Correspondence issued by the Government Accountability Office with an abstract that begins "We identified 1,340 potential, separate initiatives that DOD funded from fiscal year 2008 through the first quarter of fiscal year 2012 that, in DOD officials’ opinion, met the above definition for C-IED initiatives. We relied on our survey, in part, to determine this number because DOD has not determined, and does not have a ready means for determining, the universe of C-IED initiatives. Of the 1,340 initiatives, we received detailed survey responses confirming that 711 initiatives met our C-IED definition. Of the remaining 629 initiatives for which we did not receive survey responses, 481 were JIEDDO initiatives. JIEDDO officials attribute their low survey returns for reasons including that C-IED initiatives are currently not fully identified, catalogued, and retrievable; however, they expect updates to their information technology system will correct this deficiency. Our survey also identified 45 different organizations that DOD is funding to undertake these 1,340 identified initiatives. Some of these organizations receive JIEDDO funding while others receive other DOD funding. We documented $4.8 billion of DOD funds expended in fiscal year 2011 in support of C-IED initiatives, but this amount is understated because we did not receive …

A letter report issued by the Government Accountability Office with an abstract that begins "The Department of Homeland Security (DHS) has identified and is communicating to its components and state and local partners topics that the training on countering violent extremism (CVE) it provides or funds should cover; in contrast, the Department of Justice (DOJ) has not identified what topics should be covered in its CVE-related training. According to a DHS official who leads DHS's CVE efforts, identifying topics has helped to provide a logical structure for DHS's CVE-related training efforts. According to DOJ officials, even though they have not specifically identified what topics should be covered in CVE-related training, they understand internally which of the department's training is CVE-related and contributes either directly or indirectly to the department's training responsibilities under the CVE national strategy. However, over the course of this review, the department generally relied upon the framework GAO developed for potential CVE-related training topics to determine which of its existing training was CVE-related. Further, because DOJ has not identified CVE-related training topics, DOJ components have had challenges in determining the extent to which their training efforts contribute to DOJ's responsibilities under the CVE national strategy. In addition, …

A letter report issued by the Government Accountability Office with an abstract that begins ""

Testimony issued by the Government Accountability Office with an abstract that begins "We identified four categories of assistance U.S. agencies have provided: (1) counter-IED training and equipment, (2) a counter-IED public awareness campaign, (3) training of border officials, and (4) legal assistance for laws and regulations to counter IEDs and IED precursors. We found that each agency providing counter-IED assistance to Pakistan performs a unique role based on its specialized knowledge and expertise. DHS, for example, takes primary responsibility for border management and customs investigation training. DHS conducts joint regional training and operational exercises for both Pakistani and Afghan border officials, including international border interdiction training and cross-border financial investigation training. DHS also plays a lead role in Program Global Shield to foster cross-border cooperation and initiate complementary border management and customs operations. According to DHS, the main goals of Program Global Shield are (1) to identify and interdict falsely declared explosive precursor chemicals, (2) to initiate investigations of smuggled or illegally diverted IED materials, and (3) to uncover smuggling and procurement networks that foster illicit trade."

A letter report issued by the Government Accountability Office with an abstract that begins "As of January 2012, GAO identified seven alternative models for compensating NRSROs (see table below). These models generally were designed to address the conflict of interest in the issuer-pays model, better align the NRSROs’ interest with users of ratings, or improve incentives NRSROs have to produce reliable and high-quality ratings. However, the amount of detail currently available for each model varies and none has been implemented. According to some of the authors of the models, there is little incentive to continue developing these models because it appears unlikely they will receive attention from regulators or legislators. For example, these authors noted that SEC had not reached out to them to further discuss these models as part of its ongoing study of alternative compensation models for credit rating agencies."

