This is the accessible text file for GAO report number GAO-03-14 
entitled 'Combating Terrorism: Actions Needed to Guide Services' 
Antiterrorism Efforts at Installations' which was released on November 
01, 2002.



This text file was formatted by the U.S. General Accounting Office 

(GAO) to be accessible to users with visual impairments, as part of a 

longer term project to improve GAO productsí accessibility. Every 

attempt has been made to maintain the structural and data integrity of 

the original printed product. Accessibility features, such as text 

descriptions of tables, consecutively numbered footnotes placed at the 

end of the file, and the text of agency comment letters, are provided 

but may not exactly duplicate the presentation or format of the printed 

version. The portable document format (PDF) file is an exact electronic 

replica of the printed version. We welcome your feedback. Please E-mail 

your comments regarding the contents or accessibility features of this 

document to Webmaster@gao.gov.



Report to the Chairman, Special Oversight Panel on Terrorism, Committee 

on Armed Services, House of Representatives:



United States General Accounting Office:



GAO:



November 2002:



COMBATING TERRORISM:



Actions Needed to Guide Servicesí Antiterrorism Efforts at 

Installations:



Combating Terrorism:



GAO-03-14:



Contents:



Letter:



Results in Brief:



Background:



Servicesí Antiterrorism Efforts Lack a Results-Oriented Management 

Framework:



Services Are Implementing Risk Management but Provide Inadequate 

Oversight:



DODís Combating Terrorism Funding Reports Do Not Clearly Reflect Costs:



Conclusions:



Recommendations for Executive Action:



Agency Comments and Our Evaluation:



Appendix I: Scope and Methodology:



Appendix II: Comments from the Department of Defense:



Appendix III: GAO Contacts and Staff Acknowledgments:



Related GAO Products:



Table:



Table 1: Results-Oriented Management Framework Principles:



Figures:



Figure 1: DODís Combating Terrorism Funding for Fiscal Years 1999 to 

2003:



Figure 2: Estimated Personnel Costs as Part of Combating Terrorism 

Funding for Fiscal Years 1999 to 2003:



Abbreviations:



DOD: Department of Defense:



GAO: General Accounting Office:



Letter:



November 1, 2002:



The Honorable Jim Saxton

Chairman, Special Oversight Panel on Terrorism

Committee on Armed Services

House of Representatives:



Dear Mr. Chairman:



After the September 11, 2001, terrorist attacks, domestic military 

installations increased their antiterrorism measures[Footnote 1] to 

their highest levels. These measures were reduced in the weeks 

following the World Trade Center and Pentagon attacks, but because of 

the persistent nature of the threat, the antiterrorism posture at 

domestic installations remains at a higher than normal level more than 

1 year later. The Department of Defenseís (DOD) budget request for 

fiscal year 2003 includes over $10 billion for combating terrorism 

activities,[Footnote 2] which includes a substantial increase in 

funding for antiterrorism measures to safeguard personnel and strategic 

assets.



We previously examined the implementation of DODís antiterrorism 

initiatives, and focused on the measures taken by domestic military 

installations to reduce vulnerabilities last year. We reported that at 

the departmental level, the antiterrorism efforts lacked critical 

management elements, such as a strategic plan containing long-term 

goals and a performance plan to measure results, assess progress, and 

identify corrective actions.[Footnote 3] To strengthen the management 

of the antiterrorism program, we recommended that DOD establish a 

management framework containing these elements, which could then 

provide a vehicle to guide resource allocations and measure the results 

of DODís improvement efforts. DOD agreed with this recommendation and 

initiated steps to develop the framework but temporarily suspended 

these efforts after the terrorist attacks on September 11, 2001. The 

Department has recently restarted these efforts.



