Sponsors (3)
The bill aims to strengthen pipeline cybersecurity and reduce service disruptions by expanding TSA responsibilities and oversight, but it raises trade-offs in compliance costs for operators/consumers, confidentiality risks for private firms, and potential interagency overlap.
Commuters, businesses, and energy consumers will face lower risk of fuel and service interruptions because TSA will inspect, rank, and secure critical pipeline facilities and operations.
Pipeline owners/operators and federal partners will receive clear, NIST-aligned cybersecurity guidance and directives, improving pipeline defenses against cyberattacks and terrorism.
TSA and federal cybersecurity teams will build workforce capacity through a required personnel strategy, strengthening federal readiness to prevent and respond to pipeline cyber threats.
Pipeline owners/operators will incur new compliance costs to meet TSA directives and inspections, and those costs could be passed on to consumers or reflected in higher energy prices.
Increased inspections and intelligence-sharing could expose private operators' sensitive operational or proprietary information, raising confidentiality and commercial-risk concerns.
Expanding TSA authority into pipeline cybersecurity may duplicate or overlap with CISA responsibilities, creating potential interagency coordination gaps, inefficiencies, and implementation delays.
Based on analysis of 2 sections of legislative text.
Introduced August 29, 2025 by Julie Johnson · Last progress August 29, 2025
Assigns the Transportation Security Administration (TSA) primary responsibility, working with the Cybersecurity and Infrastructure Security Agency (CISA) as appropriate, to secure pipeline transportation and pipeline facilities against cybersecurity threats, terrorism, and other security risks. It directs TSA to develop NIST-aligned guidance, promulgate additional security directives or regulations as needed, inspect and assess implementation by owners/operators, share information with stakeholders, and convene industry engagement. The law also requires TSA to produce a personnel strategy within 180 days to build cybersecurity expertise, to report biennially to relevant House and Senate committees on its pipeline security activities, and requires a GAO review of implementation within two years. It adds the new authority into the implementing 9/11 Commission Act framework and updates the table of contents accordingly.