A letter report issued by the Government Accountability Office with an abstract that begins "The Federal Protective Service (FPS) has not been effective as the lead agency for the government facilities sector, which includes facilities at the federal, state, local, tribal and territorial level. Under the National Infrastructure Protection Plan (NIPP) and the 2010 sector-specific plan, FPS is responsible for establishing a risk management approach and developing effective partnerships for the sector. However, FPS has not implemented a risk management approach. According to FPS, it has not identified or obtained data on facilities at the federal, state, local, tribal and territorial level, which are fundamental for employing a risk management approach. In addition, despite providing information on the principles of threat, vulnerability, and consequence, FPS has not coordinated or assessed risk across government facilities, another key element of risk management. FPS also lacks effective metrics and performance data to track progress toward implementing a risk management approach and for the overall resilience or protection of government facilities. Consequently, FPS does not have a risk management approach for prioritizing and safeguarding critical government facilities. Furthermore, FPS has not built effective partnerships across different levels of government. While FPS chairs the Government …

A letter report issued by the Government Accountability Office with an abstract that begins "The Department of Homeland Security (DHS) is developing a resilience policy, but an implementation strategy is a key next step that could help strengthen DHS resilience efforts. DHS defines resilience as the ability to resist, absorb, recover from, or adapt to adversity, and some high-level documents currently promote resilience as a key national goal. Specifically, two key White House documents emphasize resilience on a national level--the 2011 Presidential Policy Directive 8 and the 2012 National Strategy for Global Supply Chain Security. Since 2009, DHS has emphasized the concept of resilience and is currently in the process of developing a resilience policy, the initial steps of which have included creating two internal entities--the Resilience Integration Team and the Office of Resilience Policy (ORP). According to ORP officials, they saw a need to establish a policy that provides component agencies with a single, consistent, departmentwide understanding of resilience that clarifies and consolidates resilience concepts from high-level guiding documents, and helps components understand how their activities address DHS's proposed resilience objectives. ORP officials hope to have an approved policy in place later this year. However, DHS officials stated that …

A letter report issued by the Government Accountability Office with an abstract that begins "The Department of Homeland Security (DHS) has conducted about 2,800 security surveys and vulnerability assessments on critical infrastructure and key resources (CIKR). DHS directs its protective security advisors to contact owners and operators of high-priority CIKR to offer to conduct surveys and assessments. However, DHS is not positioned to track the extent to which these are performed at high-priority CIKR because of inconsistencies between the databases used to identify these assets and those used to identify surveys and assessments conducted. GAO compared the two databases and found that of the 2,195 security surveys and 655 vulnerability assessments conducted for fiscal years 2009 through 2011, 135 surveys and 44 assessments matched and another 106 surveys and 23 assessments were potential matches for high-priority facilities. GAO could not match additional high-priority facilities because of inconsistencies in the way data were recorded in the two databases, for example, assets with the same company name had different addresses or an asset at one address had different names. DHS officials acknowledged that the data did not match and have begun to take actions to improve the collection and organization of the …

Testimony issued by the Government Accountability Office with an abstract that begins "The November 2011 memorandum that discussed the management of the Chemical Facility Anti-Terrorism Standards (CFATS) program was prepared based primarily on the observations of the former Director of the Department of Homeland Security’s (DHS) Infrastructure Security Compliance Division (ISCD), a division of the Office of Infrastructure Protection (IP) within the National Protection and Programs Directorate (NPPD). The memorandum was intended to highlight various challenges that have hindered ISCD efforts to implement the CFATS program. According to the former Director, the challenges facing ISCD included not having a fully developed direction and plan for implementing the program, hiring staff without establishing need, and inconsistent ISCD leadership—factors that the Director believed place the CFATS program at risk. These challenges centered on three main areas: (1) human capital issues, including problems hiring, training, and managing ISCD staff; (2) mission issues, including problems reviewing facility plans to mitigate security vulnerabilities; and (3) administrative issues, including concerns about NPPD and IP not supporting ISCD’s management and administrative functions."

