Analyses / Impact Analysis / 119 · HR 5062 Impact Analysis

119-HR-5062 Investigative Journalist Impact Analysis

119 · HR 5062 Pipeline Security Act

directions_car Transportation and Public Works
Pipeline Security ActThis bill provides statutory authority for the Transportation Security Administration's (TSA's) role as the agency responsible for securing pipeline transportation and...
Bottom-line assessment
Neutral. On balance, codifying TSA’s pipeline security role, tying it to NIST CSF 2.0, and subjecting implementation to GAO oversight likely lowers systemic outage risk at the cost of recurring compliance and inspection burdens. Net economic impact hinges on the probability of avoided large disruptions (e.g., Colonial‑scale) versus sustained program costs under forthcoming TSA rules. [1]Congress.gov — Text of H.R. 5062 (119th Congress) – Pipeline Security Act[2]NIST — NIST releases Cybersecurity Framework 2.0 (Feb. 26, 2024)[7]Axios — Colonial Pipeline restarts operations after ransomware shutdown[8]Wall Street Journal — TSA wants to expand cyber rules for pipelines and railroa…
Hazardous liquid & CO₂ pipeline mileage (2024)
228374miles
Gas transmission pipeline mileage (2024)
300858miles
Gas gathering pipeline mileage (2024)
110305miles
Colonial Pipeline share of East Coast fuel (approx.)
45percent
Analyzed as
Investigative Journalist
Published
13 Nov 2025
Updated
13 Nov 2025
Tags
Whipline · Impact Analysis · Pipeline Security Act
Unvetted
01 · Section

Summary

What the bill does. H.R. 5062 codifies TSA’s responsibility for securing pipeline transportation and facilities against cybersecurity and terrorism risks; directs TSA to issue and update guidelines consistent with NIST’s Cybersecurity Framework, and empowers additional directives or regulations. It mandates stakeholder engagement within one year, biennial reporting to Congress, and a GAO implementation review within two years. [1]Congress.gov — Text of H.R. 5062 (119th Congress) – Pipeline Security Act[2]NIST — NIST releases Cybersecurity Framework 2.0 (Feb. 26, 2024)[3]Congress.gov — All actions for H.R. 5062 (119th)

  • Baseline context: TSA has already imposed time‑limited pipeline cybersecurity directives since 2021 (incident reporting to CISA, 24/7 cyber coordinators, mitigation/testing). The bill would lock a lasting framework into statute and oversight. [4]TSA — DHS announces new cybersecurity requirements for critical pipeline owners…[5]TSA — DHS announces second pipeline cybersecurity directive (July 20, 2021)[6]TSA — TSA Security Directives and Emergency Amendments (Cybersecurity)
  • Likely effects: fewer large‑scale supply disruptions from cyber events (e.g., Colonial Pipeline) but new compliance costs and inspection obligations for operators. [7]Axios — Colonial Pipeline restarts operations after ransomware shutdown
02 · Section

Economic Effects

Direct market effects, operator costs, and systemic risk.

  • Reduced disruption risk to fuels markets. Colonial’s 2021 ransomware shutdown triggered multi‑state fuel shortages and price spikes; codified authority, regular inspections, and information‑sharing can lower frequency/severity of such shocks. [7]Axios — Colonial Pipeline restarts operations after ransomware shutdown
  • Regulatory and compliance costs. TSA’s 2024 proposed rule (a preview of durable regs the bill would enable) estimated roughly $580 million over 10 years for pipeline facilities to stand up cyber risk programs and reporting—costs likely passed through to shippers/consumers to some degree. [8]Wall Street Journal — TSA wants to expand cyber rules for pipelines and railroa…[9]TSA — TSA proposed rule to require pipeline/rail cyber risk management programs…
  • Operational planning certainty. Moving from annually renewed directives to codified responsibilities and potential regulations reduces policy uncertainty for capex planning and cyber workforce investments. [6]TSA — TSA Security Directives and Emergency Amendments (Cybersecurity)
  • Inspection and audit load. TSA requires recurring assessments and full coverage of measures every three years; formalizing this regime means ongoing audit, testing, and exercise expenditures. [10]TSA — TSA updates and renews cybersecurity requirements for pipeline owners/ope…
  • Jurisdictional clarity vs. overlap. GAO has long flagged weaknesses in TSA pipeline program management and coordination; statute plus GAO review could improve clarity with PHMSA (safety) and CISA (cyber defense), but duplicative burdens remain a risk if roles aren’t tightly delineated. [11]U.S. GAO — GAO-19-48: Critical Infrastructure Protection—Weaknesses in TSA’s Pi…[12]U.S. GAO — GAO-21-105263: TSA steps to address pipeline program weaknesses (tes…
03 · Section

Social Effects

Implications for communities, workforces, and vulnerable groups.

