the years particularly if we've done a comprehensive review. And we haven't seen it. [ Background Music ] [ Matt Oldham: ] So it sounds like some of the issues that TSA has had to contend with is maybe not as much as personnel to address this issue as they would have for other things like flight security. And that some of their methods and guidelines haven't been updated in years. So did your team have any recommendations? [ Chris Currie: ] We actually had 10 recommendations. I won't talk about all of them. One of them is obviously they need to assess their workforce needs in this area compared to other areas and determine if they're dedicating the right amount of resources and people to this type of thing. Also, you know they need to update their process for assessing risks to these systems. Cybersecurity's a great example and this gets into the workforce issue too. Assessing what needs and expertise it needs the staff to have in cybersecurity. As you can imagine there's a constant need to have your information and your training evolve to address current threats and they don't incorporate that into their workforce plan. So that's going to be critical as they move forward. [ Matt Oldham: ] And lastly, what do you believe is the bottom line of the report? [ Chris Currie: ] You know I think two big takeaways from this report. First, pipelines are very critical infrastructure and it's important that the federal government dedicate the right resources and attention to safeguard them. The second piece is like other critical infrastructure sectors in this country, pipelines and the energy sector, in general, are huge and complicated. [ Background Music ] You know you can't secure everything all at one time with a snap of a finger. So it's important to focus our limited resources on the most critical assets. [ Matt Oldham: ] Chris Currie is a Homeland Security and Justice director with GAO and he was talking about a GAO report on TSA's oversight role of the nation's pipeline security. Thank you for your time, Chris. [ Chris Currie: ] Thank you. [ Background Music ] [ Matt Oldham: ] And thank you for listening to the Watchdog Report. To hear more podcasts, subscribe to us on Apple Podcasts. [ Background Music ] [ Matt Oldham: ] For more from the congressional watchdog, the U.S. Government Accountability Office, visit us as gao.gov.