The continued expansion of pipeline construction plans detailed in this issue’s special report, “Worldwide Pipeline Construction,” p. 48, brings with it an increased need to keep the resulting networks operating safely and efficiently. Regular maintenance, stringent integrity management, and an increased focus on preventing inadvertent third-party damage help address this need. No less important, however, is protecting the expanding transportation infrastructure from intentional attack.
Toward this end, the US Department of Homeland Security’s Transportation Safety Administration is overseeing a number of pipeline security initiatives falling under the umbrella of DHS’s National Infrastructure Protection Plan (NIPP).
Web course
Earlier this month, DHS debuted “Introduction to the National Infrastructure Protection Plan (IS-860),” a web-based course developed jointly with the Federal Emergency Management Agency. The course is offered through FEMA’s Emergency Management Institute’s online learning center and can be taken either for credit or less formally. Those who take the course for credit will take a final examination and receive a certificate from DHS.
The primary goal is to explain the importance of protecting the US’s critical infrastructure and key resources (CI-KR). The course includes lessons that:
- Describe how the NIPP provides the unifying structure for integrating CI-KR protection efforts into a single national program.
- Define CI-KR and protection in the context of the NIPP.
- Identify the relevant authorities and roles of NIPP security partners.
- Describe how using the risk management framework ensures protection within and across CI-KR sectors.
- Identify the risk management activities implemented by NIPP security partners.
- Explain how the NIPP fosters information-sharing, provides guidance on the content of CI-KR protection-related aspects of homeland security plans, and helps to ensure a long-term effective, efficient CI-KR protection program.
Course IS-860 is available at http://www.training.fema.gov/emiweb/IS/is860.asp.
TSA also plans to develop and distribute a Security Awareness Training compact disc (CD-1) to interested pipeline companies.
As part of its Corporate Security Review Program, TSA has reviewed numerous pipeline systems, analyzing various aspects of each company’s security programs. This process prompted development of CD-1, TSA having determined that improved security awareness training for pipeline company employees would be useful.
Besides making CD-1 available to pipeline companies that wish to use it, TSA will seek voluntary feedback from these companies and use the results to guide future pipeline transportation security initiatives.
TSA will conduct data collection for 2-3 years to allow for full distribution of CD-1 across the industry and for participating companies to complete full training cycles.
A mid-August 2006 security breach at KeySpan Corp.’s LNG facility in Lynn, Mass., prompted the US Pipeline and Hazardous Materials Administration to release an advisory reminding operators of LNG terminals, peak-shaving plants, pipelines, and other facilities of the need to implement security measures to stop intruders.
According to PHMSA, “Investigation revealed that the intruders had cut through the outer and inner perimeter fences and through the locked gate and gained access to the storage tank several days before the breach was discovered. A microwave intrusion system documented the intrusions on the computer monitoring system, which should have alerted operator personnel to the intrusion. Operator personnel did not respond. In the days following, personnel conducted several routine visual inspections of the area without noting the cuts in the fences. Although there was also video surveillance of the perimeter, personnel did not review the tape until they investigated the breach.”
In this context, the need for training materials such as CD-1 is clear. But security is an ongoing process, and training materials need to be evaluated to ensure their effectiveness.
Assessing effects
TSA intends to use the information gathered in its survey of CD-1 users to assess the effect of the project on raising the baseline level of security awareness within the pipeline industry. It also hopes to gain an indication of CD-1 participation levels.
TSA estimates that an average of 300 companies/year will provide feedback on CD-1. It further estimates that the average time needed to respond to its survey will be 20 min. Done twice a year means 40 min/year spent on helping improve an industry-wide security awareness program.
Neither CD-1 nor IS-860 is by any means a panacea. Security, by its nature, is immune to such cures. But it is the 20 min budgeted here and there over the course of a year that will make a measurable difference.