Testimony issued by the Government Accountability Office with an abstract that begins "The November 2011 memorandum that discussed the management of the Chemical Facility Anti-Terrorism Standards (CFATS) program was prepared based primarily on the observations of the Director of the Department of Homeland Security’s (DHS) Infrastructure Compliance Security Division (ISCD), a component of the Office of Infrastructure Protection (IP) within the National Protection and Programs Directorate (NPPD). The memorandum was intended to highlight various challenges that have hindered ISCD efforts to implement the CFATS program. According to the Director, the challenges facing ISCD included not having a fully developed direction and plan for implementing the program, hiring staff without establishing need, and inconsistent ISCD leadership—factors that the Director believed place the CFATS program at risk. These challenges centered on human capital issues, including problems hiring, training, and managing ISCD staff; mission issues, including overcoming problems reviewing facility plans to mitigate security vulnerabilities and performing compliance inspections; and administrative issues, including concerns about NPPD and IP not supporting ISCD’s management and administrative functions."

Testimony issued by the Government Accountability Office with an abstract that begins "The November 2011 memorandum that discussed the management of the Chemical Facility Anti-Terrorism Standards (CFATS) program was prepared based primarily on the observations of the former Director of the Department of Homeland Security's (DHS) Infrastructure Security Compliance Division (ISCD), a division of the Office of Infrastructure Protection (IP) within the National Protection and Programs Directorate (NPPD). The memorandum was intended to highlight various challenges that have hindered ISCD efforts to implement the CFATS program. According to the former Director, the challenges facing ISCD included not having a fully developed direction and plan for implementing the program, hiring staff without establishing need, and inconsistent ISCD leadership--factors that the Director believed place the CFATS program at risk. These challenges centered on three main areas: (1) human capital issues, including problems hiring, training, and managing ISCD staff; (2) mission issues, including problems reviewing facility plans to mitigate security vulnerabilities; and (3) administrative issues, including concerns about NPPD and IP not supporting ISCD's management and administrative functions."

A letter report issued by the Government Accountability Office with an abstract that begins ""

Testimony issued by the Government Accountability Office with an abstract that begins "The threats to systems supporting critical infrastructures are evolving and growing. In testimony, the Director of National Intelligence noted a dramatic increase in cyber activity targeting U.S. computers and systems, including a more than tripling of the volume of malicious software. Varying types of threats from numerous sources can adversely affect computers, software, networks, organizations, entire industries, and the Internet itself. These include both unintentional and intentional threats, and may come in the form of targeted or untargeted attacks from criminal groups, hackers, disgruntled employees, nations, or terrorists. The interconnectivity between information systems, the Internet, and other infrastructures can amplify the impact of these threats, potentially affecting the operations of critical infrastructures, the security of sensitive information, and the flow of commerce. Moreover, the electricity grid’s reliance on IT systems and networks exposes it to potential and known cybersecurity vulnerabilities, which could be exploited by attackers. The potential impact of such attacks has been illustrated by a number of recently reported incidents and can include fraudulent activities, damage to electricity control systems, power outages, and failures in safety equipment."

Testimony issued by the Government Accountability Office with an abstract that begins "The threats to systems supporting critical infrastructures are evolving and growing. In a February 2011 testimony, the Director of National Intelligence noted that there had been a dramatic increase in cyber activity targeting U.S. computers and systems in the previous year, including a more than tripling of the volume of malicious software since 2009. Varying types of threats from numerous sources can adversely affect computers, software, networks, organizations, entire industries, and the Internet itself. These include both unintentional and intentional threats, and may come in the form of targeted or untargeted attacks from criminal groups, hackers, disgruntled employees, hostile nations, or terrorists. The interconnectivity between information systems, the Internet, and other infrastructures can amplify the impact of these threats, potentially affecting the operations of critical infrastructures, the security of sensitive information, and the flow of commerce. Moreover, the smart grid’s reliance on IT systems and networks exposes the electric grid to potential and known cybersecurity vulnerabilities, which could be exploited by attackers."

