United States Government Accountability Office Report to the Ranking Member Subcommittee on Oversight Committee on Science Space and Technology House of Representatives January 2017 ELECTRICITY Federal Efforts to Enhance Grid Resilience GAO-17-153 January 2017 ELECTRICITY Federal Efforts to Enhance Grid Resilience Highlights of GAO-17-153 a report to the Ranking Member Subcommittee on Oversight Committee on Science Space and Technology House of Representatives Why GAO Did This Study What GAO Found In light of increasing threats to the nation’s electricity grid national policies have stressed the importance of enhancing the grid’s resilience—its ability to adapt to changing conditions withstand potentially disruptive events such as the loss of power lines and if disrupted to rapidly recover Most of the electricity grid is owned and operated by private industry but the federal government has a significant role in promoting the grid’s resilience DOE is the lead agency for federal grid resiliency efforts and is responsible for coordinating with DHS and other relevant federal agencies on these efforts The Department of Energy DOE the Department of Homeland Security DHS and the Federal Energy Regulatory Commission FERC reported implementing 27 grid resiliency efforts since 2013 and identified a variety of results from these efforts The efforts addressed a range of threats and hazards—including cyberattacks physical attacks and natural disasters—and supported different types of activities see table These efforts also addressed each of the three federal priorities for enhancing the security and resilience of the electricity grid 1 developing and deploying tools and technologies to enhance awareness of potential disruptions 2 planning and exercising coordinated responses to disruptive events and 3 ensuring actionable intelligence on threats is communicated between government and industry in a time-sensitive manner Agency officials reported a variety of results from these efforts including the development of new technologies—such as a rapidly-deployable large highpower transformer—and improved coordination and information sharing between the federal government and industry related to potential cyberattacks GAO was asked to review federal efforts to enhance the resilience of the electricity grid This report 1 identifies grid resiliency efforts implemented by federal agencies since 2013 and the results of these efforts and 2 examines the extent to which these efforts were fragmented overlapping or duplicative and the extent to which agencies had coordinated the efforts GAO reviewed relevant laws and guidance identified a list of federal grid resiliency efforts sent a questionnaire to officials at DOE DHS and FERC to collect information on each effort and its results analyzed questionnaire responses and agency documents to assess whether federal efforts were fragmented overlapping or duplicative and how agencies coordinated those efforts and interviewed agency officials and industry group representatives This report contains no recommendations DOE DHS and FERC provided technical comments which GAO incorporated as appropriate View GAO-17-153 For more information contact Frank Rusco 202 512-3841 ruscof@gao gov Types of Activities Supported by 27 Federal Grid Resiliency Efforts Activity type Num ber of federal efforts Emergency preparedness and response 19 Research and development 15 Modeling analytics and risk assessment 12 Standard setting 12 Information sharing 10 Institutional support and technical assistance 10 Regulatory guidance 1 Source GAO analysis of DOE DHS and FERC questionnaire responses GAO-17-153 Note Because agency efforts often supported more than one type of activity the number of efforts across the types of activities exceeds 27 the number of federal efforts GAO identified in this review Federal grid resiliency efforts were fragmented across DOE DHS and FERC and overlapped to some degree but were not duplicative GAO found that the 27 efforts were fragmented in that they were implemented by three agencies and addressed the same broad area of national need enhancing the resilience of the electricity grid However DOE DHS and FERC generally tailored their efforts to contribute to their specific missions For example DOE’s 11 efforts related to its strategic goal to support a more secure and resilient U S energy infrastructure GAO also found that the federal efforts overlapped to some degree but were not duplicative because none had the same goals or engaged in the same activities For example three DOE and DHS efforts addressed resiliency issues related to large high-power transformers but the goals were distinct—one effort focused on developing a rapidly deployable transformer to use in the event of multiple large high-power transformer failures another focused on developing nextgeneration transformer components with more resilient features and a third focused on developing a plan for a national transformer reserve Moreover officials from all three agencies reported taking actions to coordinate federal grid resiliency efforts such as serving on formal coordinating bodies that bring together federal state and industry stakeholders to discuss resiliency issues on a regular basis and contributing to the development of federal plans that address grid resiliency gaps and priorities GAO found that these actions were consistent with key practices for enhancing and sustaining federal agency coordination United States Government Accountability Office Contents Letter Appendix I Appendix II Appendix III 1 Background Three Federal Agencies Implemented 27 Grid Resiliency Efforts since 2013 and Reported a Variety of Results Federal Efforts Were Fragmented with Some Overlap but Were Not Duplicative and Agencies Have Taken Actions to Coordinate Their Efforts Agency Comments 7 15 23 GAO’s Questionnaire for Federal Agencies with Efforts Aimed at Enhancing the Resilience of the Electricity Grid 24 Characteristics of Efforts to Enhance the Resilience of the Electricity Grid at Three Federal Agencies 41 GAO Contact and Staff Acknowledgments 48 9 Tables Table 1 Selected Federal Roles and Responsibilities Related to Enhancing Electricity Grid Resilience Table 2 Types of Activities Supported by Federal Grid Resiliency Efforts Table 3 Types of Threats or Hazards Addressed by Federal Grid Resiliency Efforts Table 4 Federal Priorities for Enhancing the Security and Resilience of the Electricity Grid Addressed by Federal Grid Resiliency Efforts Table 5 Selected Examples of Results from Federal Grid Resiliency Efforts Table 6 Department of Energy DOE Reported Grid Resiliency Efforts Table 7 Department of Homeland Security DHS Reported Grid Resiliency Efforts Table 8 Federal Energy Regulatory Commission FERC Reported Grid Resiliency Efforts Page i 8 11 13 14 15 41 44 45 GAO-17-153 Electricity Figure Figure 1 Overlap in Type of Activities Supported by Federal Grid Resiliency Efforts 18 Abbreviations CEDS CRISP DOD DOE DHS ES-C2M2 FERC GRIDS ISER NERC RecX TRAC Cybersecurity for Energy Delivery Systems Cybersecurity Risk Information Sharing Program Department of Defense Department of Energy Department of Homeland Security Electricity Subsector Cybersecurity Capability Maturity Model Federal Energy Regulatory Commission Grid-Scale Rampable Intermittent Dispatchable Storage Infrastructure Security and Restoration Program North American Electric Reliability Corporation Recovery Transformer Transformer Resilience and Advanced Components This is a work of the U S government and is not subject to copyright protection in the United States The published product may be reproduced and distributed in its entirety without further permission from GAO However because this work may contain copyrighted images or other material permission from the copyright holder may be necessary if you wish to reproduce this material separately Page ii GAO-17-153 Electricity Letter 441 G St N W Washington DC 20548 January 25 2017 The Honorable Don Beyer Ranking Member Subcommittee on Oversight Committee on Science Space and Technology House of Representatives Dear Mr Beyer The electricity grid delivers the electricity essential to modern life As a result the reliability of the grid—its ability to meet consumers’ electricity demand at all times—has been a long-standing area of national interest According to the 2015 Quadrennial Energy Review natural and humanmade threats to the grid are increasing and are expected to continue to grow in frequency and magnitude 1 In light of these increasing threats and with recognition that it is not possible to prevent all disruptions to the electricity grid government and industry have focused on enhancing the grid’s resilience This focus on resilience complements the long-standing focus on reliability Resilience represents the grid’s ability to adapt to changing conditions and withstand potentially disruptive events—such as the loss of power plants or power lines—and if disrupted to rapidly recover 2 In particular government and industry recently have emphasized efforts to improve the grid’s resilience to high-consequence low-probability events including severe natural disasters such as Hurricane Sandy major geomagnetic disturbances significant cyberattacks on computer systems that control parts of the system and coordinated terrorist attacks on specific facilities 1 The White House Quadrennial Energy Review Energy Transmission Storage and Distrib ution Infrastructure Washington D C April 2015 This interagency review focused on the challenges facing the nation’s energy infrastructures including the electricity grid and made recommendations for federal energy policy 2 For the purposes of this report we use the definition of resilience in Presidential Policy Directive 21 which establishes national policy for critical infrastructure security and resilience Specifically Presidential Policy Directive 21 defines resilience as the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions including deliberate attacks accidents and naturally occurring threats or incidents The White House Presidential Policy Directive PPD-21 Critical Infrastructure Security and Resilience Washington D C Feb 12 2013 Page 1 GAO-17-153 Electricity The private sector and the government share responsibility for the resilience of the electricity grid Most of the electricity grid—the commercial electric power transmission and distribution system comprising power lines and other infrastructure—is owned and operated by private industry However federal state local tribal and territorial governments also have significant roles in enhancing the resilience of the electricity grid In 2013 the President directed federal agencies to work with owners and operators of critical infrastructure and state local tribal and territorial governments to take proactive steps to manage risk and strengthen the security and resilience of critical infrastructure from all hazards including natural disasters cyberattacks and acts of terrorism 3 The