Skip to main content

Defense Infrastructure: NORAD and USNORTHCOM Need to Reevaluate Vulnerabilities Associated with Moving the NORAD Command Center from Cheyenne Mountain to Peterson Air Force Base, and to Acknowledge Acceptance of the Risks

GAO-08-1054R Published: Sep 18, 2008. Publicly Released: Sep 18, 2008.
Jump To:
Skip to Highlights

Highlights

 

In July 2006, the former Commander of North American Aerospace Defense Command (NORAD) and United States Northern Command (USNORTHCOM) announced plans to relocate certain functions from Cheyenne Mountain to create an integrated command center in Building 2 at Peterson Air Force Base (AFB), Colorado. In May 2007, we reported that NORAD and USNORTHCOM had not analyzed the anticipated operational effects--both positive and negative--of the relocation, and that the Department of Defense (DOD) could not discern the full costs or security implications of the move until ongoing security assessments had been completed and a protection level designated for the integrated command center. We suggested that Congress should consider restricting DOD's authority to fund the relocation until all security analyses were complete, the full costs for the move were determined, and DOD provided Congress with an analysis of the operational effects of the proposed realignments. As a result, in the National Defense Authorization Act for Fiscal Year 2008 (hereinafter referred to as the Act), Congress directed the Secretary of Defense to submit a report by March 1, 2008, assessing the relocation of the NORAD Command Center and related functions from Cheyenne Mountain to Peterson AFB. The Act required the report to contain (1) an analysis comparing the total costs associated with the relocation, including costs determined as part of ongoing security-related studies of the relocation, to anticipated operational benefits from the relocation; (2) a detailed explanation of the backup functions that will remain located at Cheyenne Mountain, and how those functions will maintain operational connectivity with their related commands; (3) the final plans for the relocation of the NORAD Command Center and related functions; and (4) the findings and recommendations resulting from the independent security and vulnerability assessment of Peterson AFB, including the Secretary of Defense's plans for mitigating any security and vulnerability risks identif ied and estimates for associated costs and scheduling. The Act mandated that we review DOD's report and the final plans for the relocation, and that we report to Congress within 120 days. On March 3, 2008, DOD submitted its report to Congress. DOD's report included a cost-benefit analysis comparing the following three alternatives: Status quo--retain separate command centers at Cheyenne Mountain and Peterson AFB. Establish a combined and integrated command center at Peterson AFB with reach-back capability to the computer systems at Cheyenne Mountain. Establish a combined command center at Peterson AFB that duplicates the systems at Cheyenne Mountain.

 

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Defense To help mitigate the security and vulnerability risks identified in, and incorporate certain key threats excluded from, the Air Force Space Command's security assessment, the Secretary of Defense should, through the Joint Chiefs of Staff, direct the Commander of NORAD and USNORTHCOM to reevaluate the full spectrum of security vulnerabilities associated with moving the NORAD Command Center and related functions from Cheyenne Mountain to Peterson AFB.
Closed – Implemented
DOD reported that, as of July 23, 2009, all major security and vulnerability assessments of the NORAD and USNORTHCOM Headquarters, Command Center, and supporting infrastructure for critical missions were complete. The commands have conducted a thorough assessment of the identified vulnerabilities and recommendations, and implemented mitigation and action plans to address the risk. On May 19, 2009, NORAD and USNORTHCOM briefed Congressional staffers on the results on these assessments, mitigation measures planned and implemented, and project costs. The results and recommendations fell into seven major categories. Overall, the commands assessed the risks to Peterson AFB and Cheyenne Mountain to be low due to redundant capabilities, mission devolution, and ongoing mitigation efforts.
Department of Defense To help mitigate the security and vulnerability risks identified in, and incorporate certain key threats excluded from, the Air Force Space Command's security assessment, the Secretary of Defense should, through the Joint Chiefs of Staff, direct the Commander of NORAD and USNORTHCOM to certify that he is fully aware of all the risks associated with moving the NORAD Command Center and related functions from Cheyenne Mountain to Peterson AFB, and accepts those risks.
Closed – Implemented
DOD reported that, as of December 18, 2008, the Commander of NORAD and USNORTHCOM understands and fully acknowledges the risks associated with the NORAD and USNORTHCOM Command Center (N2C2) and implemented additional security measures since the May 2007 Sandia National Laboratories security analysis to address these risks. The Commander understands risk is an inherent element of command and continues to aggressively work on all outstanding Protection Level-1 requirements for the N2C2.

Full Report

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs

Public Inquiries

Topics

AccountabilityAir Force basesCost analysisCritical infrastructureDefense cost controlDefense operationsDefense procurementFacility securityInformation classificationMilitary facilitiesRelocation allowancesReporting requirementsRisk assessmentRisk managementSchedule slippagesSecurity assessmentsSecurity policiesStrategic planning