Protecting our Critical Infrastructure
We depend on the nation’s critical infrastructure—such as the systems that provide energy, transportation, communications, and financial services—to provide us with our basic needs.
In today’s WatchBlog, we explore federal efforts to protect some of our critical infrastructure from things like cyber-attacks and terrorism.
Oil and gas pipelines
More than 2.7 million miles of pipeline transport oil, natural gas, and other hazardous liquids needed for things like operating vehicles and heating homes. These pipelines run through both remote and urban areas, and are operated by more than 3,000 pipeline companies.
These pipelines are also vulnerable to physical attacks (such as firearms or explosives) and cyber-attacks. For example, a hacker could infiltrate a pipeline’s operational systems via the internet to disrupt service and cause spills, explosions, or fires. In fact, the energy sector accounted for 35% of critical infrastructure cyber incidents from 2013-2015—more than any other sector.
The Transportation Security Administration (along with other federal agencies) is responsible for protecting the nation’s pipelines. However, we found issues with how TSA manages its pipeline security efforts. For example, it has no process for determining when to update its guidelines for pipeline operations and related facilities.
Additionally, TSA’s plan to coordinate security incident responses with other federal agencies and industry stakeholders hasn’t been updated since 2010 . As a result, it doesn’t fully reflect developments in important areas like cybersecurity.
Chemical facilities
The nation’s chemical facilities could also be a target for terrorists. For example, hazardous chemicals could be released from a facility and hurt surrounding populations, or stolen and used as chemical weapons.
The Department of Homeland Security established the Chemical Facility Anti-Terrorism Standards program, in accordance with statutory requirements, to identify high-risk chemical facilities and inspect them to ensure they comply with security standards. DHS also shares information about these facilities with local officials so that first responders are prepared for potential security incidents.
We found that DHS has completed a number of these inspections since 2013. However, first responders still may not have all the information they need to safely respond to incidents at these facilities.
To learn more about our work assessing federal efforts to protect critical infrastructure, click here.
- Comments on GAO’s WatchBlog? Contact blog@gao.gov.