Department of Energy DOE was designated as the lead agency for federal resiliency efforts in the energy sector which includes the electricity grid In this role DOE is responsible for coordinating with the Department of Homeland Security DHS itself responsible for coordinating the overall federal effort to promote the security and resilience of the nation’s critical infrastructure DOE is also responsible for coordinating with other relevant federal agencies and for collaborating with critical infrastructure owners and operators to prioritize and coordinate federal resiliency efforts In addition the Federal Energy Regulatory Commission FERC which regulates the interstate transmission of electricity is responsible for reviewing and approving standards developed by the North American Electric Reliability Corporation NERC to provide for the reliable operation of the bulk power system 4 These standards include requirements for planning and operating the bulk power system to provide for its reliable operation 5 For example one reliability standard requires that system planners plan and develop their systems to meet the demand for electricity even if equipment on the bulk power system such as a single generating unit or transformer is damaged or otherwise unable to operate According to 3 Presidential Policy Directive PPD-21 4 The North American Electric Reliability Corporation NERC the federally designated U S electric reliability organization is overseen by FERC NERC is responsible for conducting reliability assessments and developing and enforcing mandatory standards to provide for the reliable operation of the bulk power system The bulk power system includes the facilities and control systems necessary for operating the interconnected electricity transmission network and the electric energy from certain generation facilities needed for reliability 5 Federal efforts to enhance resilience are similar to efforts focused on ensuring that electricity supplies are reliable i e that consumers have access to sufficient quantities of electricity Page 2 GAO-17-153 Electricity FERC officials these reliability standards can lead to actions that enhance the resilience of the electricity grid by improving the grids’ ability to withstand potentially disruptive events and if disrupted to rapidly recover The fact that multiple agencies have roles in enhancing the resilience of the electricity grid raises questions about the potential for fragmentation overlap or duplication in federal efforts As we have previously reported federal programs can be inefficient or ineffective if they are fragmented overlapping or duplicative 6 We have routinely reviewed federal programs to identify any that may pose these problems each year since 2011 we have reported on programs that do pose these problems 7 Fragmentation occurs when more than one federal agency—or more than one organization within an agency—is involved in the same broad area of national need Overlap occurs when multiple agencies or programs have similar goals engage in similar activities or strategies to achieve these goals or target similar beneficiaries Duplication occurs when two or more agencies or programs have the same goals are engaged in the same activities or provide the same services to the same beneficiaries We have previously reported that coordination across programs may help address fragmentation overlap and duplication 8 We also have reported that in some cases it may be appropriate or beneficial for multiple agencies or entities to be involved in the same programmatic or policy area because of the complex nature or magnitude of the federal effort 9 6 GAO Fragmentation Overlap and Duplication An Evaluation and Management Guide GAO-15-49SP Washington D C Apr 14 2015 7 See GAO Opportunities to Reduce Potential Duplication in Government Programs Save Tax Dollars and Enhance Revenue GAO-11-318SP Washington D C Mar 1 2011 2012 Annual Report Opportunities to Reduce Duplication Overlap and Fragmentation Achieve Savings and Enhance Revenue GAO-12-342SP Washington D C Feb 28 2012 2013 Annual Report Actions Needed to Reduce Fragmentation Overlap and Duplication and Achieve Other Financial Benefits GAO-13-279SP Washington D C Apr 9 2013 2014 Annual Report Additional Opportunities to Reduce Fragmentation Overlap and Duplication and Achieve Other Financial Benefits GAO-14-343SP Washington D C Apr 8 2014 2015 Annual Report Additional Opportunities to Reduce Fragmentation Overlap and Duplication and Achieve Other Financial Benefits GAO-15-404SP Washington D C Apr 14 2015 and 2016 Annual Report Additional Opportunities to Reduce Fragmentation Overlap and Duplication and Achieve Other Financial Benefits GAO-16-375SP Washington D C Apr 13 2016 8 GAO-11-318SP 9 GAO-15-49SP Page 3 GAO-17-153 Electricity In this context you asked us to review federal efforts to enhance the resilience of the electricity grid Our objectives were to identify 1 grid resiliency efforts implemented by federal agencies since 2013 and their known results and 2 the extent to which these federal grid resiliency efforts were fragmented overlapping or duplicative if at all and the extent to which agencies have coordinated these efforts To conduct this work we reviewed relevant laws orders and guidance and interviewed agency officials and industry group representatives 10 To identify grid resiliency efforts implemented by federal agencies since 2013 and their known results we first reviewed agency documents and interviewed DOE DHS and FERC officials to develop an initial list of potentially relevant federal efforts to enhance grid resilience 11 Next we provided each of the three agencies with a list of its potentially relevant grid resiliency efforts along with our definitions and criteria and asked the agencies to confirm that the listed efforts were relevant to add any relevant grid resiliency efforts that were not on the list and to identify any other federal agencies that might have implemented relevant grid resiliency efforts from fiscal year 2013 through fiscal year 2016 12 If officials wanted to remove an effort from our list we requested additional information to support the removal Using this process we determined 10 Specifically we interviewed representatives from the American Public Power Association the Edison Electric Institute and the National Rural Electric Cooperative Association We selected these three industry groups because together they represent the owners of most of the electricity grid 11 For the purposes of this report we defined federal efforts to enhance grid resilience as programs or groups of activities that aimed to enhance the resilience of the electricity grid through a specific emphasis or focus even if enhancing the resilience of the electricity grid was only one aim of a broader effort We did not consider individual projects within a broader effort—such as specific grant awards agreements or contracts—to be efforts in themselves We excluded federal efforts that could indirectly enhance grid resilience but did not have that outcome as a specific emphasis or focus as well as efforts aimed solely at enhancing the resilience of an agency’s own electricity infrastructure assets 12 We considered an effort to have been implemented from fiscal year 2013 through fiscal year 2016 if it was planned funded executed or authorized at some point during that time frame even if the effort had ended or was completed by the end of fiscal year 2016 Page 4 GAO-17-153 Electricity that there were 27 federal grid resiliency efforts across the three agencies that met our criteria 13 After identifying these 27 efforts we developed a questionnaire to collect additional information from officials at the three agencies about each effort This questionnaire included questions to collect information on an effort’s key characteristics funding actions to coordinate internally and with other federal agencies states and industry and results We conducted pretests with officials involved in three different efforts at three different agencies to check that 1 the questions were clear and unambiguous 2 terminology was used correctly 3 the questionnaire did not place an undue burden on agency officials 4 the information could feasibly be obtained and 5 the questionnaire was comprehensive and unbiased An independent GAO reviewer also reviewed a draft of the questionnaire prior to its administration Based on feedback from these pretests and independent review we revised the questionnaire to improve its clarity We administered the questionnaire and received responses for each effort resulting in a response rate of 100 percent 14 After we reviewed the responses we conducted follow-up e-mail exchanges or telephone discussions with agency officials as needed Because this was 13 DHS officials identified the Department of Defense DOD as another federal agency with potentially relevant grid resiliency efforts In response we provided our definitions and criteria to DOD and asked the agency to identify any relevant grid resiliency efforts it had implemented from fiscal year 2013 through fiscal year 2016 and to identify any other federal agencies that might have implemented relevant grid resiliency efforts After interviewing DOD officials and reviewing their written response to our list we determined that none of the department’s efforts fell within the scope of our work because those efforts were aimed solely at enhancing the resilience of DOD’s own electricity infrastructure assets rather than enhancing the resilience of the commercial electricity grid For information on DOD efforts related to the resilience of its own electricity infrastructure assets see GAO Defense Infrastructure Improvements in DOD Reporting and Cyb ersecurity Implementation Needed to Enhance Utility Resilience Planning GAO-15-749 Washington D C July 23 2015 Defense Infrastructure Improvement Needed in Energy Reporting and Security Funding at Installations with Limited Connectivity GAO-16-164 Washington D C Jan 27 2016 and DOD Renewab le Energy Projects Improved Guidance Needed for Analyzing and Documenting Costs and Benefits GAO-16-487 Washington D C Sept 8 2016 14 We sent questionnaires to the appropriate agency liaisons in an attached Microsoft Word form and the agency liaisons sent the questionnaires to the appropriate officials Page 5 GAO-17-153 Electricity not a sample questionnaire it has no sampling errors 15 To determine funding levels for the 27 efforts we asked the agencies about their obligations for each effort 16 To assess the reliability of obligations data we included questions about the data systems used to generate those data Based on the responses we received we determined that the data used in this report were of sufficient quality for the purposes of our reporting objectives To identify the extent of any fragmentation overlap and duplication among federal grid resiliency efforts as well as the extent to which agencies have coordinated those efforts we analyzed the information we collected from our