Date: March 2016
CRITICAL INFRASTRUCTURE PROTECTION: Federal Agencies Have Taken Actions to Address Electromagnetic Risks, but Opportunities Exist to Further Assess Risks and Strengthen Collaboration
What GAO Found
Key federal agencies have taken various actions to address electromagnetic risks to the electric grid, and some actions align with the recommendations made in 2008 by the Commission to Assess the Threat to the United States from Electromagnetic Pulse Attack (EMP Commission). Since 2008, the Department of Homeland Security (DHS), the Department of Energy (DOE), and the Federal Energy Regulatory Commission (FERC) have taken actions such as establishing industry standards and federal guidelines, and completing EMP-related research reports. GAO found that their actions aligned with some of the EMP Commission recommendations related to the electric grid. For example, DHS developed EMP protection guidelines to help federal agencies and industry identify options for safeguarding critical communication equipment and control systems from an EMP attack. Further, agency actions and EMP Commission recommendations generally align with DHS and DOE critical infrastructure responsibilities, such as assessing risks and identifying key assets.
Additional opportunities exist to enhance federal efforts to address electromagnetic risks to the electric grid. Specifically, DHS has not identified internal roles and responsibilities for addressing electromagnetic risks, which has led to limited awareness of related activities within the department and reduced opportunity for coordination with external partners. Doing so could provide additional awareness of related activities and help ensure more effective collaboration with other federal agencies and industry stakeholders. Moreover, although DHS components have independently conducted some efforts to assess electromagnetic risks, DHS has not fully leveraged opportunities to collect key risk inputs—namely threat, vulnerability, and consequence information—to inform comprehensive risk assessments of electromagnetic events. Within DHS, there is recognition that space weather and power grid failure are significant risk events, which DHS officials have determined pose great risk to the security of the nation. Better collection of risk inputs, including additional leveraging of information available from stakeholders, could help to further inform DHS assessment of these risks. DHS and DOE also did not report taking any actions to identify critical electrical infrastructure assets, as called for in the National Infrastructure Protection Plan. Although FERC conducted a related effort in 2013, DHS and DOE were not involved and have unique knowledge and expertise that could be utilized to better ensure that key assets are adequately identified and all applicable elements of criticality are considered. Finally, DHS and DOE, in conjunction with industry, have not established a coordinated approach to identifying and implementing key risk management activities to address EMP risks. Such activities include identifying and prioritizing key research and development efforts, and evaluating potential mitigation options, including the cost-effectiveness of specific protective equipment. Enhanced coordination to determine key research priorities could help address some identified research gaps and may help alleviate concerns voiced by industry regarding the costs and potential adverse consequences on grid reliability that may be caused by implementation of such equipment.
Why GAO Did This Study
Electromagnetic risks caused by a man-made EMP or a naturally occurring solar weather event could have a significant impact on the nation’s electric grid as well as other infrastructure sectors that depend on electricity, such as communications. These risks could lead to power outages over broad geographic areas for extended durations.
GAO was asked to review federal efforts to address electromagnetic risks to the electric grid. This report examines (1) the extent to which key federal agencies have taken action to address electromagnetic risks and how these actions align with the 2008 EMP Commission report recommendations, and (2) what additional opportunities exist to enhance federal efforts to address electromagnetic risks to the electric grid. GAO reviewed the EMP Commission report and federal program documents, and interviewed DHS, DOE, and FERC officials and relevant stakeholders who provided insights on key actions taken.
What GAO Recommends
GAO recommends that DHS identify internal roles to address electromagnetic risks, and collect additional risk inputs to further inform assessment efforts; that DHS and DOE collaborate to ensure critical electrical infrastructure assets are identified; and engage with industry stakeholders to identify and prioritize risk-management activities, such as research and development efforts, to address EMP risks to the grid. DHS and DOE concurred with our recommendations and identified planned actions to address the recommendations.