October 7, 2010

Report on Critical Asset Vulnerability and Risk Assessments at the Power Marketing Administrations--Followup Audit

The Department of Energy's largest Power Marketing Administrations (PMAs), Bonneville, Western Area, and Southwestern, provide wholesale electric power to utilities for use in homes, hospitals, financial institutions and military installations. Serving the electricity supply needs of millions of citizens in the western part of the United States, these PMAs maintain an elaborate and extensive infrastructure that includes electrical substations, high-voltage transmission lines and towers, and power system control centers. To protect these assets, the PMAs follow safety and security requirements established by the Department, the North American Electric Reliability Corporation (NERC), and the Department of Homeland Security (Homeland Security). Under established policy, the PMAs are required to conduct vulnerability and risk assessments of their most critical assets to: evaluate existing security systems; analyze current threat information; identify security enhancements needed to reduce risk; and, document the level of risk PMA management is willing to accept on individual critical assets. In 2003, the Office of Inspector General reported in our Audit of Power Marketing Administration Infrastructure Protection (OAS-B-03-01, April 2003) that Bonneville had initiated, but not yet completed vulnerability and risk assessments; Western had conducted inadequate assessments; and, Southwestern had not conducted any assessments. Given the importance of these efforts to safeguarding the Nation's electrical infrastructure, we initiated this audit to determine whether the PMAs had conducted vulnerability and risk assessments.

Topic: National Security & Safety