New GAO Report on Offshore Energy Infrastructure Security
Late last week, GAO released its report Maritime Security: Coast Guard Should Conduct Required Inspections of Offshore Energy Infrastructure (GAO-12-37). The report can be accessed here. The study was done at the request of several congressional committees in the wake of the Deepwater Horizon oil rig exploding, sinking, and leaking more than 4 million barrels of oil into the Gulf of Mexico. GAO examined Coast Guard efforts to protect offshore energy facilities—such as oil drilling and production rigs—from terrorist attacks.
Threats
While the Deepwater Horizon disaster was not the result of a terrorist attack, it demonstrated the potential consequences of an explosion on an offshore energy facility. Other countries such as Iraq and Nigeria have experienced attacks on offshore energy infrastructure by terrorists. Such facilities in the United States may be an attractive target due to the importance of oil and gas to the nation’s economy and security. Intelligence information indicates that Al Queda has had a continued interest in targeting western oil tankers and commercial oil infrastructure at sea. Protecting such facilities is challenging because of their offshore location in open waters. Further, owners and operators of offshore energy facilities have expressed concerns about small boats with fishermen or divers operating nearby or attempting to attach themselves to the facilities. If a terrorist attack occurs, it would be difficult for the Coast Guard to respond quickly because the facilities are located many miles from its closest response units.
Positive Steps Taken
The Coast Guard and owners and operators have taken a number of steps to protect offshore energy facilities. The Coast Guard established a regional Area Maritime Security Committee for the entire Gulf of Mexico, which developed an Area Maritime Security Plan. The agency conducted exercises to test its plan, using scenarios with terrorists threatening and/or seizing oil platforms. These included both the regional and national levels exercises. GAO also found that the Coast Guard had identified after-action items from these exercises and had generally taken corrective actions. In addition, of the 3,900 offshore energy facilities in the Gulf of Mexico, the Coast Guard has identified 57 as meeting significant production and manpower thresholds and thus falling under its security regulations. The owners and operators of these facilities have designated security officers and developed security plans at both the company and facility level. GAO found that the Coast Guard has reviewed and approved all of these plans.
But Inspections Not Completed
While the Coast Guard has identified 57 facilities as falling under its security regime, it had generally not conducted inspections of these facilities as required by the agency’s regulations. GAO found that Coast Guard had only conducted about 13 to 45 percent of the required facility inspections, depending on the year. There were a variety of reasons for these lapses by the Coast Guard, including confusion over which units should conduct inspections, confusion over which type of facilities should be inspected, units not tracking which specific facilities were coming up for inspection, and reliance on the owners and operators to tell units when they needed inspections. In addition, the Coast Guard’s database for planning, conducting and managing such inspections had a number of limitations in terms of the consistency, accuracy, duplication and definitions of the data. Without procedures in place to ensure that required inspections are completed, the Coast Guard was not in a position to know if offshore facilities were meeting their security requirements. Thus, the agency was not meeting its stated goals of reducing and mitigating the risks and results of terrorist attacks that could threaten the facility, the crews onboard, the general public, and the environment.
Limited Authority Over Mobile Offshore Drilling Units
The Coast Guard has limited authority regarding the security of vessels such as the Deepwater Horizon—which was a self-propelled Mobile Offshore Drilling Unit (MODU) registered to a foreign nation (or “flag state”). MODUs can be subject to Coast Guard security regulations depending on their method of propulsion and level of crew onboard. Page 34 of the report has a figure showing the complexities of MODU regulation. Whereas the Coast Guard may physically inspect a U.S.-flagged MODU to ensure compliance with applicable security requirements, its oversight of foreign-flagged, self-propelled MODUs, such as the Deepwater Horizon, is more limited. Because most MODUs in the Gulf of Mexico do not meet established Coast Guard thresholds for production and crew size, the owners and operators are not required to provide security plans to the Coast Guard and the agency does not conduct security inspections. The Coast Guard’s report on the Deepwater Horizon found that its regulatory scheme for MODUs was insufficient, because it defers heavily to foreign flag states which may not conduct comparable inspections. Thus, the Coast Guard has only limited knowledge about the security measures implemented on such MODUs. The Coast Guard is conducting a study designed to help determine whether additional actions could better ensure the security of offshore facilities, including MODUs. Further, the Coast Guard has implemented a new risk-based oversight policy for all MODUs to address safety and environmental protection issues. Although this policy does not directly address security, increased oversight could help mitigate the risk of a terrorist attack on a MODU.
Recommendations
GAO made a number of recommendations to the Coast Guard to improve its security regime over offshore energy infrastructure. The Coast Guard concurred with the recommendations and cited actions already in progress.
Report Is Part of A Larger Body of GAO Work
On November 2, 2011, GAO will testify on the results of this report—as well as the results of a GAO report on similar lapses by the Department of the Interior program to inspect offshore energy facilities—in a hearing before the House Committee on Transportation and Infrastructure’s Subcommittee on Coast Guard and Maritime Transportation. The overall theme of that hearing is to discuss various government reports on the Deepwater Horizon incident.
The report also supplements a GAO testimony from August 2011 on the security of the maritime energy supply chain (see www.gao.gov/cgi-bin/getrpt?GAO-11-883T). That testimony also discussed Coast Guard efforts to conduct risk assessments of offshore energy facilities. Like the just-released report focusing on actual inspections (as opposed to risk assessments), GAO found that the Coast Guard did not conduct all of the required risk assessments of such facilities (they conducted 38 of the required 50). GAO recommended that the Coast Guard improve its internal controls to ensure that such assessments are done, which will put the agency in a better position to ensure that all such assessments are completed. The August testimony also discussed security issues surrounding energy tankers, which face threats not only from terrorists, but now from pirates. It updated a comprehensive 2007 GAO report on energy tankers (for that earlier report, see www.gao.gov/cgi-bin/getrpt?GAO-08-141 ).