Software Development: DOD Faces Risks and Challenges in Implementing Modern Approaches and Addressing Cybersecurity Practices

What GAO Found

According to the Department of Defense’s (DOD) fiscal year (FY) 2021 budget request, DOD spent $2.8 billion on the 29 selected major business information technology (IT) programs in FY 2019. The department also reported that it planned to invest over $9.7 billion on these programs between FY 2020 and FY 2022. In addition, 20 of the 29 programs reported experiencing cost or schedule changes since January 2019. Program officials attributed cost and schedule changes to a variety of reasons, including modernization changes and requirements changes or delays. Seventeen of the 29 programs also reported experiencing challenges associated with the early impacts of the COVID-19 pandemic, including the slowdown of contractors’ software development efforts.

DOD and GAO’s assessments of program risk identified a range of program risk levels and indicated that some programs could be underreporting risks. Specifically, of the 22 programs that were actively using a register to manage program risks, DOD rated nine programs as low risk, 12 as medium risk, and one as high risk. In contrast, GAO rated seven as low risk, 12 as medium risk, and three as high risk. In total, GAO found 10 programs for which its numerical assessments of program risk reflected greater risk than reported by DOD, while DOD had three programs with greater reported risk than GAO. DOD officials noted that differences in risk levels might be associated with a variety of factors, including different risk assessment approaches. However, the differences in risk level GAO identified highlight the need for DOD to ensure that it is accurately reporting program risks. Until the department does so, oversight of some programs could be limited by overly optimistic risk perspectives.

As of December 2020, program officials for the 22 major DOD business IT programs that were actively developing software reported using approaches that may help to limit cost and schedule risks. (See table.)

Selected Software Development and Cybersecurity Approaches That May Limit Risks and Number of Major DOD Business IT Programs That Reported Using the Approach

Software development and cybersecurity approaches that may limit risk

Number of programs that reported using the approach

Using off-the-shelf software

19 of 22

Implementing continuous iterative software development

18 of 22

Delivering software at least every 6 monthsa

16 of 22

Developing or planning to develop a cybersecurity strategy

21 of 22

Conducting developmental cybersecurity testing

16 of 22

Conducting operational cybersecurity testing

15 of 22

Source: GAO analysis of Department of Defense questionnaire responses. | GAO-21-351
aThe Defense Innovation Board encourages more frequent delivery of working software to users for Agile and DevOps practices.

Program officials also reported facing a variety of software development challenges while implementing these approaches. These included difficulties finding and hiring staff, transitioning from waterfall to Agile software development, and managing technical environments. DOD’s continued efforts to address these challenges will be critical to the department’s implementation of modern software development approaches.

DOD has also made organizational and policy changes intended to improve the management of its IT acquisitions, such as taking steps to implement Agile software development and improve data transparency. In addition, to address statutory requirements, DOD has taken steps to remove the department’s chief management officer (CMO) position. However, the department had not yet sufficiently implemented these changes. Officials from many of the 18 programs GAO assessed that reported using Agile development reported that DOD had implemented activities associated with Agile transition best practices to only some or little to no extent, indicating that the department had not sufficiently implemented best practices. For example, 12 of the 18 programs reported that DOD’s life-cycle activities only supported Agile methods to some or little to no extent. Program officials also reported challenges associated with implementing Agile software development. The department has a variety of efforts underway to help with its implementation of Agile software development. DOD officials stated that the department’s transition to Agile will take years and will require sustained engagement throughout DOD.

In addition, DOD has taken steps aimed at improving the sharing and transparency of data it uses to monitor its acquisitions. According to a November 2020 proposal from the Office of the Under Secretary for Acquisition and Sustainment, DOD officials are to develop data strategies and metrics to assess performance for the department’s acquisition pathways. However, as of February 2021, DOD did not have data strategies and had not finalized metrics for the two pathways associated with the programs discussed in this report. Officials said they were working with DOD programs and components to finalize initial pathway metrics. They stated that they plan to implement them in fiscal year 2021 and continue to refine and adjust them over the coming years. Without important data from acquistion pathways and systems, DOD risks not having timely quantitative insight into program performance, including its acquisition reform efforts.

Finally, DOD’s CMO position was eliminated by a statute enacted in January 2021. This position was responsible for key efforts associated with the department’s business systems modernization, which has been on GAO’s High Risk List since 1995. DOD plans to take steps to address the uncertainty associated with the recent elimination of the position.

Why GAO Did This Study

For fiscal year 2021, DOD requested approximately $37.7 billion for IT investments. These investments included major business IT programs, which are intended to help the department carry out key business functions, such as financial management and health care.

The National Defense Authorization Act for Fiscal Year 2019 included a provision for GAO to assess selected IT programs annually through March 2023. GAO’s objectives for this review were to (1) summarize DOD’s reported performance of its portfolio of IT acquisition programs and the reasons for this performance; (2) evaluate DOD’s assessments of program risks; (3) summarize DOD’s approaches to software development and cybersecurity and identify associated challenges; and (4) evaluate how selected organizational and policy changes could affect IT acquisitions.

To address these objectives, GAO selected 29 major business IT programs that DOD reported to the federal IT Dashboard (a public website that includes information on the performance of major IT investments) as of September 2020. GAO reviewed planned expenditures for these programs, from fiscal years 2019 through 2022, as reported in the department’s FY 2021 budget request. It also aggregated program office responses to a GAO questionnaire that requested information about cost and schedule changes that occurred since January 2019 and the early impacts of COVID-19.

GAO also analyzed the risks of the 22 programs that were actively using central repositories known as risk registers to manage program risks. GAO used these registers to create program risk ratings, and then compared its ratings to those of the DOD chief information officer (CIO).