questionnaire to determine the extent of fragmentation overlap and duplication in the goals and activities of federal grid resiliency efforts We then interviewed agency officials responsible for federal grid resiliency efforts for follow-up information as needed In addition we used agency documents questionnaire responses and interviews to identify coordination activities within and among the three agencies and with states and industry For a copy of our questionnaire see appendix I We conducted this performance audit from January 2016 to January 2017 in accordance with generally accepted government auditing standards Those standards require that we plan and perform the audit to obtain sufficient appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives 15 The practical difficulties of conducting any questionnaire may introduce errors commonly referred to as nonsampling errors For example difficulties in interpreting a particular question the sources of information available to respondents or entering data into a database or analyzing them can introduce unwanted variability into the results However we took steps to minimize such nonsampling errors while developing the questionnaire—including using a social science survey specialist for designing and pretesting the questionnaire We also minimized the nonsampling errors when collecting and analyzing the data including using a computer program for analysis and verifying the accuracy of keypunched records by comparing them with their corresponding questionnaires 16 For the purposes of this report we refer to federal obligations as federal funding An obligation is a definite commitment that creates a legal liability of the government for the payment of goods and services ordered or received or a legal duty on the part of the United States that could mature into a legal liability Payment may be made immediately or in the future An agency incurs an obligation for example when it places an order signs a contract awards a grant purchases a service or takes other actions that require the government to make payments to the public or from one government account to another Page 6 GAO-17-153 Electricity Background Recent national policies and federal preparedness efforts have highlighted the importance of enhancing the resilience of the nation’s critical infrastructure including the electricity grid Presidential Policy Directive 21 issued in February 2013 established national policy on critical infrastructure security and resilience The directive expanded the nation’s focus from protecting critical infrastructure against terrorism to protecting critical infrastructure and increasing its resilience against all hazards including natural disasters terrorism and cyber incidents 17 In addition the directive recognizes that proactive and coordinated efforts are necessary to strengthen and maintain critical infrastructure that is secure and resilient It also identifies 16 critical infrastructure sectors including the energy sector—which encompasses the electricity grid—and designates lead federal agencies to coordinate and prioritize security and resiliency activities in each sector DOE was designated as the lead federal agency for the energy sector Reflecting the shift in focus in Presidential Policy Directive 21 the December 2013 update to the National Infrastructure Protection Plan elevated security and resilience to be the primary aim of federal critical infrastructure planning efforts 18 The update established a set of broad national goals for critical infrastructure security and resilience and directed that each of the 16 critical infrastructure sectors update its sector-specific plan—a planning document that complements and tailors the application of the National Infrastructure Protection Plan to the specific characteristics and risks of each critical infrastructure sector In response DOE in 2015 led the development of an updated Energy Sector-Specific Plan to help guide and integrate efforts to improve the security and resilience of the energy sector’s critical infrastructure including the electricity grid 19 The plan identified three federal priorities for enhancing the security and resilience of the grid 1 developing and deploying tools and technologies to enhance awareness of potential disruptions 2 planning and exercising coordinated responses to disruptive events and 3 ensuring actionable intelligence on threats is communicated between government and 17 Presidential Policy Directive PPD-21 18 Department of Homeland Security National Infrastructure Protection Plan Partnering for Critical Infrastructure Security and Resilience Washington D C December 2013 The National Infrastructure Protection Plan is a comprehensive national plan for securing the key resources and critical infrastructure of the United States DHS leads the plan’s development in collaboration with relevant stakeholders including other federal agencies states and industry 19 Department of Energy and Department of Homeland Security Energy Sector-Specific Plan 2015 Washington D C 2015 Page 7 GAO-17-153 Electricity industry in a time-sensitive manner In addition in 2016 the United States developed an action plan and issued a joint strategy with Canada for strengthening the security and resilience of the North American electricity grid 20 As table 1 shows federal roles and responsibilities related to enhancing the resilience of the electricity grid are defined in policy and law including Presidential Policy Directive 21 and certain provisions of the Fixing America’s Surface Transportation Act of 2015 21 Table 1 Selected Federal Roles and Responsibilities Related to Enhancing Electricity Grid Resilience Source Federal roles and responsibilities Presidential Policy Directive 21 Critical Infrastructure Security and Resilience The Department of Homeland Security DHS is responsible for providing strategic guidance promoting a national unity of effort and coordinating the overall federal effort to promote the security and resilience of the nation’s critical infrastructure As the lead federal agency for the energy sector the Department of Energy DOE is responsible for among other things • coordinating with DHS and other relevant federal agencies and collaborating with critical energy infrastructure owners and operators independent regulatory agencies and state local tribal and territorial entities • serving as a day-to-day federal interface for the prioritization and coordination of energy-sector security and resiliency activities carrying out incident management responsibilities consistent with statutory authority and other appropriate policies directives or regulations and providing supporting or facilitating technical assistance and consultations for the energy sector to identify vulnerabilities and help mitigate incidents as appropriate • • Fixing America’s Surface Transportation Act of 2015 The Secretary of Energy is authorized to issue emergency orders to protect or restore the reliability of critical electric infrastructure to entities including critical electric infrastructure owners and operators if the President provides a written directive or determination identifying a grid security emergency DOE is the lead federal agency for cybersecurity for the energy sector DOE is required to submit a plan to Congress on establishing a strategic transformer reserve to store in strategically located facilities spare large power transformers and emergency mobile substations in sufficient numbers to temporarily replace critically damaged large power transformers and substations Source GAO analysis of Presidential Policy Directive 21 and selected provisions of the Fixing America’s Surface Transportation Act GAO-17-153 20 Executive Office of the President National Electric Grid Security and Resilience Action Plan Washington D C December 2016 and the Executive Office of the President and the Government of Canada Joint United States-Canada Electric Grid Security and Resilience Strategy Washington D C December 2016 21 Fixing America’s Surface Transportation Act Pub L No 114-94 §§ 61002- 61004 129 Stat 1312 1772-82 2015 codified at 16 U S C §§ 824 824a and 824o-1 2016 Page 8 GAO-17-153 Electricity States and industry also play key roles in enhancing the resilience of the electricity grid States through their public utility commissions regulate retail electricity service and facility planning and siting States also enact policies that can affect the resilience of the portion of the electricity grid that is within their borders Industry owns and operates most of the electricity grid so the actions that owners and operators take to protect and maintain their assets can contribute to grid resilience 22 In addition owners and operators of the electricity grid are responsible for complying with mandatory reliability standards that can contribute to grid resilience Three Federal Agencies Implemented 27 Grid Resiliency Efforts since 2013 and Reported a Variety of Results DOE DHS and FERC reported implementing 27 grid resiliency efforts since 2013 that supported a range of activities and that addressed multiple hazards and federal priorities for enhancing the resilience of the electricity grid Agency officials reported a variety of results stemming from these efforts DOE DHS and FERC Efforts Addressed a Range of Activities Hazards and Federal Priorities In response to our questionnaire DOE DHS and FERC officials reported implementing 27 efforts since 2013 that aimed at enhancing the resilience of the electricity grid Of these 27 efforts 12 were FERC regulatory efforts tied to the agency’s role in reviewing and approving mandatory reliability standards for the bulk power system FERC officials also reported that the agency oversaw another effort in which it acted on a petition by a private company to provide regulatory findings related to the company’s plan to establish a subscription service for spare critical transmission equipment including transformers The remaining 14 efforts—11 implemented by 22 Publicly owned utilities and electric cooperatives also own and operate portions of the electricity grid Similar to industry the actions that publicly owned utilities and electric cooperatives take to protect and maintain their assets can contribute to grid resilience Page 9 GAO-17-153 Electricity DOE and 3 by DHS—were programmatic in nature 23 Federal funding for the DOE and DHS grid resiliency activities from fiscal year 2013 through fiscal year 2015 totaled approximately $240 million 24 The 27 efforts that DOE DHS and FERC officials reported implementing supported a range of activities addressed a variety of potential threats and hazards and addressed federal priorities for enhancing the resilience of the electricity grid see app II for more information on each effort Types of Activities As table 2 shows the reported federal grid resiliency efforts supported a range of activities with the most prevalent being • emergency preparedness and response activities e g providing coordination