Critical Infrastructure Protection: Federal Efforts to Address Electromagnetic Risks
Highlights
What GAO Found
Key federal agencies have taken various actions to address electromagnetic risks to the electric grid, and some actions align with the recommendations made in 2008 by the Commission to Assess the Threat to the United States from Electromagnetic Pulse Attack (EMP Commission). Since 2008, the Department of Homeland Security (DHS), the Department of Energy (DOE), and the Federal Energy Regulatory Commission (FERC) have taken actions such as establishing industry standards and federal guidelines, and completing EMP-related research reports. GAO found that their actions aligned with some of the EMP Commission recommendations related to the electric grid. For example, DHS developed EMP protection guidelines to help federal agencies and industry identify options for safeguarding critical communication equipment and control systems from an EMP attack. Further, agency actions and EMP Commission recommendations generally align with DHS and DOE critical infrastructure responsibilities, such as assessing risks and identifying key assets.
Additional opportunities exist to enhance federal efforts to address electromagnetic risks to the electric grid. Specifically, DHS has not identified internal roles and responsibilities for addressing electromagnetic risks, which has led to limited awareness of related activities within the department and reduced opportunity for coordination with external partners. Doing so could provide additional awareness of related activities and help ensure more effective collaboration with other federal agencies and industry stakeholders. Moreover, although DHS components have independently conducted some efforts to assess electromagnetic risks, DHS has not fully leveraged opportunities to collect key risk inputs—namely threat, vulnerability, and consequence information—to inform comprehensive risk assessments of electromagnetic events. Within DHS, there is recognition that space weather and power grid failure are significant risk events, which DHS officials have determined pose great risk to the security of the nation. Better collection of risk inputs, including additional leveraging of information available from stakeholders, could help to further inform DHS assessment of these risks. DHS and DOE also did not report taking any actions to identify critical electrical infrastructure assets, as called for in the National Infrastructure Protection Plan. Although FERC conducted a related effort in 2013, DHS and DOE were not involved and have unique knowledge and expertise that could be utilized to better ensure that key assets are adequately identified and all applicable elements of criticality are considered. Finally, DHS and DOE, in conjunction with industry, have not established a coordinated approach to identifying and implementing key risk management activities to address EMP risks. Such activities include identifying and prioritizing key research and development efforts, and evaluating potential mitigation options, including the cost-effectiveness of specific protective equipment. Enhanced coordination to determine key research priorities could help address some identified research gaps and may help alleviate concerns voiced by industry regarding the costs and potential adverse consequences on grid reliability that may be caused by implementation of such equipment.
Why GAO Did This Study
This testimony summarizes the information contained in GAO's March 2016 report, entitled Critical Infrastructure Protection: Federal Agencies Have Taken Actions to Address Electromagnetic Risks, but Opportunities Exist to Further Assess Risks and Strengthen Collaboration, GAO-16-243.
For more information, contact Chris Currie at (404) 679-1875 or curriec@gao.gov.