What GAO Found
The Department of Homeland Security (DHS) is developing a resilience policy, but an implementation strategy is a key next step that could help strengthen DHS resilience efforts. DHS defines resilience as the ability to resist, absorb, recover from, or adapt to adversity, and some high-level documents currently promote resilience as a key national goal. Specifically, two key White House documents emphasize resilience on a national level--the 2011 Presidential Policy Directive 8 and the 2012 National Strategy for Global Supply Chain Security. Since 2009, DHS has emphasized the concept of resilience and is currently in the process of developing a resilience policy, the initial steps of which have included creating two internal entities--the Resilience Integration Team and the Office of Resilience Policy (ORP). According to ORP officials, they saw a need to establish a policy that provides component agencies with a single, consistent, departmentwide understanding of resilience that clarifies and consolidates resilience concepts from high-level guiding documents, and helps components understand how their activities address DHS's proposed resilience objectives. ORP officials hope to have an approved policy in place later this year. However, DHS officials stated that currently there are no plans to develop an implementation strategy for this policy. An implementation strategy that defines goals, objectives, and activities; identifies resource needs; and lays out milestones is a key step that could help ensure that DHS components adopt the policy consistently and in a timely manner. For example, an implementation strategy with goals and objectives could provide ORP with a more complete picture of how DHS components are implementing this policy.
The Coast Guard and the Office of Infrastructure Protection (IP) work with stakeholders to address some aspects of critical infrastructure resilience, but they could take additional collaborative actions to promote portwide resilience. The Coast Guard is port focused and works with owners and operators of assets, such as vessels and port facilities, to assess and enhance various aspects of critical infrastructure resilience in ports--such as security protection, port recovery, and risk analysis efforts. In contrast, IP, through its Regional Resiliency Assessment Program (RRAP), conducts assessments with a broader regional focus, but is not port specific. An RRAP assessment is conducted to assess vulnerability to help improve resilience and allow for an analysis of infrastructure "clusters" and systems in various regions--for example, a regional transportation and energy corridor. The Coast Guard and IP have collaborated on some RRAP assessments, but there may be opportunities for further collaboration to conduct port-focused resilience assessments. For example, IP and the Coast Guard could collaborate to leverage existing expertise and tools--such as the RRAP approach--to develop assessments of the overall resilience of specific port areas. Having relevant agencies collaborate and leverage one another's resources to conduct joint portwide resilience assessments could further all stakeholders' understanding of interdependencies with other port partners, and help determine where to focus scarce resources to enhance resilience for port areas.
Why GAO Did This Study
U.S. ports are part of an economic engine handling more than $700 billion in merchandise annually, and a disruption to port operations could have a widespread impact on the global economy. DHS has broad responsibility for protection and resilience of critical infrastructure. Within DHS, the Coast Guard is responsible for the maritime environment, and port safety and security, and IP works to enhance critical infrastructure resilience. Recognizing the importance of the continuity of operations in critical infrastructure sectors, DHS has taken initial steps to emphasize the concept of resilience. GAO was asked to review port resilience efforts. This report addresses the extent to which (1) DHS has provided a road map or plan for guiding resilience efforts, and (2) the Coast Guard and IP are working with port stakeholders and each other to enhance port resilience. To address these objectives, GAO analyzed key legislation and DHS documents and guidance. GAO conducted site visits to three ports, selected based on geography, industries, and potential threats; GAO also interviewed DHS officials and industry stakeholders. Information from site visits cannot be generalized to all ports, but provides insights.
GAO recommends that DHS develop an implementation strategy for its resilience policy and that the Coast Guard and IP identify opportunities to collaborate to leverage existing tools and resources to assess port resilience. DHS concurred with GAO's recommendations.
Recommendations for Executive Action
|Department of Homeland Security||To better ensure consistent implementation of and accountability for DHS's resilience policy, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to develop an implementation strategy for this new policy that identifies the following characteristics and others that may be deemed appropriate: (1) steps needed to achieve results, by developing priorities, milestones, and performance measures; (2) responsible entities, their roles compared with those of others, and mechanisms needed for successful coordination; and (3) sources and types of resources and investments associated with the strategy, and where those resources and investments should be targeted.|
|Department of Homeland Security||To allow for more efficient efforts to assess portwide resilience, the Secretary of Homeland Security should direct the Assistant Secretary of Infrastructure Protection and the Commandant of the Coast Guard to look for opportunities to collaborate to leverage existing tools and resources to conduct assessments of portwide resilience. In developing this approach, DHS should consider the use of data gathered through IP's voluntary assessments of port area critical infrastructure or regional RRAP assessments--taking into consideration the need to protect information collected voluntarily--as well as Coast Guard data gathered through its MSRAM assessments, and other tools used by the Coast Guard.|