The Department of Defense’s (DOD) “collection and reporting of utility disruption data is not comprehensive and contains inaccuracies because not all types and instances of utility disruptions have been reported and there are inaccuracies in reporting of disruptions’ duration and cost,” a 72-page Government Accountability Office (GAO) audit report stated.
GAO said, “Specifically, in the data call for … energy reports, officials stated that DOD installations are not reporting all disruptions that meet the DOD criteria of commercial utility service disruptions lasting 8 hours or longer. This is likely due, in part, to military service guidance that differs from instructions for DOD’s data collection template.”
GAO recommended DOD “work with the services to clarify utility disruption reporting guidance, improve data validation steps and address challenges to addressing cybersecurity industrial control systems (ICS) guidance.”
DOD concurred with GAO’s audit, by only “partially concurred with all but one recommendation and disagreed with some of GAO’s analysis.”
GAO auditors said they believe their “recommendations and analysis are valid as discussed in the report.”
GAO explained that “installations have experienced utility disruptions resulting in operational and fiscal impacts due to hazards such as mechanical failure and extreme weather.”
However, GAO auditors reported, “Threats, such as cyber attacks, also have the potential to cause disruptions,” noting that, “In its June 2014 Annual Energy Management Report to Congress, DOD reported 180 utility disruptions lasting 8 hours or longer, with an average financial impact of about $220,000 per day for Fiscal Year 2013.”
“Installation officials provided specific examples to GAO, such as at Naval Weapons Station Earle, New Jersey, where in 2012, Hurricane Sandy’s storm surge destroyed utility infrastructure, disrupting potable and wastewater service and resulting in almost $26 million in estimated repair costs,” GAO’s audit reported. Furthermore, “DOD officials also cited examples of physical and cyber threats, such as the ‘Stuxnet’ computer virus that attacked the Iranian nuclear program in 2010 by destroying centrifuges, noting that similar threats could affect DOD installations.”
Last month, the
Homeland Security Today reported earlier last month that an emergency spare transformer program is a key part of the preparation for and rapid recovery from a high-impact, low-frequency (HILF) event which the Department of Homeland Security announced in its long awaited report, Considerations for a Power Transformer Emergency Spare Strategy for the Electric Utility Industry.
For over a decade, Homeland Security Today recently reported, national security and energy experts have warned America’s power grid has grown increasingly vulnerable to natural factors, such as weather-related outages and subversive action. With power outages 285 percent more likely to occur today than in 1984, it is critical that the nation ensure its electric power system is reliable, according to a recent study by Johns Hopkins University.
Published in the Journal, Risk Analysis, the study, Who’s Making Sure the Power Stays On? said the nation’s electric power distribution systems are so haphazardly regulated for reliability that it’s nearly impossible for customers to know their true risk of losing service in a major storm. The study, which was designed to analyze how reliability is measured, led the researchers to propose new regulatory measures to accurately identify weaknesses within the system.
In its Annual Energy Management Report to Congress, GAO stated, “DOD is also not including information on disruptions to DOD-owned utility infrastructure,” and that there “also were inaccuracies in the reported data.”
“For instance,” GAO found, “$4.63 million ofthe $7 million in costs reported by DOD in its June 2013 energy report were indirect costs, such as lost productivity, although DOD has directed that such costs not be reported. Officials responsible for compiling the energy report noted that utility disruption data constitutes a small part of the report and they have limited time to validate data. However, without collecting and reporting complete and accurate data, decision makers in DOD may be hindered in their ability to plan effectively for mitigating against utility disruptions and enhance utility resilience, and Congress may have limited oversight of the challenges these disruptions pose.”
GAO said, “Military services have taken actions to mitigate risks posed by utility disruptions and are generally taking steps in response to DOD guidance related to utility resilience,” such as installations employing backup generators and conducting vulnerability assessments of their utility systems.
Also, GAO’s audit report stated, “DOD is in the planning stages of implementing new cybersecurity guidance by March 2018 to protect its industrial control systems, which are computer-controlled systems that monitor or operate physical utility infrastructure. Each of the military services has working groups in place to plan for implementing this guidance.”
But, GAO noted, “the services face three implementation challenges: inventorying their installations’ ICS; ensuring personnel with expertise in both ICS and cybersecurity are trained and in place; and programming and identifying funding for implementation. For example, as of February 2015, none of the services had a complete inventory of ICS on their installations.”
“Without overcoming these challenges, DOD’s ICS may be vulnerable to cyber incidents that could degrade operations and negatively impact missions,” GAO warned.
GAO’s audit was conducted because the “continuity of operations at DOD installations is vital to supporting the department’s missions, and the disruption of utility services—such as electricity and potable water, among others—can threaten this support.”
House Report 113-446 on the Howard P. “Buck” McKeon National Defense Authorization Act for Fiscal Year 2015 included a provision requiring GAO review DOD and the military services’ actions to ensure mission capability in the event of disruptions to utility services.
The report addressed:
- Whether threats and hazards have caused utility disruptions on DOD installations and, if so, what impacts they have had;
- The extent to which DOD’s collection and reporting on utility disruptions is comprehensive and accurate; and
- The extent to which DOD has taken actions and developed and implemented guidance to mitigate risks to operations at its installations in the event of utility disruption.