Printer Friendly

Defense Critical Infrastructure: Actions Needed to Improve the Identification and Management of Electrical Power Risks and Vulnerabilities to DOD Critical Assets.

GAO-10-147 October 23, 2009

The Department of Defense (DOD) relies on a global network of defense critical infrastructure so essential that the incapacitation, exploitation, or destruction of an asset within this network could severely affect DOD's ability to deploy, support, and sustain its forces and operations worldwide and to implement its core missions, including those in Iraq and Afghanistan as well as its homeland defense and strategic missions. In October 2008, DOD identified its 34 most critical assets in this network--assets of such extraordinary importance to DOD operations that according to DOD, their incapacitation or destruction would have a very serious, debilitating effect on the ability of the department to fulfill its missions. Located both within the United States and abroad, DOD's most critical assets include both DOD- and non-DOD-owned assets. DOD relies overwhelmingly on commercial electrical power grids for secure, uninterrupted electrical power supplies to support its critical assets. DOD is the single largest consumer of energy in the United States, as we have noted in previous work. According to a 2008 report by the Defense Science Board Task Force on DOD's Energy Strategy, DOD has traditionally assumed that commercial electrical power grids are highly reliable and subject to only infrequent (generally weather-related), short-term disruptions. For backup supplies of electricity, DOD has depended primarily on diesel generators with short-term fuel supplies. In 2008, however, the Defense Science Board reported that "[c]ritical national security and homeland defense missions are at an unacceptably high risk of extended outage from failure of the [commercial electrical power] grid" upon which DOD overwhelmingly relies for its electrical power supplies. Specifically, the reliability and security of commercial electrical power grids are increasingly threatened by a convergence of challenges, including increased user demand, an aging electrical power infrastructure, increased reliance on automated control systems that are susceptible to cyberattack, the attractiveness of electrical power infrastructure for terrorist attacks, long lead times for replacing key electrical power equipment, and more frequent interruptions in fuel supplies to electricity-generating plants. As a result, commercial electrical power grids have become increasingly fragile and vulnerable to extended disruptions that could severely impact DOD's most critical assets, their supporting infrastructure, and ultimately the missions they support.

DOD's most critical assets are vulnerable to disruptions in electrical power supplies, but DOD lacks sufficient information to determine the full extent of the risks and vulnerabilities these assets face. All 34 of these most critical assets require electricity continuously to support their military missions, and 31 of them rely on commercial power grids--which the Defense Science Board Task Force on DOD Energy Strategy has characterized as increasingly fragile and vulnerable--as their primary source of electricity. DOD Instruction 3020.45 requires DOD to conduct vulnerability assessments on all its most critical assets at least once every 3 years. Also, the Office of the Assistant Secretary of Defense for Homeland Defense and Americas' Security Affairs ASD(HD&ASA) has requested the U.S. Army Corps of Engineers--which serves as the Defense Critical Infrastructure Program's Defense Infrastructure Sector Lead Agent for Public Works--to conduct preliminary technical analyses of DOD installation infrastructure (including electrical power infrastructure) to support the teams conducting Defense Critical Infrastructure Program vulnerability assessments on the most critical assets. (1) As of June 2009, and according to ASD(HD&ASA) and the Joint Staff, DOD had conducted Defense Critical Infrastructure Program vulnerability assessments on 14 of the 34 most critical assets.18 DOD has not conducted the remaining assessments because it did not identify the most critical assets until October 2008. To comply with the instruction, DOD would have to complete Defense Critical Infrastructure Program vulnerability assessments on all most critical assets by October 2011. (2) DOD has neither conducted, nor developed additional guidelines and time frames for conducting, these vulnerability assessments on any of the five non-DOD-owned most critical assets located in the United States or foreign countries, citing security concerns and political sensitivities. (3) The U.S. Army Corps of Engineers has not completed the preliminary technical analyses requested because it has not yet received infrastructure-related information regarding the networks, assets, points of service, and inter- and intradependencies related to electrical power systems that it requires from the military services. (4) Although DOD is in the process of developing guidelines, it does not systematically coordinate Defense Critical Infrastructure Program vulnerability assessment processes and guidelines with those of other, complementary DOD mission assurance programs--including force protection; antiterrorism; information assurance; continuity of operations; chemical, biological, radiological, nuclear, and high-explosive defense; readiness; and installation preparedness--that also examine electrical power vulnerabilities of the most critical assets, because DOD has not established specific guidelines for such systematic coordination. (5) The 10 Defense Critical Infrastructure Program vulnerability assessments we reviewed did not explicitly consider assets' vulnerabilities to longer-term (i.e., of up to several weeks' duration) electrical power disruptions19 on a mission-specific basis, as DOD has not developed explicit Defense Critical Infrastructure Program benchmarks for assessing electrical power vulnerabilities associated with longer-term electrical power disruptions. With more comprehensive knowledge of the most critical assets' risks and vulnerabilities to electrical power disruptions, DOD can better avoid compromising crucial DOD-wide missions during electrical power disruptions. This additional information may also improve DOD's ability to effectively prioritize funding needed to address identified risks and vulnerabilities of its most critical assets to electrical power disruptions.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Davi M. Dagostino Team: Government Accountability Office: Defense Capabilities and Management Phone: (202) 512-5431

