Source of Fiscal Exposure: Security

Over the past decade, the United States has invested tens of billions of dollars in efforts to counter overseas threats and faces a complex and uncertain national security environment. This environment presents several challenges and threats, including international conflicts and regional instability; the potential for further proliferation of nuclear, biological, and chemical weapons; and the growing threat of cyber attacks on the nation’s critical infrastructure. Addressing these challenges and threats will likely result in future federal spending. Examples of exposures in this area include the following:

Military readiness and force modernization. The Department of Defense (DOD) faces the challenge of rebuilding readiness and modernizing capabilities to respond to future international security threats while also dealing with significant budget constraints. DOD needs to fundamentally re-examine several areas, such as requirements for equipment, personnel, and training; the nature and composition of its forces in countries around the world; and the mix, size, and organization of its forces. Additionally, DOD—along with the Department of Energy (DOE)—estimated it will cost $263.8 billion to sustain and modernize the United States’ nuclear weapons capabilities over the next 10 years (see figure below). However, it should be noted that GAO’s work identified shortcomings in the completeness of budget estimates and the transparency of assumptions and limitations that underlie the 10-year estimate.

Departments of Energy and Defense 10-Year Estimates for Sustaining and Modernizing the U.S. Nuclear Deterrent as of July 2013

Terrorist events and insuring against them. Terrorist events in the United States and abroad may create fiscal exposures. For example, under the Terrorism Risk Insurance Program, the federal government and private sector share losses on commercial property and casualty policies resulting from a terrorist attack (see figure below). This program creates an explicit fiscal exposure, as the federal government is legally required to make payments in the event of a certified terrorist attack. However, further analysis is needed to understand the potential magnitude of this exposure.

Initial Loss-Sharing under the Terrorism Risk Insurance Act

Note: To be certified, a terrorist attack must cause a certain amount of financial losses. In the event of an attack, individual insurers that experience losses pay a deductible. After the deductible is paid, the federal government reimburses the insurer for 85 percent of its losses and the insurer is responsible for the remaining 15 percent. The insurer deductible line is jagged because only those insurers that experience losses pay a deductible. As a result, the amount will vary depending on the number of affected insurers.

Excerpted from GAO-14-445.

Cybersecurity incidents. Since fiscal year 2006, the number of reported cyber incidents has risen sharply (see figure below). Pervasive and sustained cyber attacks against the United States could have a potentially devastating impact on federal and nonfederal systems, disrupting the operations of governments and businesses and the lives of private individuals. Significant weaknesses in information security controls continue to threaten the confidentiality, integrity, and availability of critical information and information systems supporting the operations, assets, and personnel of federal government agencies.

Number of Cyber Incidents Reported, Fiscal Years 2006 through 2014

Number of Cyber Incidents  Reported, Fiscal Years 2006 through 2014

Note: Data presented are the number of incidents reported to the U.S. Computer Emergency Readiness Team during this period.

Excerpted from GAO-15-290.


GAO Reports

Other GAO Resources

Military readiness and force modernization

  • Nuclear Weapons: Ten-Year Budget Estimates for Modernization Omit Key Efforts, and Assumptions and Limitations Are Not Fully Transparent (GAO-14-373)
  • Military Readiness: Opportunities Exist to Improve Completeness and Usefulness of Quarterly Reports to Congress (GAO-13-678)
  • Navy Shipbuilding: Significant Investments in the Littoral Combat Ship Continue Amid Substantial Unknowns about Capabilities, Use, and Cost (GAO-13-530)

Military Force Sizing and Organization

Countering Overseas Threats

Terrorism risk insurance

  • Terrorism Insurance: Treasury Needs to Collect and Analyze Data to Better Understand Fiscal Exposure and Clarify Guidance (GAO-14-445)


  • High Risk List Video: Information Security (July 2010)
  • Information Security: Agencies Need to Improve Cyber Incident Response Practices (GAO-14-354)
  • Cybersecurity: National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented (GAO-13-187)
  • Information Security: Cyber Threats Facilitate Ability to Commit Economic Espionage (GAO-12-876T)
  • Cybersecurity: Threats Impacting the Nation (GAO-12-666T)

  • Cybersecurity: Continued Attention Needed to Protect our Nation’s Critical Infrastructure (GAO-11-865T)