planning training and exercise programs to prepare for potential disaster operations providing situational awareness during an event coordinating response efforts and helping facilitate system restoration • research and development activities e g pursuing tools technologies and demonstrations aimed at bringing new and innovative technologies to maturity and helping them transition to industry • modeling analytics and risk assessment activities e g modeling simulation and analysis of electricity grid risks and vulnerabilities and • standard-setting activities e g the development or approval of standards for industry For example DOE reported that its Strategic Transformer Reserve effort supported emergency preparedness and response activities through planning for the potential loss of large high-power transformers by evaluating the feasibility of establishing a reserve of those transformers 23 For example DOE’s Transformer Resilience and Advanced Components Program aims to ensure the resilience of aging assets identify new requirements for future grid components and accelerate the development demonstration and deployment of nextgeneration components to enhance the resilience of the electricity grid Also DHS’s Solar Storm Mitigation effort aims to provide owners and operators of the electricity grid with advanced and actionable information about anticipated geomagnetically induced current levels in the event of a solar storm 24 FERC officials told us that the agency could not provide information on the federal funding for its grid resiliency efforts related to reviewing and approving reliability standards because FERC could not break down by individual standard the costs associated with reviewing and approving reliability standards Page 10 GAO-17-153 Electricity for use during an emergency Similarly FERC reported that its efforts supported emergency preparedness and response activities as well as activities to set standards by approving a reliability standard that requires owners and operators of the electricity grid to develop and implement procedures to mitigate the potential effects of geomagnetic disturbances on the bulk power system 25 In addition DHS reported that its Recovery Transformer Program supported research and development activities by designing and demonstrating a type of rapidly deployable large highpower transformer for use in the event of the unexpected loss of multiple large high-power transformers Table 2 Types of Activities Supported by Federal Grid Resiliency Efforts Type of Activity Federal grid Agency resiliency effort Modeling Emergency Research analytics and risk preparedness and Standard Information sharing and response development assessment setting Institutional support and technical Regulatory assistance Guidance DOE Cybersecurity for Energy Delivery Systems Program Yes Yes Yes No Yes Yes No DOE Cybersecurity Risk Information Sharing Program No Yes No No Yes Yes No DOE Electric Distribution No Grid Resilience Research and Development Program Yes Yes No No No No DOE Electricity Subsector Cybersecurity Capability Maturity Model Yes No Yes No Yes Yes No DOE Energy Storage Program Yes Yes Yes No Yes Yes No DOE Grid-Scale Rampable Intermittent Dispatchable Storage Program No Yes No No No No No 25 Geomagnetic disturbances occur when the sun ejects charged particles that interact with and cause changes in the earth’s magnetic fields These charged particles can cause currents to enter the electricity grid through long conductors such as transmission lines These currents can disrupt the normal operation of the grid and in some cases damage equipment such as transformers Page 11 GAO-17-153 Electricity Type of Activity Federal grid Agency resiliency effort Modeling Emergency Research analytics and risk preparedness and Standard Information sharing and response development assessment setting Institutional support and technical Regulatory assistance Guidance DOE Infrastructure Security and Energy Restoration Program Yes Yes Yes No Yes Yes No DOE Microgrid Research and Development Program a Yes Yes Yes No No Yes No DOE State and Regional Energy Risk Assessment Initiative Yes Yes Yes No Yes Yes No DOE Strategic Transformer Yes Reserve Yes Yes No Yes Yes No DOE Transformer No Resilience and Advanced Components Program Yes Yes No No No No DHS Recovery Transformer No Program Yes No No No No No DHS Resilient Electric Grid Program No Yes No No No No No DHS Solar Storm Mitigation No Yes Yes No No No No FERC Reliability Standards 12 Individual Standards b Yes 12 Yes 2 Yes 2 Yes 12 Yes 3 Yes 2 No FERC Grid Assurance LLC Spare Transmission Equipment Service Petition No No No No No No Yes Totalc 19 15 12 12 10 10 1 Source GAO analysis of questionnaire responses from the Department of Energy DOE the Department of Homeland Security DHS and the Federal Energy Regulatory Commission FERC GAO-17-153 a According to a DOE document a microgrid is a local energy grid w ith control capability w hich means it can disconnect from the grid and operate autonomously A microgrid generally operates w hile connected to the grid but it can break off and operate on its ow n using local energy generation in times of crisis such as storms or pow er outages or for other reasons b The 12 individual reliability standards are consolidated c Because agency efforts often supported more than one type of activity the total number of efforts across the types of activities exceeds 27 the number of federal efforts we identified in our review Types of Threats and Hazards As table 3 shows the agencies reported that their federal grid resiliency efforts addressed a range of threats and hazards including cyberattacks i e computer-related attacks physical attacks e g attacks on physical infrastructure such as targeted shooting of transformers or intentional Page 12 GAO-17-153 Electricity downing of power lines natural disasters e g extreme weather events and geomagnetic disturbances and operational accidents e g unintentional equipment failures or operator error For example DOE and FERC reported implementing several grid resiliency efforts to address the threat of cyberattacks DOE’s Electricity Subsector Cybersecurity Capability Maturity Model effort was a public-private partnership that developed a tool kit modeled on a common set of industry-vetted cybersecurity practices the effort made this tool kit available to the electricity industry to help owners and operators evaluate prioritize and improve their cybersecurity capabilities Similarly of the 12 reliability standards FERC approved several require owners and operators of the electricity grid to take actions to mitigate the threat posed by cyberattacks on the bulk power system Table 3 Types of Threats or Hazards Addressed by Federal Grid Resiliency Efforts Threat or hazard Number of federal efforts addressing Cyberattack 15 Physical attack 12 Natural disaster 12 Operational accident 5 Source GAO analysis of questionnaire responses from the Department of Energy DOE the Department of Homeland Security DHS and the Federal Energy Regulatory Commission FERC GAO-17-153 Note Because agency efforts often addressed more than one type of threat or hazard the total number of efforts across the types of threats or hazards addressed exceeds 27 the number of federal efforts we identified in our review Federal Priorities for Enhancing Grid Resilience As table 4 shows the reported federal grid resiliency efforts collectively addressed each of the three federal priorities for enhancing the security and resilience of the electricity grid that were identified in the 2015 Energy Sector-Specific Plan 26 For example DHS’s Solar Storm Mitigation effort addressed the federal priority of developing and deploying tools and technologies to enhance awareness of potential disruptions the effort addressed this priority by providing owners and operators of the electricity grid with advanced and actionable information about anticipated impacts of a solar storm Similarly DOE’s Cybersecurity Risk Information Sharing Program addressed the federal priority to ensure actionable intelligence on threats is communicated between government and industry in a timesensitive manner the effort addressed this priority by facilitating the timely sharing of unclassified and classified cybersecurity threat 26 Energy Sector-Specific Plan 2015 Page 13 GAO-17-153 Electricity information and developing situational awareness tools to better identify prioritize and coordinate the protection of critical electricity infrastructure Table 4 Federal Priorities for Enhancing the Security and Resilience of the Electricity Grid Addressed by Federal Grid Resiliency Efforts Federal priority Number of federal efforts addressing Tools and technology Developing and deploying tools and technologies to enhance awareness of potential disruptions 24 Incident response Planning and exercising coordinated responses to disruptive events 18 Information flow Ensuring actionable intelligence on threats is communicated between government and industry in a time-sensitive manner 10 Source GAO analysis of questionnaire responses from the Department of Energy DOE the Department of Homeland Security DHS and the Federal Energy Regulatory Commission FERC GAO-17-153 Note Because agency efforts often addressed more than one federal priority for enhancing the resilience of the electricity grid the total number of efforts across the federal priorities exceeds 27 the number of federal efforts w e identified in our review Agencies Reported a Variety of Results from Their Efforts In their questionnaire responses agency officials reported a variety of results from both ongoing and completed federal grid resiliency efforts As shown in the selected examples in table 5 these results included the development and in some cases the deployment of new technologies and analytical tools the planning and exercising of coordinated responses to disruptive events and improved coordination and information sharing between the federal government and industry related to potential cyberattacks and other threats or hazards to the electricity grid Page 14 GAO-17-153 Electricity Table 5 Selected Examples of Results from Federal Grid Resiliency Efforts Type of Results Development and deployment of new technologies and analytical tools Planning and exercising coordinated responses to disruptive events Examples • The Department of Homeland Security’s DHS Resilient Electric Grid Program developed a new superconductor cable that can connect several urban substations and in so doing mitigate or prevent disruptions by enabling multiple paths for electricity to flow if a single substation loses power • DHS’s Recovery Transformer Program developed a rapidly deployable large highpower transformer and demonstrated that it was capable of being transported installed and energized in less than 1 week if a large high-power transformer on the grid is unexpectedly damaged • • Improved coordination and information sharing between the federal government and industry • • The