In addition, GAO aggregated DOD program office responses to the questionnaire that requested information about the software and cybersecurity practices used by 22 of the 29 IT programs that were actively developing software. GAO compared the responses to relevant guidance and leading practices.

GAO reviewed selected IT-related organizational and policy changes and reviewed reports and documentation related to the effects of these changes on IT acquisitions. GAO also aggregated program office responses to the questionnaire that requested information about DOD’s implementation of these changes. This included information on DOD’s implementation of best practices as part of its efforts to implement Agile software development. GAO met with relevant DOD officials to discuss each of the topics addressed in this report.


More from:

Hits: 0

News Network

  • Somalia Should Hold Elections Immediately
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Information Environment: DOD Operations Need Enhanced Leadership and Integration of Capabilities
    In U.S GAO News
    What GAO Found At its core, information operations (IO) are the integration of information-related capabilities during military operations to influence, disrupt, corrupt, or usurp the decision making of adversaries and potential adversaries while protecting our own. (See figure.) For example, in seeking to facilitate safe and orderly humanitarian assistance, the Department of Defense (DOD) would conduct IO by influencing host nation and regional cooperation through the integration of public affairs activities and military information support operations. Information Operations and Selected Information-Related Capabilities GAO found, in 2019, that DOD had made limited progress in implementing the 2016 DOD IO strategy and faced a number of challenges in overseeing the IO enterprise and integrating its IO capabilities. Specifically: In seeking to implement the strategy, DOD had not developed an implementation plan or an investment framework to identify planning priorities to address IO gaps. DOD has established department-wide IO roles and responsibilities and assigned most oversight responsibilities to the Under Secretary of Defense for Policy. The Under Secretary had exercised some responsibilities, such as establishing an executive steering group. However, the Under Secretary had not fulfilled other IO oversight responsibilities, such as conducting an assessment of needed tasks, workload, and resources. Instead, the Under Secretary delegated these responsibilities to an official whose primary responsibilities are focused on special operations and combatting terrorism. DOD had integrated information-related capabilities in some military operations, but had not conducted a posture review to assess IO challenges. Conducting a comprehensive posture review to fully assess challenges would assist DOD in effectively operating while using information-related capabilities. Why GAO Did This Study U.S. potential adversaries—including near-peer competitors Russia and China—are using information to achieve objectives below the threshold of armed conflict. DOD can use information operations to counter these activities. This testimony summarizes GAO's past work related to DOD's IO capabilities. Specifically, it discusses: (1) DOD's information operation terms and concept, and (2) DOD's actions to implement the 2016 DOD IO strategy and address oversight and integration challenges. This statement is based on GAO's August and October 2019 reports (GAO-19-510C and GAO-20-51SU) and updates conducted in April 2021.
    [Read More…]
  • Department of Justice Announces Formation of Firearms Trafficking Strike Forces to Crack Down on Sources of Crime Guns
    In Crime News
    Today, the Department of Justice announced it will launch five cross-jurisdictional firearms trafficking strike forces within the next 30 days to help reduce violent crime by addressing illegal gun trafficking in significant firearms trafficking corridors. Tomorrow, the Attorney General will discuss with the President, law enforcement officials, and local and community leaders, this initiative, which, along with other measures, the Department of Justice is undertaking as part of the administration-wide comprehensive strategy to combat the rise in violent crime. 
    [Read More…]
  • Federal Jury Convicts Illinois Man for Bombing the Dar al-Farooq Islamic Center
    In Crime News
    Yesterday, a federal jury returned a guilty verdict against Micheal Hari, 49, for his role in the bombing of the Dar al-Farooq Islamic Center in Bloomington, Minnesota, on Aug. 5, 2017. The announcement was made by U.S. Attorney for the District of Minnesota Erica H. MacDonald, Assistant Attorney General Eric S. Dreiband of the Department of Justice’s Civil Rights Division, and Special Agent in Charge of the FBI's Minneapolis Division Michael Paul.
    [Read More…]
  • G7 Foreign Ministers’ Statement on Belarus
    In Crime Control and Security News
    Office of the [Read More…]
  • F-35 Sustainment: DOD Needs to Address Key Uncertainties as It Re-Designs the Aircraft’s Logistics System
    In U.S GAO News
    The Autonomic Logistics Information System (ALIS) is integral to supporting F-35 aircraft operations and maintenance. However, F-35 personnel at 5 locations GAO visited for its March 2020 report cited several challenges. For example, users at all 5 locations we visited stated that electronic records of F-35 parts in ALIS are frequently incorrect, corrupt, or missing, resulting in the system signaling that an aircraft should be grounded in cases where personnel know that parts have been correctly installed and are safe for flight. At times, F-35 squadron leaders have decided to fly an aircraft when ALIS has signaled not to, thus assuming operational risk to meet mission requirements. GAO found that DOD had not (1) developed a performance-measurement process for ALIS to define how the system should perform or (2) determined how ALIS issues were affecting overall F-35 fleet readiness, which remains below warfighter requirements. DOD recognizes that ALIS needs improvement and plans to leverage ongoing re-design efforts to eventually replace ALIS with a new logistics system. However, as DOD embarks on this effort, it faces key technical and programmatic uncertainties (see figure). Uncertainties about the Future F-35 Logistics Information System These uncertainties are complicated and will require significant planning and coordination with the F-35 program office, military services, international partners, and the prime contractor. For example, GAO reported in March 2020 that DOD had not determined the roles of DOD and the prime contractor in future system development and management. DOD had also not made decisions about the extent to which the new system will be hosted in the cloud as opposed to onsite servers at the squadron level. More broadly, DOD has experienced significant challenges sustaining a growing F-35 fleet. GAO has made over 20 recommendations to address problems associated with ALIS, spare parts shortages, limited repair