Tabla de Contenidos:
  • UTILITY RESILIENCE AT DEPARTMENT OF DEFENSE INSTALLATIONS ISSUES AND RISK MITIGATION ; UTILITY RESILIENCE AT DEPARTMENT OF DEFENSE INSTALLATIONS ISSUES AND RISK MITIGATION ; Library of Congress Cataloging-in-Publication Data; CONTENTS ; PREFACE ; Chapter 1 DEFENSE INFRASTRUCTURE: IMPROVEMENTS IN DOD REPORTING AND CYBERSECURITY IMPLEMENTATION NEEDED TO ENHANCE UTILITY RESILIENCE PLANNING* ; WHY GAO DID THIS STUDY ; WHAT GAO RECOMMENDS ; WHAT GAO FOUND; ABBREVIATIONS; BACKGROUND ; DOD Installations Depend on Utility Services from a Variety of Sources.
  • DOD Roles and Responsibilities for Management of Utility Services on DOD InstallationsDOD Collaborates with Various Federal Agencies with Responsibilities for Protecting Critical Utility Infrastructure ; Cybersecurity Concerns, Industrial Control Systems, and Their Role on DOD Installations ; HAZARDS CAUSED UTILITY DISRUPTIONS RESULTING IN OPERATIONAL AND FISCAL IMPACTS; PHYSICAL AND CYBER THREATS POSE SIMILAR IMPACTS ; DOD and Selected Installations Reported Utility Disruptions for Fiscal Years 2012 through 2014.
  • Hazards Have Caused Utility Disruptions, with Operational and Fiscal Impacts, and Threats Have the Potential to Cause Such ImpactsDOD COLLECTS AND REPORTS UTILITY DISRUPTION DATA, BUT ITS DATA ARE NOT COMPREHENSIVE AND SOME ARE NOT ACCURATE ; DOD Has a 5-Month Process to Collect and Report on Utility Disruption Data, and Uses These Data in a Number of Ways ; DOD's Collection and Reporting of Utilities Disruption Data Are Not Comprehensive and Some Data Are Not Accurate.
  • THE MILITARY SERVICES HAVE TAKEN ACTIONS AND IMPLEMENTED DOD GUIDANCE TO MITIGATE RISKS OF UTILITY DISRUPTIONS BUT FACE CHALLENGES IN IMPLEMENTING CYBERSECURITY GUIDANCE FOR INDUSTRIAL CONTROL SYSTEMS Military Services Have Taken Actions and Implemented DOD Guidance to Mitigate Utility Disruptions ; DOD Updated Cybersecurity Guidance for Industrial Control Systems, and the Military Services Have Taken Initial Steps to Implement the Guidance ; The Military Services Face Challenges Implementing Cybersecurity Guidance for Industrial Control Systems ; CONCLUSION.
  • RECOMMENDATIONS FOR EXECUTIVE ACTION AGENCY COMMENTS AND OUR EVALUATION ; APPENDIX I: SCOPE AND METHODOLOGY ; APPENDIX II: PREVIOUS GAO WORK ON THE VULNERABILITIES OF UTILITY INFRASTRUCTURE ; End Notes ; End Notes for Appendix I ; End Notes for Appendix II ; Chapter 2 DEFENSE CRITICAL INFRASTRUCTURE ACTIONS NEEDED TO IMPROVE THE IDENTIFICATION AND MANAGEMENT OF ELECTRICAL POWER RISKS AND VULNERABILITIES TO DOD CRITICAL ASSETS*; ABBREVIATIONS ; RESULTS IN BRIEF ; BACKGROUND ; DOD's Vulnerability to Electrical Power Disruptions ; DCIP ; Other Risk Management Programs and Activities in DOD.