If consistent with our previous recommendation, this forthcoming 

Department-wide framework should represent a significant and important 

shift in management focus--from measuring program activities and 

processes to measuring program results. To supplement and support this 

results-oriented approach, a comprehensive risk management process can 

be an effective foundation for allocating antiterrorism resources. Risk 

management is a systematic, analytical process to determine the 

likelihood that a threat will harm individuals or physical assets and 

to identify actions to reduce risk and mitigate the consequences of a 

terrorist attack. (More detailed information on risk management appears 

in the background section of this report.):



Because of the increased emphasis on and funding for DODís 

antiterrorism efforts, you asked us to examine the management framework 

each military Department has established to implement antiterrorism 

initiatives. Accordingly, this report specifically focuses on the 

extent to which the military services and selected commands (1) use a 

results-oriented management framework to guide their antiterrorism 

efforts at domestic installations[Footnote 4] and (2) have established 

an effective risk management approach to develop specific antiterrorism 

requirements. Because you also asked us to examine how DOD reports 

combating terrorism funding, we also reviewed funding trends and 

determined whether DODís annual budget reports to Congress completely 

and accurately portray funding for combating terrorism.



To accomplish this work we obtained and reviewed documents, examined 

the operations of the four service headquarters and eight major service 

commands and reserve components, and interviewed cognizant officials. 

Collectively, these eight commands have antiterrorism responsibilities 

for approximately 444 installations.[Footnote 5] Although the 

information we obtained at these commands cannot be generalized to 

describe the Departmentís overall antiterrorism efforts, it provides 

insights into the antiterrorism programs within these commands. Further 

information on our scope and methodology appears in appendix I.



Results in Brief:



For the most part, the service headquarters and commands we reviewed 

did not use a comprehensive results-oriented management framework to 

guide their antiterrorism efforts. For example, resource decisions 

generally were not made with reference to specific, long-term goals, 

and short-term measurable performance goals had not been set. However, 

3 of the 12 organizations included in our review--Air Force 

headquarters, Army Forces Command, and the Navyís Atlantic Fleet--did 

have some, but not all, elements of a results-oriented management 

framework in place. The Army Forces Commandís management framework 

appeared to be the most complete, containing elements such as long-term 

and annual goals, clear performance measures, quarterly reviews, and 

the identification of resource requirements. The Forces Commandís 

framework also appeared to have strong support from senior command 

officials, without which it might not have been as fully implemented. 

According to service officials, a comprehensive results-oriented 

management framework for antiterrorism efforts is not consistently used 

across all services and commands because DOD does not require it, and 

service officials indicated that they were reluctant to develop such an 

approach before the forthcoming DOD-wide antiterrorism strategy was 

issued. Although the Department has recently restarted its efforts 

toward developing this strategy, it has not set a specific time frame 

for its completion. Without a results-oriented management framework at 

both DOD and the service levels to prioritize, integrate, and evaluate 

antiterrorism initiatives, the services and commands may not be 

efficiently allocating the significant resources currently applied to 

antiterrorism efforts or effectively assessing progress in safeguarding 

military personnel and assets.



The services and commands we reviewed are generally following 

prescribed guidance and regulations to conduct risk management analyses 

(i.e., terrorist threat, vulnerability, and asset criticality 

assessments) to support their antiterrorism requirements, but 

significant weaknesses exist with the current approach. Each service 

has established requirements for installations to use a risk management 

approach in developing funding requirements and generally provided 

implementing guidance on preparing the assessments; in addition, each 

command verified that assessments have been completed. However, 

weaknesses exist in the servicesí oversight of this process. 

Specifically, the commands do not always require documentation of the 

assessments, and they do not periodically evaluate the assessment 

methodology used at each installation to determine the thoroughness of 

the analyses or the consistency with required assessment methodology. 

If the services and commands do not evaluate installation assessments 

and do not require the documentation of all assessments, then they have 

no assurance that installationsí antiterrorism requirements are based 

on a rigorous application of risk management principles or that these 

assessments produce comparable results across a service. Consequently, 

when the services consolidate their antiterrorism requirements, the 

result may not accurately reflect the most pressing needs.