capabilities, and inadequate planning. DOD has an opportunity to re-imagine the F-35's logistics system and improve operations, but it must approach this planning deliberately and thoroughly. Continued attention to these challenges will help ensure that DOD can effectively sustain the F-35 and meet warfighter requirements. The F-35 Lightning II is DOD's most ambitious and costly weapon system in history, with total acquisition and sustainment costs for the three U.S. military services who fly the aircraft estimated at over $1.6 trillion. Central to F-35 sustainment is ALIS—a complex system that supports operations, mission planning, supply-chain management, maintenance, and other processes. A fully functional ALIS is critical to the more than 3,300 F-35 aircraft that the U.S. military services and foreign nations plan to purchase. Earlier this year, DOD stated that it intends to replace ALIS with a new logistics system. This statement highlights (1) current user challenges with ALIS and (2) key technical and programmatic uncertainties facing DOD as it re-designs the F-35's logistics system. This statement is largely based on GAO's March 2020 report on ALIS ( GAO-20-316 ), as well as previous F-35 sustainment work. GAO previously recommended that DOD develop a performance-measurement process for ALIS, track how ALIS is affecting F-35 fleet readiness, and develop a strategy for re-designing the F-35's logistics system. GAO also suggested that Congress consider requiring DOD to develop a performance-measurement process for its logistics system. DOD concurred with GAO's recommendations and is taking actions to address them. For more information, contact Diana C. Maurer at (202) 512-9627 or maurerd@gao.gov.
    [Read More…]
  • Statement of Attorney General Merrick B. Garland on the Justice Department’s Implementation of the Executive Order on Promoting Competition in the American Economy
    In Crime News
    Attorney General Merrick B. Garland made the following statement after the President’s signing of the Executive Order on Promoting Competition in the American Economy:
    [Read More…]
  • Justice Department Reaches Agreement with Two Community Colleges to Improve Access for Students with Disabilities
    In Crime News
    The Justice Department announced today the signing of two agreements with community colleges to remove barriers experienced by students with disabilities, including veterans.
    [Read More…]
  • Texas Heart Hospital and Wholly-Owned Subsidiary THHBP Management Company LLC to Pay $48 Million to Settle False Claims Act Allegations Related to Alleged Kickbacks
    In Crime News
    Texas Heart Hospital of the Southwest LLP, a partially physician-owned hospital in Plano, Texas, and its wholly owned subsidiary, THHBP Management Company, LLC (collectively, the “Heart Hospital”) have agreed to pay the United States $48 million to resolve claims that the Heart Hospital violated the False Claims Act by knowingly submitting claims to the Medicare program that resulted from violations of the Physician Self-Referral Law and the Anti Kickback Statute, the Justice Department announced today.
    [Read More…]
  • Justice Department Announces Two Million Dollar Settlement of Race Discrimination Lawsuit Against Baltimore County, Maryland
    In Crime News
    The Justice Department announced today that it has reached a settlement, through a court-supervised settlement agreement, with Baltimore County, Maryland, resolving the United States’ claims that the Baltimore County Police Department (BCPD) discriminated against African American applicants for employment in violation of Title VII of the Civil Rights Act of 1964. Title VII is a federal law that prohibits discrimination in employment on the basis of race, color, religion, sex, and national origin.
    [Read More…]
  • On the Political Persecution of Hong Kong Democracy Advocates
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • 5G Wireless: Capabilities and Challenges for an Evolving Network
    In U.S GAO News
    Fifth-generation (5G) wireless networks promise to provide significantly greater speeds and higher capacity to accommodate more devices. In addition, 5G networks are expected to be more flexible, reliable, and secure than existing cellular networks. The figure compares 4G and 5G performance goals along three of several performance measures. Note: Megabits per second (Mbps) is a measure of the rate at which data is transmitted, milliseconds (ms) is a measure of time equal to one thousandth of a second, and square kilometer (km²) is a measure of area. As with previous generations of mobile wireless technology, the full performance of 5G will be achieved gradually as networks evolve over the next decade. Deployment of 5G network technologies in the U.S. began in late 2018, and these initial 5G networks focus on enhancing mobile broadband. These deployments are dependent on the existing 4G core network and, in many areas, produced only modest performance improvements. To reach the full potential of 5G, new technologies will need to be developed. International bodies that have been involved in defining 5G network specifications will need to develop additional 5G specifications and companies will need to develop, test, and deploy these technologies. GAO identified the following challenges that can hinder the performance or usage of 5G technologies in the U.S. GAO developed six policy options in response to these challenges, including the status quo. They are presented with associated opportunities and considerations in the following table. The policy options are directed toward the challenges detailed in this report: spectrum sharing, cybersecurity, privacy, and concern over possible health effects of 5G technology. Policy options to address challenges to the performance or usage of U.S. 5G wireless networks Policy Option Opportunities Considerations Spectrum-sharing technologies (report p. 47) Policymakers could support research and development of spectrum sharing technologies. Could allow for more efficient use of the limited spectrum available for 5G and future generations of wireless networks. It may be possible to leverage existing 5G testbeds for testing the spectrum sharing technologies developed through applied research. Research and development is costly, must be coordinated and administered, and its potential benefits are uncertain. Identifying a funding source, setting up the funding mechanism, or determining which existing funding streams to reallocate will require detailed analysis. Coordinated cybersecurity monitoring (report p. 48) Policymakers could support nationwide, coordinated cybersecurity monitoring of 5G networks. A coordinated monitoring program would help ensure the entire wireless ecosystem stays knowledgeable about evolving threats, in close to real time; identify cybersecurity risks; and allow stakeholders to act rapidly in response to emerging threats or actual network attacks. Carriers may not be comfortable reporting incidents or vulnerabilities, and determinations would need to be made about what information is disclosed and how