Testimony issued by the Government Accountability Office with an abstract that begins "The nation faces an evolving array of cyber-based threats arising from a variety of sources. These threats can be intentional or unintentional. Unintentional threats can be caused by software upgrades or defective equipment that inadvertently disrupt systems, and intentional threats can be both targeted and untargeted attacks from a variety of threat sources. Sources of threats include criminal groups, hackers, terrorists, organization insiders, and foreign nations engaged in crime, political activism, or espionage and information warfare. These threat sources vary in terms of the capabilities of the actors, their willingness to act, and their motives, which can include monetary gain or political advantage, among others. Moreover, potential threat actors have a variety of attack techniques at their disposal, which can adversely affect computers, software, a network, an organization’s operation, an industry, or the Internet itself. The nature of cyber attacks can vastly enhance their reach and impact due to the fact that attackers do not need to be physically close to their victims and can more easily remain anonymous, among other things. The magnitude of the threat is compounded by the ever-increasing sophistication of cyber attack techniques, such …

A letter report issued by the Government Accountability Office with an abstract that begins "As of the most recent agency data submitted in September 2011, 24 agencies identified almost 2,900 total centers, established plans to close 1,186 of them by 2015, and estimated they would realize over $2.4 billion in cost savings in doing so. However, while the Office of Management and Budget (OMB) required agencies to complete missing elements in their data center inventories and plans by the end of September 2011, only 3 agencies submitted complete inventories and only 1 agency submitted a complete plan. For example, in their inventories, 17 agencies do not provide full information on their information technology facilities and energy usage, and 8 provide only partial information on their servers. Further, in their consolidation plans, 13 agencies do not provide a full master program schedule and 21 agencies do not fully report their expected cost savings. Officials from several agencies reported that some of this information was unavailable at certain facilities or that the information was still being developed. In a prior report, GAO recommended that agencies complete the missing elements from their inventories and plans. Until these inventories and plans are complete, agencies …

Correspondence issued by the Government Accountability Office with an abstract that begins "In summary, according to FMS officials, FMS considers both TOP and the cross-servicing program to be fully mature in that all key elements of the programs have been implemented. As such, FMS's current and future efforts will focus on enhancements that will (1) for TOP, facilitate its ability to increase federal nontax debt collections through additional offsets and (2) for the cross-servicing program, enable it to collect such debt more efficiently and effectively. Further, FMS is considering a number of initiatives intended to improve centralized collection of delinquent federal nontax debt. These initiatives primarily involve increasing the amount of debt subject to collection by FMS, bolstering FMS's set of debt collection tools, and enhancing FMS's internal operations and interactions with referring federal agencies. Several of FMS's initiatives, which are in the early stages of development, could, if approved and effectively implemented, address long-standing concerns about FMS's centralized debt collection program."

A letter report issued by the Government Accountability Office with an abstract that begins "On August 2, 2011, Congress and the President enacted the Budget Control Act of 2011, which established a process that increased the debt limit to its current level of $16.4 trillion through incremental increases effective on August 2, 2011; after close of business on September 21, 2011; and after close of business on January 27, 2012. Delays in raising the debt limit occurred prior to the August 2011 and January 2012 increases, with the Department of the Treasury (Treasury) deviating from its normal debt management operations and taking a number of actions, referred to by Treasury as extraordinary actions, to avoid exceeding the debt limit."

A letter report issued by the Government Accountability Office with an abstract that begins "Debt buybacks can help advance Treasury’s goals under a variety of budget and market conditions. For example, Treasury currently faces rollover peaks—large increases in the amounts of maturing debt that must be refinanced at a given time—which expose Treasury to the risk of refinancing large amounts of debt when interest rates are less favorable. All four of our case study countries use debt buybacks to mitigate rollover risk. Buybacks can also be used to enhance liquidity, which can be adversely affected when the growth in borrowing slows rapidly and issue sizes decline significantly. GAO’s illustrative analysis of Treasury’s past buyback program showed that, had Treasury refinanced the debt by simultaneously issuing new debt, it could have captured a liquidity premium—the additional price investors are willing to pay for securities that can be easily traded—which would reduce interest costs."

