Cybersecurity threats to U.S. gas pipelines call for stricter oversight

The big picture: FERC has the authority to issue certificates for new interstate gas pipelines and to set their rates, but not to regulate their security. That charge falls to the Transportation Security Administration (TSA), the same agency that oversees 851 million aviation passengers per year, 138,000 miles of railroad track and 4 million miles of highway.

In May 2017, TSA confirmed that it had just 6 full-time employees tasked with securing the more than 2.7 million miles of natural gas, oil and hazardous liquid pipelines that traverse the country. Moreover, despite having the authority to enforce mandatory cybersecurity standards, the TSA relies on voluntary ones.

Given the high stakes, Congress should vest responsibility for pipeline security with an agency that fully comprehends the energy sector and has sufficient resources to address this growing threat. The Department of Energy (DOE) could be an appropriate choice: It is the Sector-Specific Agency for energy security and recently created its own cybersecurity office.

The ultimate regulator must have the statutory authority, resources and commitment to implement mandatory standards, as FERC has done for the electric grid for more than a decade. While the electric sector presents different operational risks, the essential starting point for these reforms is standards that are both mandatory and tailored to the pipeline network's greatest threats.

The bottom line: U.S. energy consumers depend on the electric grid. Its safety and security demand smart, effective, and up-to-date threat protections.

Neil Chatterjee and Richard Glick are both Commissioners at the FERC.