DOD has reported that $32.1 billion has been allocated or requested for 

combating terrorism activities from fiscal year 1999 through fiscal 

year 2003; however, these reported amounts may not present a clear 

picture of total combating terrorism costs. Our analysis indicates that 

$19.4 billion (60 percent) of this amount is for military and civilian 

personnel and personnel-related operating costs associated with 

individuals in designated specialties that have combating terrorism-

related missions, such as military police, civilian police, and 

security guards. This allocation may overstate actual combating 

terrorism costs, however, because the military services accounting 

systems do not track the actual time that these individuals spend on 

activities related to combating terrorism. Consequently, the total 

funding allocated to these personnel specialties are included in the 

report, even if the individuals spend only a portion of their time 

performing combating terrorism activities.



We are recommending that DOD accelerate its efforts to develop a 

Department-wide strategy, set a target date for its completion, and 

work with the military services to concurrently initiate steps to adopt 

a results-based management framework for their antiterrorism efforts 

that is consistent with this Department-wide approach. We also are 

recommending that the services take steps to improve their risk 

management approaches that underpin antiterrorism requirements. 

Additionally, we are recommending that steps be taken to clarify DODís 

combating terrorism budget report provided to Congress. In written 

comments on a draft of this report, DOD agreed with all of our 

recommendations and it identified actions that are under way at the 

Department to address these recommendations.



Background:



DODís Antiterrorism Policy and Guidance:



DOD issued a directive[Footnote 6] signed by the Deputy Secretary of 

Defense that provides DODís antiterrorism policy and assigns 

responsibilities to DOD organizations for implementing antiterrorism 

initiatives. This directive places responsibility for developing 

antiterrorism policy and guidance with the Office of the Assistant 

Secretary of Defense for Special Operations and Low-Intensity 

Conflict.[Footnote 7] In this capacity, the Assistant Secretary of 

Defense issued an instruction that established 31 antiterrorism 

standards that DOD organizations, including the services, are required 

to implement.[Footnote 8], [Footnote 9] These standards address 

antiterrorism planning, training requirements, physical security 

measures, and related issues. The office also issued a handbook 

containing additional detailed guidance on antiterrorism policies and 

practices, including guidance on assessment methodology.[Footnote 10] 

The Joint Staff has also issued an installation-planning template to 

help installations prepare their antiterrorism plans.[Footnote 11] 

Additionally, each of the services has issued regulations, orders and 

instructions to implement the DOD guidance and establish its own 

specific policies and standards. DOD and the services have recently 

revised some of these key guidance documents, and others are now under 

revision.



Process for Developing Servicesí Antiterrorism Requirements:



The services assign responsibility for protecting installations from 

terrorist attacks to installation commanders, who identify and 

prioritize antiterrorism requirements. Installation commanders are to 

compose a prioritized list of antiterrorism requirements from annual 

assessments of threat, vulnerability, and the criticality of assets, 

which they submit to their respective major commands. The major 

commands merge the antiterrorism requirements from all of their 

installations, prioritize them, and forward their integrated list to 

the serviceís headquarters. Similarly, the services merge and 

prioritize the antiterrorism requirements of their major commands, and 

the consolidated list is then used as a basis for funding decisions.



DODís Risk Management Approach:



The required assessments of threat, vulnerability, and criticality of 

assets form the foundation of each installationís antiterrorism plan 

and support a risk management approach to resource allocation. These 

three assessments are designed to assess (1) the threats to the 

installation, (2) the installationís vulnerabilities, and (3) the 

installationís critical assets.



The threat assessment identifies and evaluates potential threats on the 

basis of such factors as the threatsí capabilities, intentions, and 

past activities. This assessment represents a systematic approach to 

identify potential threats before they materialize. However, this 

assessment might not adequately capture some emerging threats, even in 

cases where the assessment is frequently updated. The risk management 

approach therefore uses vulnerability and asset criticality assessments 

as additional inputs to the risk management decision-making process.



A vulnerability assessment identifies weaknesses that may be exploited 

by identified threats and suggests options that address those 

weaknesses. For example, a vulnerability assessment might reveal 

weaknesses in an installationís access control system, its 

antiterrorism awareness training, or how mission-critical assets such 

as fuel storage sites and communications centers are protected. Teams 

of multidisciplinary experts skilled in such areas as structural 

engineering, physical security, and installation preparedness conduct 

these assessments.