the information will be used and reported. Cybersecurity requirements (report p. 49) Policymakers could adopt cybersecurity requirements for 5G networks. Taking these steps could produce a more secure network. Without a baseline set of security requirements the implementation of network security practices is likely to be piecemeal and inconsistent. Using existing protocols or best practices may decrease the time and cost of developing and implementing requirements. Adopting network security requirements would be challenging, in part because defining and implementing the requirements would have to be done on an application-specific basis rather than as a one-size-fits-all approach. Designing a system to certify network components would be costly and would require a centralized entity, be it industry-led or government-led. Privacy practices (report p. 50) Policymakers could adopt uniform practices for 5G user data. Development and adoption of uniform privacy practices would benefit from existing privacy practices that have been implemented by states, other countries, or that have been developed by federal agencies or other organizations. Privacy practices come with costs, and policymakers would need to balance the need for privacy with the direct and indirect costs of implementing privacy requirements. Imposing requirements can be burdensome, especially for smaller entities. High-band research (report p. 51) Policymakers could promote R&D for high-band technology. Could result in improved statistical modeling of antenna characteristics and more accurately representing propagation characteristics. Could result in improved understanding of any possible health effects from long-term radio frequency exposure to high-band emissions. Research and development is costly and must be coordinated and administered, and its potential benefits are uncertain. Policymakers will need to identify a funding source or determine which existing funding streams to reallocate. Status quo (report p. 52) Some challenges described in this report may be addressed through current efforts. Some challenges described in this report may remain unresolved, be exacerbated, or take longer to resolve than with intervention. GAO was asked to assess the technologies associated with 5G and their implications. This report discusses (1) how the performance goals and expected uses are to be realized in U.S. 5G wireless networks, (2) the challenges that could affect the performance or usage of 5G wireless networks in the U.S., and (3) policy options to address these challenges. To address these objectives, GAO interviewed government officials, industry representatives, and researchers about the performance and usage of 5G wireless networks. This included officials from seven federal agencies; the four largest U.S. wireless carriers; an industry trade organization; two standards bodies; two policy organizations; nine other companies; four university research programs; the World Health Organization; the National Council on Radiation Protection and Measurements; and the chairman of the Defense Science Board's 5G task force. GAO reviewed technical studies, industry white papers, and policy papers identified through a literature review. GAO discussed the challenges to the performance or usage of 5G in the U.S. during its interviews and convened a one-and-a-half day meeting of 17 experts from academia, industry, and consumer groups with assistance from the National Academies of Sciences, Engineering, and Medicine. GAO received technical comments on a draft of this report from six federal agencies and nine participants at its expert meeting, which it incorporated as appropriate. For more information, contact Hai Tran at (202) 512-6888, tranh@gao.gov or Vijay A. D’Souza at (202) 512-6240, dsouzav@gao.gov.
    [Read More…]
  • Libya Independence Day
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Two Individuals Charged for their Roles in Massive Cattle Ponzi Scheme
    In Crime News
    A federal grand jury in Colorado returned an indictment that was unsealed Tuesday charging an Illinois woman and a Georgia man with running a Ponzi scheme that raised approximately $650 million from investors across the country.
    [Read More…]
  • Joint Statement between the United States and Uzbekistan on the Successful Conclusion of 2020 Annual Bilateral Consultations and Commencement of a Strategic Partnership Dialogue
    In Crime Control and Security News
    Office of the [Read More…]
  • Final Defendant Sentenced in $7 Billion Investment Fraud Scheme
    In Crime News
    The former chief of Antigua’s Financial Services Regulatory Commission (FSRC) was sentenced today to 10 years in prison for his role in connection with a $7 billion Ponzi scheme involving the Stanford International Bank (SIB).
    [Read More…]
  • On the 31st Anniversary of the Americans with Disabilities Act
    In Crime Control and Security News
    Ned Price, Department [Read More…]
  • Federal Court Terminates Paramount Consent Decrees
    In Crime News
    WASHINGTON – A federal court in the Southern District of New York today terminated the Paramount Consent Decrees, which for over seventy years have regulated how certain movie studios distribute films to movie theatres. The review and termination of these Decrees were part of the Department of Justice’s review of legacy antitrust judgments that dated back to the 1890’s and has resulted in the termination of nearly 800 perpetual decrees.
    [Read More…]
  • More than 700 Members Of Transnational Organized Crime Groups Arrested in Central America in U.S. Assisted Operation
    In Crime News
    Today, senior law enforcement officials from the United States, El Salvador, Guatemala and Honduras announced criminal charges in Central America against more than 700 members of transnational criminal organizations, primarily MS-13 and 18th Street gangs, which resulted from a one-week coordinated law enforcement action under Operation Regional Shield (ORS).
    [Read More…]
  • University of Miami to Pay $22 Million to Settle Claims Involving Medically Unnecessary Laboratory Tests and Fraudulent Billing Practices
    In Crime News
    The University of Miami (UM) has agreed to pay $22 million to resolve allegations that it violated the False Claims Act by ordering medically unnecessary laboratory tests, and submitting false claims through its laboratory and off campus hospital based facilities (“Hospital Facilities”).
    [Read More…]
  • Colombia Travel Advisory
    In Travel
    Do not travel to [Read More…]
  • Secretary Antony J. Blinken Introductory Remarks for Youth Speaker Xiye Bastida
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Former CEO Charged in Schemes to Defraud U.S. Government Related to the Conflict in Afghanistan
    In Crime News
    The former chief executive officer of a U.S. government contractor was charged today in connection with schemes to defraud the U.S. Department of Defense regarding contracts related to Operation Enduring Freedom in Afghanistan.
    [Read More…]
  • Judge Rya Zobel to Receive 2020 Devitt Award
    In U.S Courts