Department of Energy’s DOE Infrastructure Security and Energy Restoration program developed lessons learned from an annual exercise program that tests government and industry’s ability to restore energy services in the aftermath of catastrophic incidents Those lessons were summarized and reported to energy sector stakeholders to improve their policies plans and procedures for energy emergencies The Federal Energy Regulatory Commission FERC approved two reliability standards Reliability Standards EOP-010-1 and TPL-007-1 that required industry to develop and implement plans and procedures to mitigate the effects of geomagnetic disturbances on the bulk power system Geomagnetic disturbances occur when the sun ejects charged particles that interact with and cause changes in the earth’s magnetic fields These charged particles can cause currents to enter the electricity grid through long conductors such as transmission lines and in so doing disrupt the normal operation of the grid and in some cases damage equipment DOE’s Electricity Subsector Cybersecurity Capability Maturity Model effort developed a tool kit modeled on a common set of industry-vetted cybersecurity practices and made it available to industry to help owners and operators of the electricity grid evaluate prioritize and improve their cybersecurity capabilities DOE’s Cybersecurity Risk Information Sharing Program facilitated the timely sharing of unclassified and classified information on cybersecurity threats with companies that cover about 60 percent of continental U S customers Source GAO analysis of questionnaire responses from the Department of Energy DOE the Department of Homeland Security DHS and the Federal Energy Regulatory Commission FERC GAO-17-153 Federal Efforts Were Fragmented with Some Overlap but Were Not Duplicative and Agencies Have Taken Actions to Coordinate Their Efforts We found that the 27 federal efforts to enhance the resilience of the electricity grid were fragmented across DOE DHS and FERC and overlapped to some degree but we did not find any instances of duplication among these efforts In their questionnaire responses agency officials reported engaging in a number of activities and mechanisms to coordinate their efforts and avoid duplication These activities and mechanisms include serving as members on formal coordinating bodies that bring together federal state and industry stakeholders in the energy sector to discuss resiliency issues on a regular basis contributing to the development of federal plans and reviews that address grid resiliency gaps and priorities and participating in direct coordination activities at the program level Page 15 GAO-17-153 Electricity Efforts Were Fragmented Across Agencies with Some Overlap but Were Not Duplicative According to our analysis of agency questionnaire responses federal grid resiliency efforts were fragmented and overlapped to some degree but none were duplicative In addition industry group representatives we interviewed did not identify any instances of duplication among federal grid resiliency efforts Fragmentation The 27 federal efforts to enhance the resilience of the electricity grid were fragmented in that they were implemented by three different agencies—DOE DHS and FERC—and addressed the same broad area of national need enhancing the resilience of the electricity grid We have previously reported that fragmentation has the potential to result in duplication of resources 27 For example fragmentation can lead to technical or administrative functions being managed separately by individual agencies when these functions could be shared among programs However we also have reported that fragmentation by itself is not an indication that unnecessary duplication of efforts or activities exists 28 There can be advantages to having multiple federal agencies involved in a broad area of national need for example agencies can tailor initiatives to suit their specific missions and needs among other things In the case of federal grid resiliency efforts we found that DOE DHS and FERC generally have tailored their efforts to contribute to their specific missions and needs For example DOE’s 11 efforts related to its strategic goal to support a more secure and resilient U S energy infrastructure DHS’s 3 efforts addressed its strategic priority to enhance critical infrastructure security and resilience by among other things promoting resilient critical infrastructure design and FERC’s 13 efforts related to the agency’s roles in reviewing and approving reliability standards and regulating the interstate transmission of electricity Moreover fragmentation of federal grid resiliency efforts within agencies is limited—10 of the 11 DOE efforts all 13 FERC efforts and all 3 DHS efforts were implemented by one organization within each respective agency Overlap We found that 23 of the 27 federal grid resiliency efforts overlapped to some degree with at least one other effort in that they addressed similar goals These overlaps included 27 GAO-11-318SP 28 GAO-11-318SP Page 16 GAO-17-153 Electricity • 12 efforts with similar goals related to enhancing the cybersecurity of the electricity grid • 4 with similar goals related to enhancing the resilience and availability of large high-power transformers 29 • 3 with similar goals related to enhancing the grid’s resilience to geomagnetic disturbances • 2 with similar goals related to enhancing energy storage technology and • 2 with similar goals related to enhancing the resilience of the grid’s distribution system As figure 1 illustrates we also found that all but one federal grid resiliency effort overlapped to some degree with at least one other effort by supporting similar types of activities to achieve their goals 29 According to a DOE document large high-power transformers carry more than 90 percent of the nation’s electricity and face a number of challenges that make them one of the most vulnerable components of the electricity grid According to the 2015 Quadrennial Energy Review the loss of multiple critical large high-power transformers could disrupt electricity service over a large area of the country Page 17 GAO-17-153 Electricity Figure 1 Overlap in Type of Activities Supported by Federal Grid Resiliency Efforts Note Because agency efforts often supported more than one type of activity the total number of efforts across the types of activities exceeds 27 the number of federal efforts we identified in our review Duplication We did not find any instances of duplication among the 27 federal grid resiliency efforts because none of the efforts had the same goals or engaged in the same activities For example although 4 efforts overlapped in that they had similar goals related to enhancing the resilience of large high-power transformers and improving their availability those efforts were not duplicative because their goals were not the same Specifically DHS’s Recovery Transformer Program begun in 2008 and completed in 2014 aimed to design and demonstrate a rapidly deployable large high-power transformer that could be used to enable rapid recovery of the grid in the event of multiple large high-power transformer failures In contrast DOE’s Transformer Resilience and Advanced Components Program launched in 2016 is focused on Page 18 GAO-17-153 Electricity ensuring the resilience of aging transformers and accelerating the development demonstration and deployment of next-generation transformer components Furthermore DOE’s Strategic Transformer Reserve effort is an analytical and planning activity with a goal of developing a plan for Congress related to establishing a strategic transformer reserve Similarly a fourth effort led by FERC was distinct from the other three efforts in that its goal was to act on a petition from a private company for regulatory findings related to the company’s plan to establish a subscription service for spare critical transmission equipment including transformers Agencies Reported Coordinating Efforts through Formal Coordinating Bodies Joint Planning and Other Activities In their questionnaire responses DOE DHS and FERC reported coordinating with each other on their federal grid resiliency efforts through a variety of activities and mechanisms In particular agency officials associated with all of the programmatic efforts that we identified as having overlapping characteristics in that they supported similar goals and types of activities reported coordinating with other federal agencies Furthermore many reported coordinating their efforts with states and most also reported coordinating their efforts with industry Coordination is important because as we have previously reported it can preserve scarce funds and enhance the overall effectiveness of federal efforts 30 We also have previously reported that coordination across programs may help address fragmentation overlap and duplication 31 We found that coordination activities and mechanisms among DOE DHS and FERC were consistent with key practices we have previously identified that can help enhance and sustain federal agency coordination such as 1 defining and articulating a common outcome 2 establishing joint strategies which helps align activities core processes and resources to accomplish a common outcome 3 leveraging resources which helps obtain additional benefits that would not be available if agencies or offices were working separately and 4 developing mechanisms to monitor evaluate and report on results We analyzed and grouped into seven categories the various coordination activities and mechanisms that 30 GAO Results-Oriented Government Practices That Can Help Enhance and Sustain Collab oration among Federal Agencies GAO-06-15 Washington D C Oct 21 2005 31 GAO-11-318SP and GAO Employment for People with Disab ilities Little Is Known ab out the Effectiveness of Fragmented and Overlapping Programs GAO-12-677 Washington D C June 29 2012 Page 19 GAO-17-153 Electricity agency officials reported in their questionnaire responses These categories and examples of specific activities are Participating in formal coordinating bodies Agency officials reported participating in several formally established coordinating bodies In particular DOE and DHS officials identified the Electricity Subsector Coordinating Council and the Energy Sector Government Coordinating Council as key mechanisms that help coordinate grid resiliency efforts across federal agencies and with states and industry stakeholders According to the Electricity Subsector Coordinating Council’s charter the council’s purpose includes coordinating activities and initiatives designed to improve the reliability and resilience of the electricity subsector including the electricity grid and serving as the principal liaison between the council’s membership and the Energy Sector Government Coordinating Council 32 The Energy Sector Government Coordinating Council is the government counterpart of the Electricity Subsector Coordinating Council and its purpose is to enable interagency and