A criticality assessment evaluates and prioritizes assets and functions 

to identify which assets and missions are relatively more important to 

protect from attack. For example, important communications facilities, 

utilities, or major weapons systems might be identified as critical to 

the execution of U.S. military war plans, and therefore receive 

additional protection. Criticality assessments provide information in 

order to prioritize resources while at the same time, reducing the 

potential application of resources on lower-priority assets.



Servicesí Antiterrorism Efforts Lack a Results-Oriented Management 

Framework:



The critical elements of a results-oriented management framework are 

not being used by the services to guide their antiterrorism efforts. In 

results-based management, program effectiveness is measured in terms of 

outcomes or impact rather than outputs (i.e., activities and 

processes). Results-oriented principles and elements, which we have 

derived from the Government Performance and Results Act,[Footnote 12] 

are presented in table 1. Benefits from a results-based management 

approach depend upon the combined use of all eight of the critical 

elements that appear in the table. These elements, when combined with 

effective leadership can provide a management framework to guide major 

programs and activities.



Table 1: Results-Oriented Management Framework Principles:



Principle: Strategic plan--defines the programís overall purpose, 

mission, and intent.; Critical elements: Long-term goals--typically 

general in nature that lay out what the agency wants to accomplish in 

the next 5 years..



Critical elements: Strategies to be used--general methods the agency 

plans to use to accomplish long-term goals..



Critical elements: External factors--factors that may significantly 

affect the agencyís ability to accomplish goals..



Principle: Performance plan--describes detailed implementation actions 

as well as measurements and indicators of performance.; Critical 

elements: Performance goals--stated in objective measurable form..



Critical elements: Resources--a description of the resources needed to 

meet the performance goals..



Critical elements: Performance indicators--mechanisms to measure 

outcomes of the program..



Critical elements: Evaluation plan--means to compare and report on 

program results vs. performance goals..



Critical elements: Corrective actions--a list of actions needed to 

address or revise any unmet goals..



Source: Government Performance and Results Act of 1993.



[End of table]



The critical elements of a results-oriented management framework were 

largely absent in the antiterrorism efforts of three servicesí 

headquarters and at six of the eight commands we examined. 

Specifically, the services have not published and disseminated 

unambiguous results-based, strategic and performance goals for their 

antiterrorism efforts. Some service antiterrorism officials did 

articulate broadly stated goals--such as protecting personnel and 

material assets against terrorist attack, and defeating terrorism--but 

these goals have not been endorsed and disseminated by service 

headquarters as servicewide goals nor have the services described how 

these goals will be achieved or how they intend to evaluate results in 

terms of the goals. The Air Force, however, has taken some steps toward 

a results-based management framework. For example, it has published 

long-term goals and established service-level working groups to 

evaluate the effectiveness of its antiterrorism program and identify 

the actions needed to address or revise any unmet goals. Although the 

Air Force has taken these positive steps, Air Force officials 

acknowledge that the elements may not have been effectively articulated 

servicewide so that installations can understand the ďbig pictureĒ and 

how all elements fit together. In fact, officials we contacted from Air 

Combat Command and Air National Guard were not aware of the service-

level goals or performance-planning elements.



At the command level, a results-oriented management framework was 

largely absent in the antiterrorism efforts of six of the eight major 

commands we reviewed. For example, the Air Combat Command did not have 

overarching antiterrorism goals for its 15 bases, although command 

officials said that they planned to develop them. Also, the Army 

National Guard has not issued antiterrorism goals for its 3,900 

armories and 211 installations and has no plan to do so.



Two of the commands--the Armyís Forces Command and the Navyís Atlantic 

Fleet--adopted aspects of a results-oriented framework, and officials 

said that they did so on their own initiative and without direction 

from their parent service. The Army Forces Command management framework 

contained most of the critical management elements, such as quarterly 

reviews, long-term and annual goals, clear performance measures, and 

identification of resource requirements. Army Forces Command officials 

said that the results-based management approach enables its senior 

officers to monitor the commandís progress toward its short-and long-

term goals and make necessary adjustments to the strategy and resource 

allocation to accomplish these goals. Forces Command officials 

attributed their management approachís success, in large part, to the 

involvement of senior command officials and their endorsement of 

this management approach. According to Army headquarters 

antiterrorism officials, the Forces Command management framework 

has been an effective approach and may be useful as a model for other 

major commands.