Recommendations for Executive Action

----------

Recommendation: To ensure that DOD has sufficient information to determine the full extent of the risks and vulnerabilities to electrical power disruptions of its most critical assets, the Secretary of Defense should direct the Assistant Secretary of Defense for Homeland Defense and Americas' Security Affairs, in collaboration with the Joint Staff's Directorate for Antiterrorism and Homeland Defense, combatant commands, military services, and other Defense Critical Infrastructure Program stakeholders, as appropriate, to complete Defense Critical Infrastructure Program vulnerability assessments, as required by DOD Instruction 3020.45, on all of DOD's most critical assets by October 2011.

Agency Affected: Department of Defense

Status: In process

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

----------

Recommendation: To ensure that DOD has sufficient information to determine the full extent of the risks and vulnerabilities to electrical power disruptions of its most critical assets, the Secretary of Defense should direct the Assistant Secretary of Defense for Homeland Defense and Americas' Security Affairs, in collaboration with the Joint Staff's Directorate for Antiterrorism and Homeland Defense, combatant commands, military services, and other Defense Critical Infrastructure Program stakeholders, as appropriate, to develop additional guidelines, an implementation plan, and a schedule for conducting Defense Critical Infrastructure Program vulnerability assessments on all non-DOD-owned most critical assets located in the United States and abroad in conjunction with other federal agencies, as appropriate, that have a capability to implement the plan.

Agency Affected: Department of Defense

Status: In process

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

----------

Recommendation: To ensure that DOD has sufficient information to determine the full extent of the risks and vulnerabilities to electrical power disruptions of its most critical assets, the Secretary of Defense should direct the Assistant Secretary of Defense for Homeland Defense and Americas' Security Affairs, in collaboration with the Joint Staff's Directorate for Antiterrorism and Homeland Defense, combatant commands, military services, and other Defense Critical Infrastructure Program stakeholders, as appropriate, to establish a time frame for the military services to provide the infrastructure data required for the Public Works Defense Infrastructure Sector Lead Agent--the U.S. Army Corps of Engineers--to complete its preliminary technical analysis of public works (including electrical system) infrastructure at DOD installations that support DOD's most critical assets.

Agency Affected: Department of Defense

Status: In process

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

----------

Recommendation: To ensure that DOD has sufficient information to determine the full extent of the risks and vulnerabilities to electrical power disruptions of its most critical assets, the Secretary of Defense should direct the Assistant Secretary of Defense for Homeland Defense and Americas' Security Affairs, in collaboration with the Joint Staff's Directorate for Antiterrorism and Homeland Defense, combatant commands, military services, and other Defense Critical Infrastructure Program stakeholders, as appropriate, to finalize guidelines currently being developed to coordinate Defense Critical Infrastructure Program assessment criteria and processes more systematically with those of other DOD mission assurance programs.