    Senior U.S. District Judge Rya Zobel, who grew up in Nazi Germany and later became the first woman to serve as director of the Federal Judicial Center, is the recipient of the 2020 Edward J. Devitt Distinguished Service to Justice Award.
    [Read More…]
  • Acting Assistant Attorney General Brian C. Rabbitt Delivers Remarks at Shinshu University 2nd White Collar Crime Workshop
    In Crime News
    Good morning. It is my pleasure to be with you today, even if only through a video screen. Thank you very much to Shinshu University and my hosts for your kind invitation to join the list of distinguished speakers, panelists, and participants in today’s important event. It is my great privilege to be here today representing the women and men of the Criminal Division of the U.S. Department of Justice, and I look forward to speaking with you about some of our important work over the past year enforcing the federal criminal laws.
    [Read More…]
  • Secretary Michael R. Pompeo Remarks to the Press
    In Crime News
    Michael R. Pompeo, [Read More…]
  • Four Former Minneapolis Police Officers Indicted on Federal Civil Rights Charges for Death of George Floyd; Derek Chauvin Also Charged in Separate Indictment for Violating Civil Rights of a Juvenile
    In Crime News
    A federal grand jury in Minneapolis, Minnesota returned two indictments that were unsealed today. The first indictment charges former Minneapolis Police Department officers Derek Chauvin, 45; Tou Thao, 35; J. Alexander Kueng, 27; and Thomas Lane, 38, with federal civil rights crimes for their roles in the death of George Perry Floyd Jr.
    [Read More…]
  • Justice Department Warns Taxpayers to Avoid Fraudulent Tax Preparers
    In Crime News
    With less than one month left in this year’s tax season, the Department of Justice urges taxpayers to choose their return preparers wisely. Return preparer fraud is one of the IRS’ Dirty Dozen Tax Scams. Unscrupulous preparers who include errors or false information on a customer’s return could leave a taxpayer open to liability for unpaid taxes, penalties, and interest.
    [Read More…]
  • Secretary Michael R. Pompeo, Secretary of Defense Mark Esper, Indian Minister of Defense Rajnath Singh, And Indian Minister of External Affairs Subrahmanyam Jaishankar Opening Statements at the U.S.-India 2+2 Ministerial Dialogue
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Countering Violent Extremism: DHS Can Further Enhance Its Strategic Planning and Data Governance Efforts
    In U.S GAO News
    What GAO Found DHS's 2019 Strategic Framework for Countering Terrorism and Targeted Violence and the related plans—collectively referred to as the strategy—outline the department's vision for all DHS counterterrorism activities. In prior work, GAO has identified seven elements of a comprehensive strategy. GAO found that DHS's strategy contains some but not all of the key elements (see figure). For example, GAO found that DHS's strategy included a mission statement, and a set of goals that were in turn linked to objectives and priority actions. However, the strategy did not include a discussion of external factors such as how the economy, demographics, or emerging technologies may affect the department in meeting its goals. By identifying and assessing such external factors, DHS would be better positioned to proactively mitigate such factors or plan for contingencies, if needed. Extent to Which DHS's Strategy for Countering Terrorism and Targeted Violence Included the Seven Elements of a Comprehensive Strategy DHS has taken some steps to establish a data governance framework, which helps ensure that an agency's data assets are transparent, accessible, and of sufficient quality to support its mission. For example, DHS established a data governance council to manage various data priority areas, however it has not yet completed actions to include targeted violence and terrorism prevention data into its department-wide framework. DHS has already identified some data challenges, such as the lack of comprehensive, national-level statistics on terrorism and targeted violence that underscore the need for a data governance framework. By incorporating targeted violence and terrorism prevention data into its broader data governance framework, DHS would be better able to leverage data to support and inform its prevention efforts, including building effective policy to address the threats and trends it identifies in the data. Why GAO Did This Study Data collected through the Extremist Crime Database show that there were 81 fatal violent extremist attacks in the United States from 2010 through 2020, resulting in 240 deaths. Since 2010, DHS has developed strategic initiatives that address targeted violence and terrorism prevention, which include efforts to counter violent extremism, among other things. GAO was asked to review DHS's longer-term efforts to prevent terrorism and targeted violence. This report examines the extent to which (1) DHS's 2019 strategy to address targeted violence and terrorism prevention includes key elements of a comprehensive strategy, and (2) DHS has developed a data governance framework to help implement its strategy. GAO reviewed DHS documentation and compared DHS's strategy to identified elements of a comprehensive strategy, and compared DHS's efforts to develop a data governance framework to federal requirements for implementing data governance.
    [Read More…]
  • Protecting and Preserving a Free and Open South China Sea
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Panama
    In Travel
    I am a… [Read More…]
  • Russian Influence in the Mediterranean
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • National Health Care Fraud and Opioid Takedown Results in Charges Against 345 Defendants Responsible for More than $6 Billion in Alleged Fraud Losses
    In Crime News
    Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division, Assistant Director Calvin Shivers of the FBI’s Criminal Investigative Division, Deputy Inspector General Gary Cantrell of the Department of Health and Human Services Office of Inspector General (HHS-OIG) and Assistant Administrator Tim McDermott of the Drug Enforcement Administration (DEA) today announced a historic nationwide enforcement action involving 345 charged defendants across 51 federal districts, including more than 100 doctors, nurses and other licensed medical professionals. 
    [Read More…]
  • Cabo Verde Travel Advisory
    In Travel
    Reconsider travel to [Read More…]
  • Intellectual Property: Additional Agency Actions Can Improve Assistance to Small Businesses and Inventors
    In U.S GAO News