The Navyís Atlantic Fleet Command also articulated long-term goals 

and strategies to accomplish its antiterrorism goals. For example, the 

fleet developed a plan of action to address security deficiencies that 

were identified through assessments by establishing a database to 

track deficiencies and identify trends. The fleet also linked resource 

requirements to accomplish these steps and developed metrics to measure 

results. According to the Atlantic Fleet officials we spoke with, 

however, these strategies are not currently being used by the fleet to 

shape its antiterrorism efforts because they are waiting for the Navy 

to issue servicewide antiterrorism goals. Atlantic Fleet officials 

stated they wanted to avoid having separate and different strategic 

plans for each command.



The services and their major commands cite two primary reasons for 

not employing a results-based management framework to guide and 

implement their antiterrorism efforts. First, the services do not want 

to adopt goals and strategies that might prove inconsistent with DODís 

forthcoming, Department-wide antiterrorism strategy. As discussed 

earlier, the Department was in the process of developing an 

antiterrorism strategy, but suspended its efforts after the attacks on 

the World Trade Center and the Pentagon because of the pressing needs 

of the war on terrorism. DOD officials have indicated that they have 

reinitiated their efforts to develop a strategy but have not set a 

target date for their completion. The second reason cited by service 

officials for not employing a results-oriented management framework was 

that strategic planning and performance planning called for by the 

Results Act applies to agencies and not to specific efforts such as 

antiterrorism. We agree that the services and major commands are not 

required by the Results Act to prepare strategic plans and performance 

plans specific to their antiterrorism efforts. Nonetheless, the Results 

Act offers a model for developing an effective management framework to 

improve the likelihood of successfully implementing initiatives and 

assessing results.



Without a results-based management approach to prioritize, integrate, 

and evaluate their efforts, it will be difficult for the services and 

their major commands to systematically plan and implement antiterrorism 

programs or assess their progress in reducing the likelihood and impact 

of terrorist attacks. It is crucial that the services identify and 

support those efforts that are most likely to achieve long-term 

antiterrorism goals because funding is not sufficient to eliminate or 

mitigate all identified vulnerabilities.



Services Are Implementing Risk Management but Provide Inadequate 

Oversight:



The services and commands we reviewed are generally following 

prescribed guidance and regulations to use the DOD risk management 

approach in developing their installation antiterrorism requirements, 

but a significant weakness exists with the oversight of this process. 

Specifically, the services are not required to evaluate the 

thoroughness of all installationsí annual risk management assessments 

or whether installations used required methodologies to perform these 

assessments. As previously discussed, under DODís antiterrorism 

approach, three assessments (threat, vulnerability, and criticality) 

provide the installation commanders with the information necessary to 

manage the risk of a terrorist attack, and develop an antiterrorism 

program for the installation.[Footnote 13] It also provides guidance 

for completing these assessments;[Footnote 14] and it requires the 

military Departments, through the services, to oversee the 

antiterrorism efforts at their installations.[Footnote 15] In their 

oversight role, the military Departments, through the services, are 

required to ensure that installation antiterrorism efforts adhere to 

the antiterrorism standards established by DOD.[Footnote 16]



To implement DODís required risk management approach, the services have 

issued supplements to DODís guidance requiring installations to conduct 

the three risk management assessments and indicating how these 

assessments should be performed. The supplemental guidance of three of 

the services--the Army, Air Force, and the Marine Corps--requires 

service-specific methodologies to be used for the assessments.[Footnote 

17] The commands, to which the services have delegated some oversight 

responsibility for installationsí antiterrorism efforts, generally 

verified that installations completed annual threat, vulnerability, and 

asset criticality assessments. Command officials indicated that they 

verify whether installationsí annual risk assessments have been 

completed in one of two ways: (1) through the request for and receipt 

of copies of the written assessments or (2) through verbal verification 

from the installation commanders. The Navy, however, does not require 

that annual vulnerability assessments be documented and does not verify 

that these assessments are completed.



