February 18, 2011 in Transportation Security Administration
TSA Office of Intelligence Pipeline Modal Threat Assessment
- 9 pages
- For Official Use Only
- January 18, 2011
(U//FOUO) The Transportation Security Administration’s (TSA’s) mission includes enhancing the security preparedness of U.S. hazardous liquid and natural gas pipeline systems. This TSA Office of Intelligence (TSA-OI) threat assessment primarily addresses the potential for attacks against the pipeline industry in the Homeland and assesses the tactics, techniques, and procedures (TTPs) used in attacks against pipelines and related infrastructure overseas for their potential use by terrorists in the Homeland.
(U//FOUO) U.S. Pipeline System: The U.S. pipeline system is comprised of 161,000-plus miles of hazardous liquid pipelines; 310,000 miles of natural gas transmission pipelines; 1.9 million miles of natural gas distribution pipelines; and 104-plus liquefied natural gas processing and storage facilities. Most pipelines are privately owned and operated and most are buried underground. Pipelines transport nearly all of the natural gas and about two-thirds of hazardous liquid (including crude and refined petroleum) products in the United States.
(U) Key Findings
(U//FOUO) TSA-OI assesses with high confidence that the terrorist threat to the U.S. pipeline industry is low. TSA-OI has no specific or credible threat information indicating that violent transnational extremist groups or domestic extremists are actively plotting to conduct attacks on the U.S. pipeline industry.
- (U//FOUO) Violent extremist web postings continue to promote the U.S. pipeline system and its related infrastructure as attractive targets because of the significant impact multiple successful attacks could have on the U.S. economy.
- (U//FOUO) While violent transnational extremist groups, including al-Qa’ida, have expressed interest in attacking the U.S. pipeline system, violent domestic extremists, homegrown terrorists, and lone offenders likely also pose threats to pipeline networks.
- (U//FOUO) Improvised explosive devices (IEDs) have been the preferred attack method used in overseas attacks against pipelines and related infrastructure, and would likely be the method of attack against pipeline systems in the Homeland.
- (U//FOUO) Terrorist groups have discussed attacks on unspecified SCADA systems, but it is uncertain whether al-Qa’ida or any other group has the capability to conduct a successful cyber attack on these systems.
- (U//FOUO) Pipeline and related infrastructure, particularly those which are located above ground, are viable targets because they are exposed and difficult to protect.
(U) Cyber Threats
(U//FOUO) Oil and natural gas pipeline system operations rely heavily on industry control systems (ICSs) including supervisory control and data acquisition (SCADA) networks (see text box). Terrorist groups have discussed attacks on unspecified SCADA systems, but it is uncertain whether al-Qa’ida or any other group has the capability to conduct a successful cyber attack.19 TSA-OI is not aware of any credible, specific threat reporting targeting U.S. pipelines’ industry control systems or the supervisory control and data acquisition networks.
(U) Sept 2010: The Iranian Government confirmed a cyber attack against the industrial control system at the Busher Nuclear Plant in Iran, which led to the discovery of a malicious software program, the origin of which is still unknown. Dubbed Stuxnet, analysts determined the worm began infecting systems overseas and in the U.S. beginning as early as June 2009. The Busher Nuclear Plant uses SCADA systems to operate.20 Although the impact of the attack on plant operations has not been publicly released, officials for the plant insist that the malicious program affected only the personal computers of a few workers.
(U) ICS & SCADA Systems
(U//FOUO) Industrial control systems (ICSs) include supervisory control and data acquisition (SCADA) systems, distributed control systems, and other control system configurations such as programmable logic controllers, often found in the industrial sectors and critical infrastructures. ICS systems are typically used in industries such as electrical, water and wastewater, oil and natural gas, chemical, transportation, and discrete manufacturing.
(U) SCADA is a category of software application program for process control, and allows for the gathering of data in real time from remote locations in order to control equipment and conditions. SCADA is used in power plants as well as in oil and gas refining, telecommunications, transportation, and water and waste control.
(U) Suspicious Incidents & Activity
(U//FOUO) The vast majority of suspicious activity reports (SARs) in the Homeland involved refineries or related infrastructure; not pipelines. U.S. pipelines and related infrastructure however, have been the objects of vandalism and tampering, particularly those facilities and equipment located above ground. There were 44 suspicious pipelines, and related oil and natural gas SARs reported to TSA-OI from January 2010 to October 2010.21 Suspicious activities near pipelines and related infrastructure may indicate an interest to collect information for a future attack, or the desire to identify vulnerabilities or test a pipeline facility’s security and response operations. Individuals engaged in surveillance activities are rarely interviewed by authorities because they are seldom detained for questioning. Therefore, gauging their intent or motivations is difficult.
Related Material From the Archive:
- (U//FOUO) TSA Pipeline Threat Assessment
- (U//FOUO) TSA Pipeline Security Smart Practices Report
- TSA Mass Transit System Threat Assessment 2008
- (U//FOUO) DHS-FBI-NORTHCOM Super Bowl 2011 Joint Special Event Threat Assessment
- (U//FOUO) HITRAC Homeland Security Threat Overview
- (U//FOUO//LES) TSA 2006 Terrorist Threat to U.S. Highway System
- Virginia Fusion Center Educational Facilities Threat Assessment
- Pipeline and Hazardous Materials Safety Administration (PHMSA) Gas Distribution Pipeline Safety Report