cross-jurisdictional coordination on planning implementing and executing resilience programs for the nation’s critical energy infrastructure 33 Agency officials told us that federal grid resiliency efforts and their results are discussed at meetings of these two councils as a way to share information coordinate efforts and avoid duplication We have previously found that federal programs that contribute to the same or similar results should collaborate to ensure that goals are consistent and as appropriate program efforts are mutually reinforcing 34 • 32 Among other things the Electricity Subsector Coordinating Council is meant to facilitate the identification and sharing of tools and technologies to improve electricity subsector security and resilience and to collaborate with the federal government on coordinated government-industry preparedness and response planning for events of national significance The council includes utility chief executive officers and trade association leaders representing all segments of the electric power industry The council’s charter calls for it to meet at least once each year 33 Among other things the Energy Sector Government Coordinating Council is meant to identify energy sector resiliency issues that need interagency and public-private coordination identify strategies to correct or eliminate gaps or overlaps in plans programs and policies facilitate the sharing of approaches and results of successful resiliency programs and leverage complementary resources within and between federal agencies and industry The council includes representatives from various levels of government federal state local territorial and tribal and is co-chaired by representatives from DOE and DHS The council’s charter calls for it to meet at least three times each year 34 GAO-06-15 Page 20 GAO-17-153 Electricity • Contributing to federal planning efforts Agency officials reported contributing to federal plans and reviews that addressed grid resiliency gaps and priorities For example DOE and DHS officials said they contributed to the development of the 2015 Quadrennial Energy Review which among other things assessed the vulnerabilities of the electricity grid and recommended ways to enhance its resilience 35 Agency officials also told us that they collaborated on the development of the 2015 Energy Sector-Specific Plan which identified three federal priorities for enhancing the security and resilience of the electricity grid 36 We have previously reported that it is important for collaborating agencies to establish strategies that work in concert with those of their partners or that are joint in nature because such strategies help align the agencies’ activities to accomplish a common outcome 37 • Maintaining a record of federal state and industry efforts DOE officials reported that the agency maintains a record of federal- state- and industry-critical energy sector infrastructure programs and initiatives this record includes federal grid resiliency efforts Officials told us that they update the record which was created in 2013 as new programs and initiatives are identified at meetings of the Electricity Subsector Coordinating Council and the Energy Sector Government Coordinating Council DOE officials said that they use the record as an internal tool for tracking energy-sector programs and initiatives and as a means to share information about those efforts with federal state and industry stakeholders as needed We have previously found that it is important for federal agencies engaged in collaborative efforts to create the means to monitor and evaluate their efforts 38 Furthermore we have concluded that developing and maintaining a record of federal efforts with similar goals can improve visibility over the full range of those efforts and reduce the potential for duplication 39 35 Quadrennial Energy Review 36 Energy Sector-Specific Plan 2015 37 GAO-06-15 38 GAO-06-15 39 GAO Warfighter Support Actions Needed to Improve Visib ility and Coordination of DOD’s Counter-Improvised Explosive Device Efforts GAO-10-95 Washington D C Oct 29 2009 Page 21 GAO-17-153 Electricity • Participating in formal joint efforts Some agency officials reported that their grid resiliency efforts were joint efforts with other federal agencies or industry partners For example DHS officials reported that both the Resilient Electric Grid Program and the Recovery Transformer Program were jointly funded by DHS and industry under formal agreements Similarly DOE officials reported that the Cybersecurity Risk Information Sharing Program was a formal joint effort of DOE the federal intelligence community and NERC We have previously found that by leveraging partner resources agencies can obtain additional benefits that would not be available if they worked separately 40 • Soliciting input from stakeholders Some agency officials reported formally soliciting input on their grid resiliency efforts from federal state and industry stakeholders For example FERC officials reported that they formally seek comments on proposed reliability standards and routinely receive comments from federal state and industry stakeholders FERC officials said that the agency considers these comments when determining whether to approve a reliability standard and as a result of these comments in some cases directs NERC to make changes in proposed standards Similarly DOE officials responsible for the Strategic Transformer Reserve effort reported seeking input from relevant federal agencies—including DHS the Department of Defense DOD and FERC—states industry and others as they developed their analysis • Sponsoring and participating in conferences webinars and workshops Agency officials reported sponsoring and participating in conferences webinars and workshops that included discussions about grid resiliency priorities and how to address those priorities among federal state and industry stakeholders For example officials who implement DOE’s Electric Distribution Grid Resilience Research and Development Program reported that they held a workshop with stakeholders to define in greater detail research and development needs related to the distribution grid’s resilience We have previously found that collaboration can help agencies define and articulate the common federal outcome 41 • Coordinating directly through agency staff Agency officials also reported that agency staff responsible for grid resiliency efforts 40 GAO-06-15 41 GAO-06-15 Page 22 GAO-17-153 Electricity pursued a number of informal activities to directly coordinate these efforts with related federal and industry efforts these activities included periodic meetings telephone calls and e-mails to coordinate and share information We have previously reported that frequent communication among collaborating agencies is a means to facilitate working across agency boundaries 42 Agency Comments We provided a draft copy of this report to DOD DOE DHS and FERC for review and comment DOE DHS and FERC provided technical comments which we incorporated as appropriate DOD indicated it had no comments on the report As agreed with your office unless you publicly announce the contents of this report earlier we plan no further distribution until 30 days from the report date At that time we will send copies to the appropriate congressional committees the Secretaries of Defense Energy and Homeland Security the Chairman of FERC and other interested parties In addition the report will be available at no charge on the GAO website at http www gao gov If you or your staff members have any questions about this report please contact me at 202 512-3841 or ruscof@gao gov Contact points for our Offices of Congressional Relations and Public Affairs are on the last page of this report GAO staff who made key contributions to this report are listed in appendix III Sincerely yours Frank Rusco Director Natural Resources and Environment 42 GAO-06-15 Page 23 GAO-17-153 Electricity Appendix I GAO’s Questionnaire for Federal Agencies with Efforts Aimed at Enhancing the Resilience of the Electricity Grid Appendix I GAO’s Questionnaire for Federal Agencies w ith Efforts Aimed at Enhancing the Resilience of the Electricity Grid Page 24 GAO-17-153 Electricity Appendix I GAO’s Questionnaire for Federal Agencies w ith Efforts Aimed at Enhancing the Resilience of the Electricity Grid Page 25 GAO-17-153 Electricity Appendix I GAO’s Questionnaire for Federal Agencies w ith Efforts Aimed at Enhancing the Resilience of the Electricity Grid Page 26 GAO-17-153 Electricity Appendix I GAO’s Questionnaire for Federal Agencies w ith Efforts Aimed at Enhancing the Resilience of the Electricity Grid Page 27 GAO-17-153 Electricity Appendix I GAO’s Questionnaire for Federal Agencies w ith Efforts Aimed at Enhancing the Resilience of the Electricity Grid Page 28 GAO-17-153 Electricity Appendix I GAO’s Questionnaire for Federal Agencies w ith Efforts Aimed at Enhancing the Resilience of the Electricity Grid Page 29 GAO-17-153 Electricity Appendix I GAO’s Questionnaire for Federal Agencies w ith Efforts Aimed at Enhancing the Resilience of the Electricity Grid Page 30 GAO-17-153 Electricity Appendix I GAO’s Questionnaire for Federal Agencies w ith Efforts Aimed at Enhancing the Resilience of the Electricity Grid Page 31 GAO-17-153 Electricity Appendix I GAO’s Questionnaire for Federal Agencies w ith Efforts Aimed at Enhancing the Resilience of the Electricity Grid Page 32 GAO-17-153 Electricity Appendix I GAO’s Questionnaire for Federal Agencies w ith Efforts Aimed at Enhancing the Resilience of the Electricity Grid Page 33 GAO-17-153 Electricity Appendix I GAO’s Questionnaire for Federal Agencies w ith Efforts Aimed at Enhancing the Resilience of the Electricity Grid Page 34 GAO-17-153 Electricity Appendix I GAO’s Questionnaire for Federal Agencies w ith Efforts Aimed at Enhancing the Resilience of the Electricity Grid Page 35 GAO-17-153 Electricity Appendix I GAO’s Questionnaire for Federal Agencies w ith Efforts Aimed at Enhancing the Resilience of the Electricity Grid Page 36 GAO-17-153 Electricity Appendix I GAO’s Questionnaire for Federal Agencies w ith Efforts Aimed at Enhancing the Resilience of the Electricity Grid Page 37 GAO-17-153 Electricity Appendix I GAO’s Questionnaire for Federal Agencies w ith Efforts Aimed at Enhancing the Resilience of the Electricity Grid Page 38 GAO-17-153 Electricity Appendix I GAO’s Questionnaire for Federal Agencies w ith Efforts Aimed at Enhancing the Resilience of the Electricity Grid Page 39 GAO-17-153 Electricity Appendix I GAO’s Questionnaire for Federal Agencies w ith Efforts Aimed at Enhancing the Resilience of the Electricity Grid Page 40 GAO-17-153 Electricity Appendix II Characteristics of Efforts to Enhance the Resilience of the Electricity Grid at Three Federal Agencies Appendix II Characteristics of Efforts to Enhance the Resilience of the Electricity Grid at Three Federal Agencies We identified 27 efforts across three agencies—the Department of Energy DOE the Department of Homeland