    The U.S. Patent and Trademark Office (USPTO) offers multiple programs that help small businesses and inventors with acquiring intellectual property protections, which can help protect creative works or ideas. These programs, such as the Inventors Assistance Center, are aimed at assisting the public, especially small businesses and inventors, with intellectual property protections. Several stakeholders GAO interviewed said that USPTO programs have been helpful, but they were also not aware of some USPTO programs. Although these programs individually evaluate how they help small businesses and inventors, the agency does not collect and evaluate overall information on whether these programs are effectively reaching out to and meeting the needs of these groups. Under federal internal control standards, an agency should use quality information to achieve its objectives. Without an agency-wide approach to collect information to help evaluate the extent to which its programs serve small businesses and inventors, USPTO may not have the quality information needed to fully evaluate the effectiveness of its outreach and assistance for these groups and thus make improvements where necessary. Although the Small Business Administration (SBA) coordinates with USPTO through targeted efforts to provide intellectual property training to small businesses, it has not fully implemented some statutory requirements that can further enhance this coordination. While SBA and the Small Business Development Centers (SBDCs) coordinate with USPTO programs at the local level to train small businesses on intellectual property protection (see figure), this coordination is inconsistent. For example, two of the 12 SBDCs that GAO interviewed reported working primarily with USPTO to help small businesses protect their intellectual property, but the other 10 did not. The Small Business Innovation Protection Act of 2017 requires SBA and USPTO to coordinate and build on existing intellectual property training programs, and requires that SBA's local partners, specifically the SBDCs, provide intellectual property training, in coordination with USPTO. SBA officials reported that they are in the process of implementing requirements of this act. Incorporating selected leading practices for collaboration, such as documenting the partnership agreement and clarifying roles and responsibilities, could help SBA and USPTO fully and consistently communicate their existing resources to their partners and programs, enabling them to refer these resources to small businesses and inventors. Figure: The Small Business Administration (SBA) and the U.S. Patent and Trademark Office (USPTO) Coordinate at the Local Level, but Are Inconsistent Small businesses employ about half of the U.S. private workforce and create approximately two-thirds of the nation's jobs. For many small businesses, intellectual property aids in building market share and creating jobs. Among the federal agencies assisting small businesses with intellectual property are USPTO, which grants patents and registers trademarks, and SBA, which assists small businesses on a variety of business development issues, including intellectual property. GAO was asked to review resources available to help small businesses and inventors protect intellectual property, and their effectiveness. This report examines, among other things, (1) the extent to which USPTO evaluates the effectiveness of its efforts to assist small businesses and (2) SBA's coordination with USPTO to assist small businesses. GAO analyzed agency documents and interviewed officials who train and assist small businesses. GAO also interviewed stakeholders, including small businesses, and, among other things, reviewed federal internal control standards and selected leading practices for enhancing interagency collaboration. GAO is making four recommendations, including that USPTO develop an agency-wide approach to evaluate the effectiveness of its efforts to help small businesses and inventors, and that SBA document its partnership agreement with USPTO and clarify roles and responsibilities for coordinating with USPTO to provide training. Both agencies agreed with GAO's recommendations. For more information, contact John Neumann, (202) 512-6888, NeumannJ@gao.gov. 
    [Read More…]
  • TSA Acquisitions: TSA Needs to Establish Metrics and Evaluate Third Party Testing Outcomes for Screening Technologies
    In U.S GAO News
    In 2013, the Transportation Security Administration (TSA) introduced the concept of third party testing—having an independent testing entity verify that a security screening system meets certain requirements. The concept is that screening system vendors would take this additional step either prior to submitting their technologies to TSA or if their system failed TSA's test and evaluation process. The goal is for third party testing to reduce the time and resources that TSA spends on its own testing. However, since introduced, TSA has directed only three vendors that failed TSA tests to use third party testing, with varying outcomes. In two other cases, TSA supplemented its test capabilities by using third party testers to determine that systems installed at airports were working properly. TSA officials and industry representatives pointed to several reasons for third party testing's limited use since 2013, such as the cost to industry to use third party testers and TSA's reluctance to date to accept third party test data as an alternative to its own. Despite this, TSA officials told GAO they hope to use third party testing more in the future. For example, in recent announcements to evaluate and qualify new screening systems, TSA stated that it will require a system that fails TSA testing to go to a third party tester to address the identified issues (see figure). Example of Use of Third Party Testing When a System Experiences a Failure in TSA's Testing TSA set a goal in 2013 to increase screening technology testing efficiency. In addition, TSA reported to Congress in January 2020 that third party testing is a part of its efforts to increase supplier diversity and innovation. However, TSA has not established metrics to determine third party testing's contribution toward the goal of increasing efficiency. Further, GAO found no link between third party testing and supplier diversity and innovation. Some TSA officials and industry representatives also questioned third party testing's relevance to these efforts. Without metrics to measure and assess the extent to which third party testing increases testing efficiency, TSA will be unable to determine the value of this concept. Similarly, without assessing whether third party testing contributes to supplier diversity and innovation, TSA cannot know if third party testing activities are contributing to these goals as planned. TSA relies on technologies like imaging systems and explosives detection systems to screen passengers and baggage to prevent prohibited items from getting on board commercial aircraft. As part of its process of acquiring these systems and deploying them to airports, TSA tests the systems to ensure they meet requirements. The 2018 TSA Modernization Act contained a provision for GAO to review the third party testing program. GAO assessed the extent to which TSA (1) used third party testing, and (2) articulated its goals and developed metrics to measure the effects of third party testing. GAO reviewed TSA's strategic plans, acquisition guidance, program documentation, and testing policies. GAO interviewed officials from TSA's Test and Evaluation Division and acquisition programs, as well as representatives of vendors producing security screening systems and companies providing third party testing services. GAO is recommending that TSA develop metrics to measure the effects of third party testing on efficiency, assess its effects on efficiency, and assess whether third party testing contributes to supplier diversity and innovation. DHS concurred with GAO's three recommendations and has actions planned to address them. For more information, contact Marie A. Mak at (202) 512-4841 or MakM@gao.gov.