Agency Affected: Department of Defense

Status: In process

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

----------

Recommendation: To ensure that DOD has sufficient information to determine the full extent of the risks and vulnerabilities to electrical power disruptions of its most critical assets, the Secretary of Defense should direct the Assistant Secretary of Defense for Homeland Defense and Americas' Security Affairs, in collaboration with the Joint Staff's Directorate for Antiterrorism and Homeland Defense, combatant commands, military services, and other Defense Critical Infrastructure Program stakeholders, as appropriate, to develop explicit Defense Critical Infrastructure Program guidelines for assessing the critical assets' vulnerabilities to long-term electrical power disruptions.

Agency Affected: Department of Defense

Status: In process

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

----------

Recommendation: To enhance DOD's efforts to mitigate these assets' risks and vulnerabilities to electrical power disruptions and leverage previous assessments and multiple asset owners' information, the Secretary of Defense should direct the Assistant Secretary of Defense for Homeland Defense and Americas' Security Affairs, in collaboration with the Joint Staff's Directorate for Antiterrorism and Homeland Defense, combatant commands, military services, and other Defense Critical Infrastructure Program stakeholders, as appropriate, to develop a mechanism to systematically track the implementation of future Defense Critical Infrastructure Program risk management decisions and responses intended to address electrical power-related risks and vulnerabilities to DOD's most critical assets.

Agency Affected: Department of Defense

Status: In process

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

----------

Recommendation: To enhance DOD's efforts to mitigate these assets' risks and vulnerabilities to electrical power disruptions and leverage previous assessments and multiple asset owners' information, the Secretary of Defense should direct the Assistant Secretary of Defense for Homeland Defense and Americas' Security Affairs, in collaboration with the Joint Staff's Directorate for Antiterrorism and Homeland Defense, combatant commands, military services, and other Defense Critical Infrastructure Program stakeholders, as appropriate, to ensure for DOD-owned most critical assets, and facilitate for non-DOD-owned most critical assets, that asset owners or host installations of the most critical assets, where appropriate, reach out to local electricity providers in an effort to coordinate and help remediate or mitigate risks and vulnerabilities to electrical power disruptions that may be identified for DOD's most critical assets.

Agency Affected: Department of Defense

Status: In process

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Categories: National Defense, Assets, Critical infrastructure, Defense capabilities, Defense Critical Infrastructure Program, Defense operations, Electric energy, Electric power generation, Electric power transmission, Risk assessment, Risk factors, Risk management, Strategic planning
COPYRIGHT 2009 Stonehenge International
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2009 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Publication:General Accounting Office Reports & Testimony
Date:Nov 1, 2009
Words:1908
Previous Article:Retirement Savings: Automatic Enrollment Shows Promise for Some Workers, but Proposals to Broaden Retirement Savings for Other Workers Could Face...
Next Article:Bid Protest Ruling: Mike Kesler Enterprises.
Topics:


Related Articles
Critical infrastructure: interlinked and vulnerable.
DON CIP: a comprehensive solution to improve cyber and physical security of DON critical assets.
Enabling mission assurance through an aggressive critical infrastructure protection program.
Enabling warfighter mission assurance through critical asset vulnerability assessment.
Defense Infrastructure: Management Actions Needed to Ensure Effectiveness of DOD's Risk Management Approach for the Defense Industrial Base.
Defense Critical Infrastructure: DOD's Risk Analysis of Its Critical Infrastructure Omits Highly Sensitive Assets.
Defense Infrastructure: High-Level Leadership Needed to Help Communities Address Challenges Caused by DOD-Related Growth.
Defense Critical Infrastructure: Adherence to Guidance Would Improve DOD's Approach to Identifying and Assuring the Availability of Critical...
Defense Critical Infrastructure: Developing Training Standards and an Awareness of Existing Expertise Would Help DOD Assure the Availability of...
Legal propriety of protecting defense industrial base information infrastructure.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters