In 2002, the Department of Transportation (DOT) released the Pipeline Security Information Circular. The Circular established recommendations for improving security at pipeline facilities across the country, including to: (1) identify critical pipeline facilities; (2) develop security plans for critical facilities that is equivalent to security plans endorsed by the relevant trade association; (3) implement the plans as soon as possible; and (4) conduct annual reviews of the security plan and make changes as the need arises. Because the Circular was released before Congress passed legislation on pipeline security, the recommendations it outlined were voluntary.
In 2007, Congress addressed pipeline security in the Implementing Recommendations of the 9/11 Commission Act of 2007, instructing DHS to take the following actions:
- Establish a program for reviewing the extent to which pipeline facilities have adopted the recommendations of the Circular;
- Develop and implement a plan for inspecting and reviewing the security plans of the 100 most critical pipeline facilities;
- Implement risk assessment methodologies to identify the highest risk facilities that should be inspected first;
- Notify pipeline facilities of any security recommendations and if necessary, work with DOT to promulgate regulations;
- Develop “a pipeline security and incident recovery protocols plan” that includes a system under which the government would provide “increased security support” to the 100 most critical pipeline facilities when there is a severe or specific security threat and develop a plan for ensuring that transportation of natural gas and other hazardous liquids will be uninterrupted in the event of a security incident; and
- Within two years, provide to the appropriate Congressional committees a report regarding the “pipeline security and incident recovery protocols plan,” and a report of the private and public sector costs of implementing the recommendations.
In August 2008, pursuant to the Act, the Department of Homeland Security (DHS) and Transportation Security Administration (TSA) published a notice in the Federal Register seeking information from 125 pipeline operators in order to determine the 100 most critical pipeline facilities. Then, in July 2009, DHS/TSA published another notice seeking comments in anticipation of updating the Circular. However, rather than updating the Circular, in December 2010, TSA published Pipeline Security Guidelines which supersede the Circular. TSA then published Updated Pipeline Security Guidelines in April 2011 along with Pipeline Security Smart Practice Observations in September 2011. TSA published the most recent version of its Pipeline Security Guidelines in March 2018. In April 2021, TSA published an update to its March 2018 Guidelines which replaced Section 5 (Criticality).