To provide oversight of the risk management process, DODís 

antiterrorism standards require a higher headquarters review of 

subordinate installationsí antiterrorism programs once every 3 years 

for installations that meet specific criteria.[Footnote 18] These 

reviews are conducted by teams of specialists skilled in various 

disciplines (such as engineering, intelligence, and security) from the 

Joint Staff, service headquarters, or major command. The reviews 

assess, among other things, an installationís antiterrorism plans, 

physical security, vulnerabilities and solutions for enhanced 

protection, and incident response measures. These reviews, however, do 

not routinely evaluate the methodology used to develop the annual 

installation assessments.[Footnote 19] Moreover, there is no 

requirement to review the antiterrorism programs of installations that 

do not meet DODís criteria for higher headquarters assessments.



Because the results of assessments form the foundation of installation 

antiterrorism plans, which drive servicewide requirements, it is 

critical that assessments be performed consistently across each service 

to ensure that assessment results are comparable. According to DOD 

officials, installationsí risk assessments were not evaluated for two 

reasons. First, DOD does not specifically require the services and 

their commands to evaluate installation assessments. Second, several 

command officials indicated that evaluating assessment methodologies 

would provide little or no added value to the process.



The Air Force and the Navy have initiatives under way that will place a 

greater emphasis and importance on the results of the installationsí 

risk management efforts. Both services are using to varying degrees an 

automated risk management program that should improve visibility over 

installation assessments and the resulting antiterrorism requirements. 

This program--the Vulnerability Assessment Management Program--will 

enable service and command officials to track assessment results and 

prioritize corrective actions servicewide.[Footnote 20] The program 

will contain information about installationsí antiterrorism 

requirements and the threat, vulnerability, and asset criticality 

assessments that support these requirements. It is also designed to 

allow service officials to conduct trend analyses, identify common 

vulnerabilities, and track corrective actions. Service officials stated 

that this program will also enable them to evaluate the risk assessment 

methodologies used at each installation, but it is unclear how this 

will be accomplished.



If installationsí risk assessments are not periodically evaluated to 

ensure that assessments are complete and that a consistent or 

compatible methodology has been applied, then commands have no 

assurance that their installationsí antiterrorism requirements are 

comparable or based on the application of risk management principles. 

Consequently, when the services and commands consolidate their 

antiterrorism requirements (through the process of merging and 

reprioritizing the requirements of their multiple installations), the 

result may not accurately reflect the servicesí most pressing needs. 

For example, if a standard methodology is not consistently applied, 

then vulnerabilities may not be identified and critical facilities may 

be overlooked. Or in the case of the Navy, the lack of assessment 

documentation further limits the commandís ability to perform its 

oversight responsibility.



DODís Combating Terrorism Funding Reports Do Not Clearly Reflect Costs:



DOD has reported that $32.1 billion has been allocated or requested for 

combating terrorism activities from fiscal year 1999 through fiscal 

year 2003; however, these reported amounts may not present a clear 

picture of total combating terrorism costs. Each year, DOD is required 

to provide Congress with a report on the funds allocated to combat 

terrorism activities.[Footnote 21] DODís reported annual combating 

terrorism allocations have risen from $4.5 billion in fiscal year 1999 

to $10 billion in the fiscal year 2003 budget request. Significant 

uncertainty exists, however, regarding the accuracy of these reported 

amounts because over half are associated with personnel who may or may 

not be engaged in combating terrorism activities full-time.



