Audit Report: DOE-OIG-16-11

You are here

April 4, 2016

Followup on Western Area Power Administration’s Critical Asset Protection

The Department of Energy’s Western Area Power Administration (Western) markets and transmits electrical power across 15 states to wholesale customers.  It maintains an extensive infrastructure, including electrical substations, high-voltage transmission lines and towers, and power system control centers.  Western is subject to security requirements established by the Department, the North American Electric Reliability Corporation (NERC), and the Department of Homeland Security.  A 2003 Office of Inspector General audit report noted that Western’s risk assessments were inadequate, and a 2010 OIG report found that Western had not completed required risk assessments and security measure performance testing, and had not implemented physical security enhancements recommended in completed risk assessments. 

During this followup audit, we found that, although Western had initiated efforts to improve physical security and protection of its critical assets, significant issues still exist and issues identified in our 2010 report remain unaddressed.  Specifically, we found that Western had not always established adequate physical security measures and practices for its critical assets, addressed physical security measures recommended in prior risk assessments, and conducted performance testing to ensure that security measures for physical assets were performing as designed.

The issues we identified occurred in large part because Western had not placed sufficient emphasis on physical security.  We also found that Western lacked specific policies and procedures for maintaining security equipment, controlling access keys, implementing risk assessment recommendations, and conducting performance tests.

Protecting critical infrastructure is essential to the Nation’s security and economic vitality.  The consequence of tampering with or destroying equipment in substation yards and control buildings could cause significant disruption in the functioning of Government and business, potentially producing a cascading effect far beyond the physical location of the incident.

Topic: National Security & Safety