    [Read More…]
  • CITGO Petroleum Corp. Will Pay Over $19 Million for Injuries to Natural Resources Resulting from its Oil Spill at its Refinery in Lake Charles, Louisiana
    In Crime News
    Houston, Texas-based CITGO Petroleum Corporation has agreed to pay $19.69 million to resolve federal and state claims for natural resource damages under the Oil Pollution Act and the Louisiana Oil Spill Prevention and Response Act.
    [Read More…]
  • Boeing Charged with 737 Max Fraud Conspiracy and Agrees to Pay over $2.5 Billion
    In Crime News
    The Boeing Company (Boeing) has entered into an agreement with the Department of Justice to resolve a criminal charge related to a conspiracy to defraud the Federal Aviation Administration’s Aircraft Evaluation Group (FAA AEG) in connection with the FAA AEG’s evaluation of Boeing’s 737 MAX airplane.
    [Read More…]
  • Secretary Michael R. Pompeo With Prasad Dodangodage of Rupavahini TV
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Bhutan National Day
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Notice of Meeting: U.S. Advisory Commission on Public Diplomacy
    In Crime Control and Security News
    Office of the [Read More…]
  • Aruba Travel Advisory
    In Travel
    Reconsider travel [Read More…]
  • Florida Man Charged with Federal Hate Crime
    In Crime News
    A Florida man was charged with federal hate crime in Ocala for setting fire to a church.
    [Read More…]
  • GPS Modernization: DOD Continuing to Develop New Jam-Resistant Capability, But Widespread Use Remains Years Away
    In U.S GAO News
    The Department of Defense (DOD) is closer to being able to use military code (M-code)—a stronger, more secure signal for the Global Positioning System (GPS) designed to meet military needs. However, due to the complexity of the technology, M-code remains years away from being widely fielded across DOD. M-code-capable receiver equipment includes different components, and the development and manufacture of each is key to the modernization effort. These include: special M-code application-specific integrated circuit chips, special M-code receiver cards, being developed under the Air Force Military GPS User Equipment (MGUE) programs, and the next generation of GPS receivers capable of using M-code signals from GPS satellites. DOD will need to integrate all of these components into different types of weapon systems (see figure for notional depiction of integration for one system). Integration across DOD will be a considerable effort involving hundreds of different weapon systems, including some with complex and unique integration needs or configurations. Global Positioning System User Equipment Integration The Air Force is almost finished—approximately one year behind schedule—developing and testing one M-code card for testing on the Marine Corps Joint Light Tactical Vehicle and the Army Stryker vehicle. However, one card intended for use in aircraft and ships is significantly delayed and missed key program deadlines. The Air Force is revising its schedule for testing this card. The M-code card development delays have had ripple effects on GPS receiver modernization efforts and the weapon systems that intend to use them. For example, an Air Force receiver modernization effort that depends on the new technology will likely breach its schedule and incur additional costs because of the delay. In turn, DOD planned to incorporate that receiver into its F/A-18 fighter aircraft, AV-8B strike aircraft, and the MH-53E helicopter, but it no longer plans to do so because of the delay. DOD has not yet determined the full extent of the development effort to widely integrate and field M-code receivers across the department. The amount of additional development and integration work is expected to vary for each weapon system and could range from a few weeks to several years. DOD is taking steps to enable fielding modernized receivers that use M-code cards by working to identify integration and production challenges. DOD has been developing the capability to use its more jam-resistant military-specific GPS signal for 2 decades. The Air Force launched the first GPS satellite capable of broadcasting the M-code signal in 2005, but is only now completing development of the software and other equipment needed to use it. The GPS modernization effort spans DOD and the military services, but an Air Force program office is developing M-code cards for eventual production and integration into weapon systems. The National Defense Authorization Act for Fiscal Year 2016 included a provision that the Air Force provide quarterly reports to GAO on next-generation GPS acquisition programs, and that GAO brief congressional defense committees. Since 2016, GAO has provided briefings and reported on various aspects of GPS. This report discusses DOD's progress and challenges (1) developing M-code receiver cards, and (2) developing receivers and taking other steps to make M-code-capable receivers available for fielding. GAO reviewed schedules and cost estimates for the Air Force's MGUE programs; military service and DOD M-code implementation data; and test and integration plans for aircraft, ships, and ground vehicles. GAO also reviewed strategies for continued access to microelectronics and interviewed officials from the MGUE programs, military services, and DOD, and representatives from microelectronics developers. For more information, contact Jon Ludwigson at (202) 512-4841 or ludwigsonj@gao.gov.
    [Read More…]
  • On the Exile of Catholic Archbishop Kondrusiewicz
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Special Briefing with Deputy Secretary of State for Management and Resources Brian P. McKeon, U.S. Agency for International Development (USAID) Principal Advisor to the Administrator Mark Feierstein, and Experts On the Administration’s Budget Proposal for the Department of State and USAID for Fiscal Year 2022
    In Crime Control and Security News
    Brian P. McKeon, Deputy [Read More…]
  • Prescription Drugs: U.S. Prices for Selected Brand Drugs Were Higher on Average than Prices in Australia, Canada, and France
    In U.S GAO News
