Summary

Designates the Transportation Security Administration (TSA) as the federal lead for securing pipeline transportation and pipeline facilities against cybersecurity threats, terrorism, and other security risks, working with the Cybersecurity and Infrastructure Security Agency (CISA) as appropriate. The TSA must create and update NIST‑Framework‑consistent guidance, issue security directives or regulations, share threat information, inspect and assess operator implementation, and rank pipeline security risks. Requires TSA to hold an industry day within one year, report to Congress at least every two years, and produce a personnel strategy within 180 days (developed with CISA) that assesses cybersecurity staffing and resource needs; the Government Accountability Office (GAO) must review implementation within two years.

• Designates TSA as the federal lead for pipeline cybersecurity and physical security, coordinating with CISA as appropriate.
• Requires TSA to issue NIST‑Framework‑consistent guidance and, where needed, promulgate security directives or regulations for pipeline systems and facilities.
• Mandates TSA inspections and assessments of owner/operator implementation, including inspections of facilities owners/operators designate as critical.
• Requires TSA to share threat information with federal and private stakeholders and to hold an industry day within one year.
• TSA must deliver a personnel strategy within 180 days to assess and expand cybersecurity staff and resource needs, developed in consultation with CISA.
• TSA must report at least biennially to congressional committees on guidance, inspections, risk rankings, and other activities.
• GAO must review TSA’s implementation within two years, providing an external accountability check.
• Does not include specific appropriations — implementing activities may need additional funding or appropriation action.