The nation's economy and security are heavily dependent on oil, natural gas, and other energy commodities. Al-Qa'ida and other groups with malevolent intent have targeted energy tankers and offshore energy infrastructure because of their importance to the nation's economy and national security. The U.S. Coast Guard--a component of the Department of Homeland Security (DHS)--is the lead federal agency for maritime security, including the security of energy tankers and offshore energy infrastructure. The Federal Bureau of Investigation (FBI) also has responsibilities for preventing and responding to terrorist incidents. This testimony discusses the extent to which (1) the Coast Guard and the FBI have taken actions to address GAO's prior recommendations to prevent and respond to a terrorist incident involving energy tankers and (2) the Coast Guard has taken actions to assess the security risks to offshore energy infrastructure and related challenges. This testimony is based on products issued from December 2007 through March 2011 and recently completed work on the Coast Guard's actions to assess security risks. GAO reviewed documents from the Coast Guard's risk model and relevant laws, regulations, policies, and procedures; and interviewed Coast Guard officials.

The Coast Guard and the FBI have made progress implementing prior recommendations GAO made to enhance energy tanker security. In 2007, GAO made five recommendations to address challenges in ensuring the effectiveness of federal agencies' actions to protect energy tankers and implement response plans. The Coast Guard and the FBI have implemented two recommendations, specifically: (1) the Coast Guard, in coordination with U.S. Customs and Border Protection, developed protocols for facilitating the recovery and resumption of trade following a disruption to the maritime transportation system, and (2) the Coast Guard and the FBI participated in local port exercises that executed multiple response plans simultaneously. The Coast Guard has made progress on a third recommendation through work on a national strategy for the security of certain dangerous cargoes. It also plans to develop a resource allocation plan, starting in April 2012, which may help address the need to balance security responsibilities. However, the Coast Guard and the FBI have not yet taken action on a fourth recommendation to develop an operational plan to integrate the national spill and terrorism response plans. According to DHS, it plans to revise the National Response Framework, but no decision has been made regarding whether the separate response plans will be integrated. Also, DHS has not yet taken action on the final recommendation to develop explicit performance measures for emergency response capabilities and use them in risk-based analyses to set priorities for acquiring needed response resources. According to DHS, it is revising its emergency response grant programs, but does not have specific plans to develop performance measures as part of this effort. The Coast Guard has taken actions to assess the security risks to offshore energy infrastructure, which includes Outer Continental Shelf (OCS) facilities (facilities that are involved in producing oil or natural gas) and deepwater ports (facilities used to transfer oil and natural gas from tankers to shore), but improvements are needed. The Coast Guard has used its Maritime Security Risk Analysis Model (MSRAM) to examine the security risks to OCS facilities and deepwater ports. To do so, the Coast Guard has coordinated with the intelligence community and stakeholders, such as the Department of the Interior's Bureau of Ocean Energy Management, Regulation and Enforcement. However, the Coast Guard faces complex and technical challenges in assessing risks. For example, the Coast Guard does not have data on the ability of an OCS facility to withstand an attack. The Coast Guard generally recognizes these challenges and has actions underway to study or address them. Further, GAO determined that as of May 2011, the Coast Guard had not assessed security risks for 12 of the 50 security-regulated OCS facilities that are to be subjected to such assessments. Coast Guard officials later determined that they needed to add these OCS facilities to MSRAM for assessment and have completed the required assessments. However, while the list of security-regulated facilities may change each year based on factors such as production volume, the Coast Guard's current policies and procedures do not call for Coast Guard officials to provide an annual updated list of regulated OCS facilities to MSRAM analysts. Given the continuing threat to such offshore facilities, revising its procedures could help ensure that the Coast Guard carries out its risk assessment requirements for security-regulated OCS facilities. GAO is recommending that the Coast Guard revise policies and procedures to ensure its analysts receive the annual updated list of regulated offshore energy facilities to ensure risk assessments are conducted on those facilities. The Coast Guard concurred with this recommendation.

Status Legend:

Review Pending-GAO has not yet assessed implementation status.

Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.

Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.

Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.

• Review Pending
• Open
• Closed - implemented
• Closed - not implemented

Recommendation for Executive Action

Recommendation: To strengthen the Coast Guard's efforts to assess security risks and ensure the security of OCS facilities, the Commandant of the Coast Guard should revise policies and procedures to ensure that MSRAM analysts receive the annual updated list of securityregulated OCS facilities to ensure that risk assessments have been conducted on all such OCS facilities.

Agency Affected: Department of Homeland Security: United States Coast Guard

Status: Open

Comments: On December 30, 2011, in response to GAO's testimony statement, the Department of Homeland Security (DHS) stated that Coast Guard personnel were coordinating their efforts to ensure that Maritime Security Risk Analysis Model (MSRAM) analysts had the most up-to-date list of security-regulated Outer Continental Shelf (OCS) facilities. According to DHS, the Coast Guard's Prevention Division will be responsible for developing and maintaining the list of OCS facilities, and the MSRAM analysts are to retrieve the list annually and compare it to the list of assets in MSRAM. Additionally, the Prevention Division will be responsible for notifying MSRAM analysts when new OCS facilities are added to the list. In June 2012, the Coast Guard stated that the Eighth Coast Guard District MSRAM analysts most recently received a list of security-regulated OCS facilities in August 2011, and the Coast Guard expects the analysts to receive an updated list at the end of June 2012. The Coast Guard also stated that, as part of the Fall 2013 update to the MSRAM policy, its 2013 MSRAM Users Manual is to be updated to require Response, Prevention, Recovery, and Planning subject matter experts to coordinate on MSRAM vulnerability and consequence assessments. GAO will follow up with the Coast Guard in the fall of 2013 to confirm the issuance of this updated policy.