    What GAO Found GAO's analysis of 2020 data found that, for 20 selected brand-name prescription drugs, estimated U.S. prices paid at the retail level by consumers and other payers (such as insurers) were more than two to four times higher than prices in three selected comparison countries. The U.S. prices GAO estimated for comparison reflect confidential rebates and other price concessions, which GAO refers to as net prices. Publicly available prices for the comparison countries were gross prices that did not reflect potential discounts. As a result, the actual differences between U.S. prices and those of the other countries were likely larger than GAO estimates. The price differences varied by drug. Specifically, while estimated U.S. net prices were mostly higher than the gross prices in other countries (by as much as 10 times), some were lower. The following figure illustrates comparisons for two of GAO's selected drugs. GAO found similar differences in estimated prices paid by final payers at the manufacturer level. Estimated U.S. Net Prices and Selected Comparison Countries' Gross Prices at the Retail Level for Two Selected Drugs and Package Sizes, 2020 GAO's analysis found consumers' out-of-pocket costs for prescription drugs varied across and within all four countries but likely more within the U.S. and Canada where multiple payers had a role setting prices and designing cost-sharing for consumers, and not all consumers had prescription drug coverage. In Australia and France, prescription drug pricing was nationally regulated and prescription drug coverage was universal; thus, consumers' out-of-pocket costs within these countries for each drug were generally less varied. For example, in Australia, consumers typically paid one of two amounts for prescription drugs—either about 5 or 28 U.S. dollars in 2020. In the U.S., potential out-of-pocket costs for consumers could have varied much more widely depending on the type of coverage they had. For example, for one drug in GAO's analysis, considering only a few coverage options, consumers' out-of-pocket costs in 2020 could have ranged from a low of about 22 to a high of 514 U.S. dollars. GAO provided a draft to the Department of Health and Human Services for review and incorporated the Department's technical comments as appropriate. Why GAO Did This Study While spending on prescription drugs continues to grow worldwide, studies indicate the U.S. spends more than other countries. However, various factors—such as country-specific pricing strategies, confidential rebates to payers, and other price concessions—may obscure the actual prices of prescription drugs. GAO was asked to review U.S. and international prescription drug prices. This report (1) examines how prices at the retail and manufacturer levels in the U.S. compare to prices in three selected comparison countries—Australia, Canada, and France, and (2) provides information on consumers' out-of-pocket costs for prescription drugs in these countries. GAO analyzed 2020 price data for a non-generalizable sample of 41 brand-name drugs among those with the highest expenditures and use in the U.S. Medicare Part D program in 2017. Twenty of these drugs had price data available in all four countries. For U.S. prices, GAO estimated the net prices paid using data from various sources, including estimates of Medicare Part D rebates and other price concessions, and commercially available data. Prices for the selected comparison countries were obtained from publicly available government sources. National prices were not available for Canada, so GAO used the prices from Ontario, Canada's most populous province, as a proxy for Canadian prices. GAO also reviewed country-specific guidance and other relevant information and interviewed researchers, manufacturers, and government officials. For more information, contact John E. Dicken at (202) 512-7114 or dickenj@gao.gov.
    [Read More…]
  • LymeX: Applying Health+ for Patient-Powered Innovations
    In Human Health, Resources and Services
    April 12, 2021 By: Alex [Read More…]
  • Justice Department Warns About Fake Unemployment Benefit Websites
    In Crime News
    The Department of Justice has received reports that fraudsters are creating websites mimicking unemployment benefit websites, including state workforce agency (SWA) websites, for the purpose of unlawfully capturing consumers’ personal information.
    [Read More…]
  • International Commission of the International Tracing Service Annual Meeting
    In Crime Control and Security News
    Wendy R. Sherman, Deputy [Read More…]
  • Uruguay Travel Advisory
    In Travel
    Reconsider travel to [Read More…]
  • U.S. Leadership on Human Rights and Ending Systemic Racism
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Attorney General Merrick Garland Recognizes Individuals and Organizations for Service to Crime Victims
    In Crime News
    More from: April 23, 2021 [Read More…]
  • Deputy Secretary Biegun’s Travel to the Republic of Korea
    In Crime Control and Security News
    Office of the [Read More…]
  • Liberia National Day
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • June 23, 2021, letter commenting on AICPA’s Professional Ethics Executive Committee’s Proposed Interpretations and Definition of the AICPA Code of Professional Conduct, Responding to Non-Compliance with Laws and Regulations
    In U.S GAO News
    This letter provides GAO's comments on the proposed interpretation and definition entitled Responding to Non-Compliance with Laws and Regulations, which the American Institute of Certified Public Accountants (AICPA) prepared. GAO provides standards for performing high-quality audits of government organizations, programs, activities, and functions and of government assistance received by contractors, nonprofit organizations, and other nongovernment organizations with competence, integrity, objectivity, and independence.1 These standards, often referred to as generally accepted government auditing standards (GAGAS), are to be followed by auditors and audit organizations when required by law, regulation, agreement, contract, or policy. For financial audits, GAGAS incorporates by reference the AICPA's Statements on Auditing Standards. For attestation engagements, GAGAS incorporates by reference the AICPA's Statements on Standards for Attestation Engagements.
    [Read More…]
  • Owner of Brooklyn Ambulance Service Business Pleads Guilty to Not Paying Employment Taxes
    In Crime News
    A New York ambulance service business owner pleaded guilty on July 20 to failure to pay employment taxes.
    [Read More…]
  • United States Reaches Proposed Settlement with Ranch Owner to Restore Creek and Wetlands and Pay Damages for Trespass
    In Crime News
    The U.S. Department of Justice, U.S. Environmental Protection Agency (EPA) and Bureau of Land Management (BLM) announced that they have reached a proposed settlement with John Raftopoulos, Diamond Peak Cattle Company LLC and Rancho Greco Limited LLC (collectively, the defendants) to resolve violations of the Clean Water Act (CWA) and the Federal Land Policy and Management Act (FLPMA) involving unauthorized discharges of dredged or fill material into waters of the United States and trespass on federal public lands in northwest Moffat County, Colorado.
    [Read More…]
  • Acting Assistant Secretary of State for Consular Affairs Ian Brownlee Travels to Tucson, El Paso, Nogales (Sonora), and Ciudad Juárez
    In Crime Control and Security News
    Office of the [Read More…]