A letter report issued by the Government Accountability Office with an abstract that begins "The average cost to count each housing unit rose from $70 in 2000 to $97 in 2010 (in constant 2010 dollars). While the U.S. Census Bureau (Bureau) made changes to its budget structure from 2000 to 2010, they did not document the changes that would facilitate comparisons over time and cannot identify specific drivers of this cost growth. According to GAO’s Cost Estimating and Assessment Guide, an agency can strengthen its ability to control costs by using available cost data to make comparisons over time and identify and quantify trends. The Bureau faces the fundamental challenge of striking a balance between how best to control costs without compromising accuracy. However, the Bureau’s inability to identify specific actionable factors affecting past growth will make it difficult for the Bureau to focus its efforts to control costs for the 2020 Census."

Correspondence issued by the Government Accountability Office with an abstract that begins "DOD has identified DAWDF as a key tool used to address gaps in the acquisition workforce through additional hiring and training initiatives. For example, DOD officials noted they used DAWDF funds to hire about 5,855 new acquisition staff through fiscal year 2011 and enabled the Defense Acquisition University to provide 19,000 additional classroom seats, among other improvements. However, DOD’s ability to effectively execute hiring and other initiatives has been hindered by delays in the DAWDF funding process and the absence of clear guidance on the availability and use of related funds. DOD has not collected and distributed funds within required timeframes, sometimes delaying distribution to components until the following fiscal year. For example, only about 39 percent of the total amount of fiscal year 2011 transfer funds were distributed before the end of the fiscal year. These delays can result in uncertainty about the availability of funds, and negatively impact the components’ ability to execute according to their approved plans for the year. Additionally, DOD officials noted that the delays contributed, at least in part, to the amount of unobligated funds that were carried over to future years. …

A letter report issued by the Government Accountability Office with an abstract that begins "The total estimated cost of the Department of Defense’s (DOD) 2011 portfolio of 96 major defense acquisition programs stands at $1.58 trillion. In the past year, the total acquisition cost of these programs has grown by over $74.4 billion or 5 percent, of which about $31.1 billion can be attributed to factors such as inefficiencies in production, $29.6 billion to quantity changes, and $13.7 billion to research and development cost growth. DOD’s portfolio is dominated by a small number of programs, with the Joint Strike Fighter accounting for the most cost growth in the last year, and the largest projected future funding needs. The majority of the programs in the portfolio have lost buying power in the last year as their program acquisition unit costs have increased. The number of programs in the portfolio has decreased from 98 to 96 in the past year and, looking forward, is projected to decrease again next fiscal year to its lowest level since 2004."

A letter report issued by the Government Accountability Office with an abstract that begins "At the departmental level, neither the Department of Defense (DOD) nor the individual military departments know the extent to which weapon system programs rely on long-term maintenance contracts. DOD policy requires DOD and the military departments to approve acquisition strategies and lifecycle sustainment plans, which include information on contractor support, but DOD officials reported that they do not collect information on the use of long-term contracts. DOD’s limited visibility over long-term maintenance contracts reflects broader DOD challenges with managing services acquisition. GAO’s past work has identified the need for DOD to obtain better data on its contracted services to enable it to make more strategic decisions. DOD is considering a number of policy- and data-related initiatives that could improve its knowledge of these contracts, but these efforts are in the early stages of development."

A letter report issued by the Government Accountability Office with an abstract that begins "The Department of Defense (DOD) made a number of changes to improve the utility of the fiscal year 2010 inventory, such as centrally preparing contract data to provide greater consistency among DOD components and increasing the level of detail on the services provided. DOD, however, continued to rely primarily on the Federal Procurement Data System-Next Generation (FPDS-NG) for the inventory for most defense components other than the Army. As such, DOD acknowledged a number of factors that limited the utility, accuracy, and completeness of the inventory data. For example, FPDS-NG does not identify more than one type of service purchased for each contract action, provide the number of contractor full-time equivalent personnel, or identify the requiring activity. As before, the Army used its Contractor Manpower Reporting Application to compile its fiscal year 2010 inventory. This system collects data reported by contractors on services performed at the contract line item level, including information on labor hours and the function and mission performed. DOD officials noted that the Army’s current process complies with legislative requirements. In January 2011, GAO recommended that DOD develop a plan with time frames …