DOD Is Required to Report Its Funding Requirements Annually:



The National Defense Authorization Act for Fiscal Year 2000 requires 

DOD to provide Congress with an annual consolidated budget 

justification display that includes all of its combating terrorism 

activities and programs and the associated funding.[Footnote 22] In 

response, DOD has submitted a separate budget report for fiscal years 

2001, 2002, and 2003 that portrays its allocation of funds within the 

four categories of combating terrorism: antiterrorism/force 

protection, counterterrorism, consequence management, and intelligence 

support. The most recent budget report, submitted to Congress in March 

2002, includes the following: the combating terrorism program 

descriptions and budget request estimates for fiscal year 2003, the 

estimated budget for fiscal year 2002, and the actual obligations for 

fiscal year 2001. It also reflects the funding provided by the Defense 

Emergency Response Fund[Footnote 23] for fiscal years 2001 and 

2002.[Footnote 24]



Funding for Combating Terrorism Activities More Than Double Over 5-Year 

Period:



If Congress passes the fiscal year 2003 budget request as submitted, 

annual funding to combat terrorism will increase 122 percent from 

fiscal year 1999 through fiscal year 2003[Footnote 25]--rising from 

$4.5 billion (actual obligations) to $10 billion (budget request), 

including the Defense Emergency Response Fund request for fiscal year 

2003. (See fig. 1.) In total, DOD reports that $32.1 billion has been 

allocated for combating terrorism activities during this 5-year period. 

The dollar amounts shown in figure 1 do not include funding for the 

current global war on terrorism, such as military operations in 

Afghanistan, because these activities are not intended to be included.



Figure 1: DODís Combating Terrorism Funding for Fiscal Years 1999 to 

2003:



[See PDF for image]



Source: GAOís analysis of DODís combating terrorism budget reports.



[End of figure]



Reported Combating Terrorism Funding May Be Overstated:



Although not clearly identified in DODís budget reports, our analysis 

estimates that $19.4 billion (60 percent) of the $32.1 billion 

combating terrorism funding is for military ($14.1 billion) and 

civilian personnel and personnel-related operating costs 

($5.3 billion); however, this estimate may be overstated. (See fig. 2.) 

In accordance with DODís Financial Management Regulation,[Footnote 26] 

the Departmentís combating terrorism costs include funding for 

personnel in designated specialties that have combating terrorism 

missions, such as military police, civilian police, and security 

guards. The military servicesí accounting systems do not track the time 

that individuals in these specialties spend on activities related to 

combating terrorism; therefore, the total personnel costs are reported 

even if the individuals spend only a portion of their time performing 

combating terrorism activities. The actual proportion of time these 

personnel spend between combating terrorism and unrelated activities 

(such as counter drug investigations) varies, although all of these 

personnel are available to perform combating terrorism duties 

when needed.



Figure 2: Estimated Personnel Costs as Part of Combating Terrorism 

Funding for Fiscal Years 1999 to 2003:



[See PDF for image]



Source: GAOís analysis of DODís combating terrorism budget reports.



[End of figure]



The $19.4 billion of estimated combating terrorism personnel costs 

shown in figure 2 consists of military personnel costs of $14.1 billion 

and estimated operation and maintenance civilian personnel costs of 

$5.3 billion. Other components of the total $32 billion shown 

include $4.3 billion from the Defense Emergency Response Fund 

and $8.4 billion in other appropriations, including procurement, 

research and development, and military construction.



Officials in the Office of the Assistant Secretary of Defense for 

Special Operations and Low-Intensity Conflict recognize that 

improvements could be made in the budget report for next year and plan 

to consider ways to restructure its contents to include more summary 

information.



Conclusions:



Funding for antiterrorism requirements has increased since fiscal year 

1999, but it is widely recognized that vulnerabilities at military 

installations will continue to outpace available funding. It is 

therefore essential that funds be spent efficiently and effectively if 

the services are to achieve the highest level of protection possible 

for military personnel, equipment, and critical facilities and 

operations. Our analysis indicates that the military services generally 

are not applying a results-oriented management framework to guide their 

antiterrorism efforts, in part, because DOD does not yet have a 

Department-wide antiterrorism strategy. Without a results-oriented 

management framework to implement antiterrorism efforts and monitor 

results, the services, military commanders, and Congress will not be 

able to determine if past and future resources--which have been 

significantly increased--are achieving their desired results in the 

most efficient and effective manner.



