Summary — H.R. 5062, "Pipeline Security Act"
Status and sponsors
- Introduced in House: August 29, 2025 (Rep. Julie Johnson, primary; cosponsors Rep. Carlos Gimenez and Rep. Robert Garcia).
- Committee: Referred to House Committee on Homeland Security; ordered favorably reported 9/3/2025 (vote 22–0). Reported to House (H. Rept. 119‑376) and placed on the Union Calendar 11/12/2025.
- Classification: Federal bill to amend the Implementing Recommendations of the 9/11 Commission Act of 2007.
Purpose and intent
- Codify and clarify the Transportation Security Administration’s (TSA) statutory role as the lead federal agency responsible for securing pipeline transportation and pipeline facilities against cybersecurity threats, acts of terrorism, and other security threats — in consultation with the Cybersecurity and Infrastructure Security Agency (CISA).
Key provisions
- New statutory section (added to subtitle D of title XV of the Implementing Recommendations of the 9/11 Commission Act of 2007):
- Explicitly assigns TSA responsibility for security of pipeline transportation and facilities (definitions cross‑referenced to 49 U.S.C. §60101).
- Requires TSA to develop, update, and maintain security guidelines aligned with the NIST Cybersecurity Framework and to promulgate additional security directives or regulations as necessary.
- Requires sharing of guidelines, directives, and—where appropriate—intelligence/information with federal, state, local, Tribal, territorial entities and private sector stakeholders.
- Directs TSA to assess, inspect, and—if warranted—inspect pipeline owners’/operators’ security policies, plans, practices, and training; to identify and rank relative security risks; and to inspect facilities designated as critical by owners/operators or under TSA guidance.
- Mandates stakeholder engagement (at least one industry day within one year of enactment).
- Oversight and reporting:
- Biennial reporting requirement to the House Committee on Homeland Security and Commerce Committees and Senate Homeland Security committees on TSA pipeline security activities.
- Requires TSA to develop a personnel strategy within 180 days of enactment (in consultation with CISA) to ensure adequate cybersecurity expertise and workforce capacity. Strategy may draw on existing DHS/TSA workforce and cybersecurity plans.
- Government Accountability Office (GAO) review of TSA implementation (report language in Committee report indicates GAO review within two years).
Who would be affected
- TSA (expanded/clarified statutory authorities and responsibilities).
- CISA (consultation and coordination role).
- Pipeline owners/operators and their employees — potentially subject to new TSA guidance, security directives, inspections, and information‑sharing requirements.
- State, local, Tribal, and territorial authorities involved in pipeline security coordination.
- Congress and GAO (oversight responsibilities).
Potential impacts and considerations
- Provides statutory clarity and accountability for federal pipeline security leadership, strengthening interagency coordination on cybersecurity and physical threats to pipeline infrastructure.
- May drive TSA hiring/training and program resource needs (personnel strategy) and could impose operational or compliance costs on pipeline operators depending on the content of future TSA directives/regulations.
- Aims to align pipeline security practice with national cybersecurity standards (NIST) and increase information sharing between government and industry.
- The Committee report includes a Congressional Budget Office estimate (contained in H. Rept. 119‑376); specific budgetary impacts depend on implementation decisions and any appropriations.
Relevant timeline highlights
- TSA must convene at least one industry day within one year of enactment.
- TSA must deliver a personnel strategy within 180 days of enactment.
- Biennial reports thereafter; GAO review to follow within approximately two years per the Committee report.