Security DHS and the Federal Energy Regulatory Commission FERC —that aimed to enhance the resilience of the electricity grid Tables 6 7 and 8 provide descriptions of the efforts at each agency as agency officials reported in their responses to our questionnaire and as we identified in agency documents Table 6 Department of Energy DOE Reported Grid Resiliency Efforts Effort name and implementing office Description Results Total obligations for grid resiliency activities fiscal years 2013-2015 dollars Advanced Research Projects Agency—Energy Grid-Scale Rampable Intermittent Dispatchable Storage GRIDS Program According to DOE officials the GRIDS Program focuses on developing new gridscale energy storage technologies—such as batteries flow batteries and flywheels—to balance short-duration variability in renewable generation The GRIDS Program aims to develop new lowcost storage technologies that will allow the electricity grid to adapt to changing conditions created by renewable generation According to DOE officials the GRIDS Program has led to the development of several batteries that have been turned into products and deployed on the electricity grid The program also has led to the formation of new U S -based companies that produce and market advanced energy storage devices which are expected to better ensure that replacement equipment is available if needed 2 980 705 Office of Electricity Delivery and Energy Reliability Cybersecurity for Energy According to DOE officials the CEDS Delivery Systems CEDS Program helps the energy sector by Program developing cybersecurity solutions for energy delivery systems through integrated planning and a focused research and development effort According to DOE officials the CEDS Program has supported more than 30 research and development projects that have led to the deployment of tools and advanced technologies that enhance the security of the nation’s energy delivery systems 114 866 205 Cybersecurity Risk Information Sharing Program CRISP According to DOE officials energy sector participation in CRISP has increased which has led to greater information sharing and enhanced resilience of the electricity grid 38 742 000 According to DOE officials CRISP uses advanced technologies and innovative analytical capabilities to facilitate collaboration within the energy sector through robust two-way information sharing that provides energy sector partners with targeted actionable information to facilitate requirement setting detection prevention mitigation and rapid response to emerging cyber threats Page 41 GAO-17-153 Electricity Appendix II Characteristics of Efforts to Enhance the Resilience of the Electricity Grid at Three Federal Agencies Effort name and implementing office Description Results Total obligations for grid resiliency activities fiscal years 2013-2015 dollars Electric Distribution Grid According to DOE officials the Electric Resilience Research and Distribution Grid Resilience Research and Development Program Development Program aims to meet the research and development needs for a resilient electric distribution grid with the goal of contributing to a 10 percent reduction in the economic costs of power outages by 2025 According to DOE officials the program has demonstrated a grid design decision support tool that is intended to enhance the resilience of a distribution feeder against wind and flood hazards 4 150 000 Electricity Subsector Cybersecurity Capability Maturity Model ESC2M2 According to DOE officials the ES-C2M2 effort is a public-private partnership that is designed to facilitate improvements in the cybersecurity capabilities of the electricity subsector and to enhance understanding of the cybersecurity posture of the electricity grid The effort helps organizations evaluate prioritize and improve their own cybersecurity capabilities According to DOE officials DOE has provided ES-C2M2 tool kits to companies since 2012 Owners and operators of the electricity grid are using ES-C2M2 assessments to prioritize security actions and investments monitor their progress and quantify cyber risks for insurance purposes 3 602 346 Energy Storage Program According to DOE officials the Energy Storage Program has a number of projects that are relevant to grid resilience including analyses to enhance the stability and resilience of island grids improve dynamic instabilities in large area grids improve the security and resilience of military microgrids and improve the stability reliability and resilience of networks to accommodate increasing renewable portfolio standards According to DOE officials the Energy Storage Program has supported the deployment of energy storage technologies that provide enhanced grid stability and resilience 6 691 000 Infrastructure Security According to DOE officials ISER and Restoration Program implements DOE’s efforts to enhance ISER energy sector preparedness response and recovery ISER serves as a point of entry for energy sector security and resiliency stakeholders including other federal agencies state local tribal and territorial partners and the private sector Through the ISER programs stakeholders are able to develop a common understanding of threats and hazards enhance mitigation strategies build and validate response capabilities and improve access to recovery capabilities According to DOE officials ISER provides continuous monitoring of the nation’s energy infrastructure and analysis of historical and realtime situations affecting the infrastructure ISER conducts this monitoring through the development and use of capabilities such as a real-time monitoring system a collaboration tool developing analysis reports and publishing an annual energy incident report 18 924 408 Page 42 GAO-17-153 Electricity Appendix II Characteristics of Efforts to Enhance the Resilience of the Electricity Grid at Three Federal Agencies Effort name and implementing office Total obligations for grid resiliency activities fiscal years 2013-2015 dollars Description Results According to DOE officials the Microgrid Research and Development Program aims to develop commercial-scale microgrid systems capable of reducing outage time of required loads at a cost comparable to non-integrated baseline solutions while reducing emissions and improving system energy efficiencies by 2020 According to DOE officials simulated and or emulated testing of microgrid system designs with advanced controllers will be completed in fiscal year 2017 Field demonstrations of microgrid system designs with advanced controllers will begin in fiscal year 2017 In addition a design support tool for off-grid microgrids will be transferred for use by at least one microgrid designer for a remote community application in fiscal year 2017 26 853 350 State and Regional According to DOE officials the State and Energy Risk Assessment Regional Energy Risk Assessment Initiative Initiative aims to help states better understand risks to their energy infrastructure so they can make informed decisions about their investments resilience and hardening strategies and asset management The initiative is a collaborative effort with the National Association of State Energy Officials the National Association of Regulatory Utility Commissioners the National Conference of State Legislatures and the National Governors Association According to DOE officials DOE has collaborated with Argonne National Laboratory to create energy risk profiles for each state These profiles address the electricity petroleum and natural gas sectors and highlight the most common threats to energy infrastructure Fifty state energy risk assessments and 5 regional energy risk assessments have been produced and are currently in use by states and other partners as well as the general public 225 000 Strategic Transformer Reserve According to DOE officials DOE has convened meetings with stakeholders to solicit their input and has increased stakeholder understanding of the challenges related to large high-power transformers DOE officials told us in January 2017 that they expected to submit their report to Congress in the near future 750 000 Microgrid Research and Development Program According to DOE officials the Strategic Transformer Reserve effort aims to assess the adequacy of the current inventory of spare large high-power transformers and alternative approaches to increasing the availability of spare transformers and to develop a plan for Congress on establishing a strategic transformer reserve Page 43 GAO-17-153 Electricity Appendix II Characteristics of Efforts to Enhance the Resilience of the Electricity Grid at Three Federal Agencies Effort name and implementing office Transformer Resilience and Advanced Components TRAC Program Description Results According to DOE officials the TRAC Program aims to ensure the resilience of aging assets identify new requirements for future grid components and accelerate the development demonstration and deployment of next-generation components to enhance the resilience of the electricity grid According to DOE officials the TRAC Program started in January 2016 and has made technical progress Several projects have been awarded to national laboratories and a funding opportunity announcement was released in June 2016 These activities are aligned with the goals of the TRAC Program and will produce insights and technical advances that can be used to increase grid resilience Total Total obligations for grid resiliency activities fiscal years 2013-2015 dollars 0a 217 785 014 Source GAO analysis of DOE-reported data GAO-17-153 a The Transformer Resilience and Advanced Components Program did not start until fiscal year 2016 and therefore had no obligations from fiscal year 2013 through fiscal year 2015 Table 7 Department of Homeland Security DHS Reported Grid Resiliency Efforts Effort name and implementing office Description Results Total obligations for grid resiliency activities fiscal years 2013-2015 dollars Science and Technology Directorate Recovery Transformer RecX Program According to DHS officials the goal of the RecX Program was to design and demonstrate a rapidly deployable large high-power transformer that could be used to enable rapid recovery of the grid in the event of multiple transformer failures According to a DHS document the RecX transformer was successfully field tested in March 2012 The field test demonstrated RecX’s rapid deployment speed by reducing from the typical 8 to 12 weeks to less than 6 days the time needed to transport install and energize the transformer Resilient Electric Grid Program According to DHS officials the Resilient Electric Grid Program uses advanced technologies to increase the reliability flexibility and resilience of the nation’s grid For example officials are developing a new cable that will allow distribution networks to interconnect and share power while eliminating the risk of cascading fault currents According to DHS officials the effort has proven the technology and its capabilities in a laboratory setting and is currently