Skip to main content

Protecting our Critical Infrastructure

Posted on November 22, 2019


We depend on the nation’s critical infrastructure—such as the systems that provide energy, transportation, communications, and financial services—to provide us with our basic needs.

In today’s WatchBlog, we explore federal efforts to protect some of our critical infrastructure from things like cyber-attacks and terrorism.

Oil and gas pipelines

More than 2.7 million miles of pipeline transport oil, natural gas, and other hazardous liquids needed for things like operating vehicles and heating homes. These pipelines run through both remote and urban areas, and are operated by more than 3,000 pipeline companies.

These pipelines are also vulnerable to physical attacks (such as firearms or explosives) and cyber-attacks. For example, a hacker could infiltrate a pipeline’s operational systems via the internet to disrupt service and cause spills, explosions, or fires. In fact, the energy sector accounted for 35% of critical infrastructure cyber incidents from 2013-2015—more than any other sector.

The Transportation Security Administration (along with other federal agencies) is responsible for protecting the nation’s pipelines. However, we found issues with how TSA manages its pipeline security efforts. For example, it has no process for determining when to update its guidelines for pipeline operations and related facilities.

Additionally, TSA’s plan to coordinate security incident responses with other federal agencies and industry stakeholders hasn’t been updated since 2010 . As a result, it doesn’t fully reflect developments in important areas like cybersecurity.

Chemical facilities

The nation’s chemical facilities could also be a target for terrorists. For example, hazardous chemicals could be released from a facility and hurt surrounding populations, or stolen and used as chemical weapons.

The Department of Homeland Security established the Chemical Facility Anti-Terrorism Standards program, in accordance with statutory requirements, to identify high-risk chemical facilities and inspect them to ensure they comply with security standards. DHS also shares information about these facilities with local officials so that first responders are prepared for potential security incidents.

We found that DHS has completed a number of these inspections since 2013. However, first responders still may not have all the information they need to safely respond to incidents at these facilities.

To learn more about our work assessing federal efforts to protect critical infrastructure, click here.


Related Products

About Watchblog

GAO's mission is to provide Congress with fact-based, nonpartisan information that can help improve federal government performance and ensure accountability for the benefit of the American people. GAO launched its WatchBlog in January, 2014, as part of its continuing effort to reach its audiences—Congress and the American people—where they are currently looking for information.

The blog format allows GAO to provide a little more context about its work than it can offer on its other social media platforms. Posts will tie GAO work to current events and the news; show how GAO’s work is affecting agencies or legislation; highlight reports, testimonies, and issue areas where GAO does work; and provide information about GAO itself, among other things.

Please send any feedback on GAO's WatchBlog to