  • Community resilience. Fuel disruptions cascade into retail shortages and logistics delays; preventing cyber‑driven outages mitigates panic buying and service interruptions that disproportionately burden low‑income commuters and essential workers. [7]Axios — Colonial Pipeline restarts operations after ransomware shutdown
  • Public safety. Cyber intrusions into OT can force controlled shutdowns to avoid hazards; stronger governance, segmentation, and incident response reduce likelihood of emergency shutdowns that stress local services. [13]CISA — CISA: Ransomware impacting pipeline operations (OT facility case)
  • Workforce demand. The bill’s personnel‑strategy requirement and TSA’s performance‑based approach will expand demand for pipeline‑specific cyber talent, incident responders, and compliance auditors—especially among mid‑sized operators. [1]Congress.gov — Text of H.R. 5062 (119th Congress) – Pipeline Security Act[14]Web search · turn 6 #7
04 · Section

Environmental Effects

Sustainability, emissions, and ecological risk.

  • Avoided emissions from disruption‑driven mode shifts. When pipelines are down, more fuel moves by truck/alternative modes; trucking is several‑fold more GHG‑intensive per ton‑mile than rail/water, so preventing outages generally avoids higher‑emitting substitutes. [15]FHWA (USDOT) — FHWA Talking Freight (April 2015): relative emissions by freight…
  • Lower probability of accident‑related releases from cyber‑physical scenarios. CISA has documented real OT intrusions and tooling against ICS/SCADA that could disrupt operations; hardening and testing reduce the tail risk of environmentally damaging events. [16]CISA — CISA/DOE/NSA/FBI: APT cyber tools targeting ICS/SCADA (advisory)
  • Methane and spill externalities remain. Even with better cyber defenses, pipeline networks still experience leaks and releases with climate and ecological costs; stronger security doesn’t replace PHMSA safety oversight or emissions rules. [17]News result · turn 7 #12[18]PHMSA (USDOT) — PHMSA National Pipeline Performance Measures (20‑year trends)
05 · Section

Temporal Analysis

Short‑term versus long‑term consequences.

  • 0–12 months: TSA convenes an industry day; operators may face incremental preparation costs for engagement and to align with current directives. [1]Congress.gov — Text of H.R. 5062 (119th Congress) – Pipeline Security Act
  • 1–2 years: Personnel strategy due within 180 days; biennial reporting begins; GAO conducts implementation review—potentially prompting mid‑course corrections. [1]Congress.gov — Text of H.R. 5062 (119th Congress) – Pipeline Security Act
  • 3+ years: Transition from directives to durable, performance‑based rules anchored in NIST CSF 2.0 and CISA’s Cross‑Sector Cybersecurity Performance Goals, improving governance and resilience but institutionalizing recurring compliance costs. [2]NIST — NIST releases Cybersecurity Framework 2.0 (Feb. 26, 2024)[19]Web search · turn 3 #0[14]Web search · turn 6 #7
06 · Section

Unintended Consequences

07 · Section

Assessment (Analytical Stance)

Neutral. On balance, codifying TSA’s pipeline security role, tying it to NIST CSF 2.0, and subjecting implementation to GAO oversight likely lowers systemic outage risk at the cost of recurring compliance and inspection burdens. Net economic impact hinges on the probability of avoided large disruptions (e.g., Colonial‑scale) versus sustained program costs under forthcoming TSA rules. [1]Congress.gov — Text of H.R. 5062 (119th Congress) – Pipeline Security Act[2]NIST — NIST releases Cybersecurity Framework 2.0 (Feb. 26, 2024)[7]Axios — Colonial Pipeline restarts operations after ransomware shutdown[8]Wall Street Journal — TSA wants to expand cyber rules for pipelines and railroa…