working to install the solution within a host utility’s grid for an operational demonstration Page 44 0a 19 594 457 GAO-17-153 Electricity Appendix II Characteristics of Efforts to Enhance the Resilience of the Electricity Grid at Three Federal Agencies Effort name and implementing office Solar Storm Mitigation Total obligations for grid resiliency activities fiscal years 2013-2015 dollars Description Results According to DHS officials the Solar Storm Mitigation effort aims to provide owners and operators of the electricity grid with advanced and actionable information about anticipated geomagnetically induced current levels in the event of a solar storm According to DHS officials the effort has developed a forecasting capability that is currently undergoing verification and validation testing Lack of significant solar storms creates a lack of data against which to test the forecasting capability historical data is being used where applicable Total 2 217 089 21 811 546 Source GAO analysis of DHS-reported data GAO-17-153 a DHS reported that no funds were obligated for the Recovery Transformer program from fiscal year 2013 through fiscal year 2015 How ever the agency also reported that a total of $6 794 050 had been obligated for the program in fiscal years prior to fiscal year 2013 Table 8 Federal Energy Regulatory Commission FERC Reported Grid Resiliency Efforts Effort name Description Results Grid Assurance LLC Spare Transmission Equipment Service Petition According to FERC officials and documents the FERC acted on Grid Assurance’s petition effort’s goal was to act on a private company’s related to the company’s proposed spare petition for regulatory findings related to the critical transmission equipment service company’s plan to establish a subscription service for spare critical transmission equipment including transformers Reliability Standard CIP-003- According to FERC officials the purpose of the CIP6 Security Management 003-6 reliability standard is to specify consistent and Control sustainable security management controls that establish responsibility and accountability to protect bulk electric system cybersystems against compromise that could lead to the misoperation of or instability in the bulk electric system FERC has approved the proposed reliability standard so that it is mandatory and enforceable Reliability Standard CIP-004- According to FERC officials the purpose of the CIP6 Personnel and Training 004-6 reliability standard is to minimize the risk against compromise that could lead to the misoperation of or instability in the bulk electric system from individuals accessing bulk electric system cybersystems this standard aims to do so by requiring an appropriate level of personnel risk assessment training and security awareness in support of protecting bulk electric system cybersystems FERC has approved the proposed reliability standard so that it is mandatory and enforceable Page 45 GAO-17-153 Electricity Appendix II Characteristics of Efforts to Enhance the Resilience of the Electricity Grid at Three Federal Agencies Effort name Description Results Reliability Standard CIP-005- According to FERC officials the purpose of the CIP- FERC has approved the proposed reliability 5 Electronic Security 005-5 reliability standard is to manage electronic standard so that it is mandatory and Perimeters access to bulk electric system cybersystems by enforceable specifying a controlled electronic security perimeter in support of protecting these cybersystems against compromise that could lead to the misoperation of or instability in the bulk electric system Reliability Standard CIP-0066 Physical Security of Bulk Electric System Cyber Systems According to FERC officials the purpose of the CIP006-6 reliability standard is to manage physical access to bulk electric system cybersystems by specifying a physical security plan in support of protecting these cybersystems against compromise that could lead to the misoperation of or instability in the bulk electric system FERC has approved the proposed reliability standard so that it is mandatory and enforceable Reliability Standard CIP-007- According to FERC officials the purpose of the CIP6 Systems Security 007-6 reliability standard is to manage system Management security by specifying select technical operational and procedural requirements in support of protecting bulk electric system cybersystems against compromise that could lead to the misoperation of or instability in the bulk electric system FERC has approved the proposed reliability standard so that it is mandatory and enforceable Reliability Standard CIP-008- According to FERC officials the purpose of the CIP5 Incident Reporting and 008-5 reliability standard is to mitigate the risk to the Response Planning reliable operation of the bulk electric system as a result of a cybersecurity incident this standard aims to do so by specifying incident response requirements FERC has approved the proposed reliability standard so that it is mandatory and enforceable Reliability Standard CIP-0096 Recovery Plans for Bulk Electric System Cyber Systems According to FERC officials the purpose of the CIP009-6 reliability standard is to recover reliability functions performed by bulk electric system cybersystems by specifying recovery plan requirements in support of the continued stability operability and reliability of the bulk electric system FERC has approved the proposed reliability standard so that it is mandatory and enforceable Reliability Standard CIP-0102 Configuration Change Management and Vulnerability Assessments According to FERC officials the purpose of the CIP010-2 reliability standard is to prevent and detect unauthorized changes to bulk electric system cybersystems by specifying configuration change management and vulnerability assessment requirements in support of protecting bulk electric system cybersystems from compromise that could lead to the misoperation of or instability in the bulk electric system FERC has approved the proposed reliability standard so that it is mandatory and enforceable Reliability Standard CIP-011- According to FERC officials the purpose of the CIP- FERC has approved the proposed reliability 2 Information Protection 011-2 reliability standard is to prevent unauthorized standard so that it is mandatory and access to bulk electric system cybersystem enforceable information by specifying information protection requirements in support of protecting bulk electric system cybersystems against compromise that could lead to the misoperation of or instability in the bulk electric system Page 46 GAO-17-153 Electricity Appendix II Characteristics of Efforts to Enhance the Resilience of the Electricity Grid at Three Federal Agencies Effort name Description Results Reliability Standard CIP-014- According to a FERC document the purpose of the FERC has approved the proposed reliability 2 Physical Security CIP-014-2 reliability standard is to identify and protect standard so that it is mandatory and transmission stations and transmission substations enforceable and their associated primary control centers that if rendered inoperable or damaged as a result of a physical attack could result in instability uncontrolled separation or cascading within an interconnection Reliability Standard EOP010-1 Geomagnetic Disturbance Operations According to a FERC document the purpose of the EOP-010-1 reliability standard is to mitigate the effects of geomagnetic disturbance events by implementing operating plans processes and procedures FERC has approved the proposed reliability standard so that it is mandatory and enforceable Reliability Standard TPL-0071 Transmission System Planned Performance for Geomagnetic Disturbance Events According to a FERC document the purpose of the FERC has approved the proposed reliability TPL-007-1 reliability standard is to establish standard but it is not yet being enforced requirements for transmission system planned performance during geomagnetic disturbance events Source GAO analysis of FERC-reported data GAO-17-153 Note FERC officials reported that the agency could not provide obligation data for its grid resiliency efforts because FERC could not break dow n by individual reliability standard the costs associated w ith reviewing and approving reliability standards Page 47 GAO-17-153 Electricity Appendix III GAO Contact and Staff Acknowledgments Appendix III GAO Contact and Staff Acknowledgments GAO Contact Frank Rusco 202 512-3841 or ruscof@gao gov Staff Acknowledgments Other key contributors to this report were Jon Ludwigson Assistant Director Stephanie Gaines and David Marroni Important contributions were also made by Ben Atwater Antoinette Capaccio Nancy Crothers Laura Durland Philip Farah Cindy Gilbert Brian Lepore Dan Royer Stephen Sanford Marylynn Sergent Maria Stattel Barbara Timmerman and Greg Wilshusen 100539 Page 48 GAO-17-153 Electricity GAO’s Mission The Government Accountability Office the audit evaluation and investigative arm of Congress exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people GAO examines the use of public funds evaluates federal programs and policies and provides analyses recommendations and other assistance to help Congress make informed oversight policy and funding decisions GAO’s commitment to good government is reflected in its core values of accountability integrity and reliability Obtaining Copies of GAO Reports and Testimony The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO’s website http www gao gov Each weekday afternoon GAO posts on its website newly released reports testimony and correspondence To have GAO e-mail you a list of newly posted products go to http www gao gov and select “E-mail Updates ” Order by Phone The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white Pricing and ordering information is posted on GAO’s website http www gao gov ordering htm Place orders by calling 202 512-6000 toll free 866 801-7077 or TDD 202 512-2537 Orders may be paid for using American Express Discover Card MasterCard Visa check or money order Call for additional information Connect with GAO Connect with GAO on Facebook Flickr Twitter and YouTube Subscribe to our RSS Feeds or E-mail Updates Listen to our Podcasts Visit GAO on the web at www gao gov To Report Fraud Waste and Abuse in Federal Programs Contact Congressional Relations Katherine Siggerud Managing Director siggerudk@gao gov 202 512-4400 U S Government Accountability Office 441 G Street NW Room 7125 Washington DC 20548 Public Affairs Chuck Young Managing Director youngc1@gao gov 202 512-4800 U S Government Accountability Office 441 G Street NW Room 7149 Washington DC 20548 Strategic Planning and External Liaison James-Christian Blockwood Managing Director spel@gao gov 202 512-4707 U S Government Accountability Office 441 G Street NW Room 7814 Washington DC 20548 Website http www gao gov fraudnet fraudnet htm E-mail fraudnet@gao gov Automated answering system 800 424-5454 or 202 512-7470 Please Print on Recycled Paper