08 · Section

Key Metrics and Sources

Hazardous liquid & CO₂ pipeline mileage (2024)
228374miles
Gas transmission pipeline mileage (2024)
300858miles
Gas gathering pipeline mileage (2024)
110305miles
Colonial Pipeline share of East Coast fuel (approx.)
45percent
TSA pipeline cyber rulemaking — estimated pipeline compliance cost (10‑yr)
580USD millions
TSA assessment coverage requirement
100percent of measures each 3 years
Bill deadlines
3milestones (180‑day personnel strategy; 1‑yr industry day; 2‑yr GAO review)
  • Bill text and actions (H.R. 5062, 119th Congress). [1]Congress.gov — Text of H.R. 5062 (119th Congress) – Pipeline Security Act[3]Congress.gov — All actions for H.R. 5062 (119th)
  • TSA pipeline cybersecurity directives (2021–2025). [6]TSA — TSA Security Directives and Emergency Amendments (Cybersecurity)[4]TSA — DHS announces new cybersecurity requirements for critical pipeline owners…[5]TSA — DHS announces second pipeline cybersecurity directive (July 20, 2021)
  • TSA proposed cyber rule for pipelines/rail (context for costs/obligations). [9]TSA — TSA proposed rule to require pipeline/rail cyber risk management programs…[8]Wall Street Journal — TSA wants to expand cyber rules for pipelines and railroa…
  • NIST Cybersecurity Framework 2.0. [2]NIST — NIST releases Cybersecurity Framework 2.0 (Feb. 26, 2024)
  • CISA Cross‑Sector Cybersecurity Performance Goals. [19]Web search · turn 3 #0
  • GAO on TSA pipeline security program/coordination. [11]U.S. GAO — GAO-19-48: Critical Infrastructure Protection—Weaknesses in TSA’s Pi…[12]U.S. GAO — GAO-21-105263: TSA steps to address pipeline program weaknesses (tes…[20]U.S. GAO — GAO-25-107947: Surface Transportation—TSA Cybersecurity actions; add…
  • PHMSA pipeline mileage and performance data. [21]PHMSA (USDOT) — PHMSA Annual Report—Mileage for Hazardous Liquid or CO₂ Systems…[22]PHMSA (USDOT) — PHMSA Annual Report—Mileage for Gas Transmission & Gathering (2…[18]PHMSA (USDOT) — PHMSA National Pipeline Performance Measures (20‑year trends)
  • Colonial Pipeline disruption impacts (market effects). [7]Axios — Colonial Pipeline restarts operations after ransomware shutdown
  • OT/ICS cyber risk to energy infrastructure. [16]CISA — CISA/DOE/NSA/FBI: APT cyber tools targeting ICS/SCADA (advisory)
  • Emissions intensity of alternative modes during outages. [15]FHWA (USDOT) — FHWA Talking Freight (April 2015): relative emissions by freight…
Sources cited
  1. [1] Text of H.R. 5062 (119th Congress) – Pipeline Security Act Congress.gov
  2. [2] NIST releases Cybersecurity Framework 2.0 (Feb. 26, 2024) NIST
  3. [3] All actions for H.R. 5062 (119th) Congress.gov
  4. [4] DHS announces new cybersecurity requirements for critical pipeline owners and operators (May 27, 2021) TSA
  5. [5] DHS announces second pipeline cybersecurity directive (July 20, 2021) TSA
  6. [6] TSA Security Directives and Emergency Amendments (Cybersecurity) TSA
  7. [7] Colonial Pipeline restarts operations after ransomware shutdown Axios
  8. [8] TSA wants to expand cyber rules for pipelines and railroads (cost estimates) Wall Street Journal
  9. [9] TSA proposed rule to require pipeline/rail cyber risk management programs (Nov. 6, 2024) TSA
  10. [10] TSA updates and renews cybersecurity requirements for pipeline owners/operators (2023) TSA
  11. [11] GAO-19-48: Critical Infrastructure Protection—Weaknesses in TSA’s Pipeline Security Program U.S. GAO
  12. [12] GAO-21-105263: TSA steps to address pipeline program weaknesses (testimony) U.S. GAO
  13. [13] CISA: Ransomware impacting pipeline operations (OT facility case) CISA
  14. [14] Web search · turn 6 #7
  15. [15] FHWA Talking Freight (April 2015): relative emissions by freight mode FHWA (USDOT)
  16. [16] CISA/DOE/NSA/FBI: APT cyber tools targeting ICS/SCADA (advisory) CISA
  17. [17] News result · turn 7 #12
  18. [18] PHMSA National Pipeline Performance Measures (20‑year trends) PHMSA (USDOT)
  19. [19] Web search · turn 3 #0
  20. [20] GAO-25-107947: Surface Transportation—TSA Cybersecurity actions; additional steps needed U.S. GAO
  21. [21] PHMSA Annual Report—Mileage for Hazardous Liquid or CO₂ Systems (2024) PHMSA (USDOT)
  22. [22] PHMSA Annual Report—Mileage for Gas Transmission & Gathering (2024) PHMSA (USDOT)

Discussion