The services and commands we reviewed are adhering to prescribed 

policies and procedures and taking significant steps to improve their 

capability to use a risk management approach. We identified a 

significant weakness in the servicesí current risk management approach, 

however, which limits their ability to ensure that these methodologies 

are consistently used. As a result, there is limited assurance that 

assessment results--which ultimately drive funding allocations--have 

been achieved through a consistent assessment process prescribed by DOD 

guidance. This creates the potential that limited resources could be 

misapplied and important opportunities to improve an installationís 

force protection posture could be overlooked.



The Departmentís annual combating terrorism report to Congress 

provides a detailed description of DOD funds allocated for combating 

terrorism activities, but that report should be viewed with caution 

because over half of the reported amounts are estimates that do not 

reflect actual activities dedicated to combating terrorism. 

Consequently, as Congress considers DODís budget requests and oversees 

DODís combating terrorism activities, it may not have a clear picture 

of total costs incurred by DOD for this purpose.



Recommendations for Executive Action:



Because of the magnitude of the funds being allocated for, and the 

importance of antiterrorism efforts within, DOD, we recommend that 

simultaneous steps be taken within the Department to improve the 

management framework guiding these efforts. Accordingly, to establish 

a foundation for the servicesí antiterrorism efforts, we recommend that 

the Secretary of Defense (1) direct the Assistant Secretary of Defense 

for Special Operations and Low-Intensity Conflict to accelerate and set 

a target date to issue a Department-wide antiterrorism strategy that 

will underpin each serviceís efforts, and (2) work with each service to 

ensure that its management framework is consistent with this 

Department-wide strategy.



To improve the effectiveness of the servicesí antiterrorism efforts, 

we recommend that the Secretary of Defense direct the Secretaries of 

the Army, Navy, and Air Force to adopt and effectively communicate a 

results-oriented management framework, consistent with DODís overall 

antiterrorism strategy, to guide each serviceís antiterrorism efforts. 

This framework should include the following:



A strategy that defines:



* long-term antiterrorism goals,



* approaches to achieve the goals, and:



* key factors that might significantly affect achieving the goals:



An implementation approach that provides:



* performance goals that are objective, quantifiable, and measurable;



* resources to achieve the goals;



* performance indicators to measure outputs;



* an evaluation plan to compare program results with established goals; 

and:



* actions needed to address any unmet goals.



To improve their risk management approach for identifying antiterrorism 

requirements, we recommend that the Secretary of Defense direct the 

Secretaries of the Army, Navy, and Air Force to require:



* installation commanders to document all threat, vulnerability, and 

asset criticality assessments and:



* periodic higher headquarters evaluations of the methodologies used by 

installations to conduct their threat, vulnerability, and asset 

criticality assessments. Such an evaluation may be incorporated into 

the existing service-level review process; however, for those 

installations that are not covered by this process, the services should 

develop an alternative approach.



To clarify the annual consolidated budget justification display for 

combating terrorism reported to Congress, we recommend that the 

Secretary of Defense highlight the military and civilian personnel 

funding included in the report and clearly indicate that these total 

personnel funds are reported even though the individuals may spend only 

a portion of their time performing combating terrorism activities.



Agency Comments and Our Evaluation:



DOD agreed with all of our recommendations and stated that it is 

accelerating the development of an antiterrorism strategy and working 

with the military services to ensure that a consistent approach is 

followed across the Department. In commenting on this report, DOD said 

that it would publish an antiterrorism strategic plan by January 2003 

that articulates strategic goals, objectives, and an approach to 

achieve them. Moreover, DOD will require each service to develop its 

own antiterrorism strategic plan that complements and supports the 

Departmentís plan. DOD also agreed to improve its risk management 

process for establishing antiterrorism requirements. In its comments, 

DOD said that it is revising guidance to validate the methodologies 

their installations use to perform threat, vulnerability, and asset 

criticality assessments and the thoroughness of these three assessments 

as part of regularly scheduled antiterrorism program reviews. DOD 

agreed with our recommendation to clarify how personnel costs that 

appear in the Departmentís annual combating terrorism funding report to 

Congress were calculated. In its fiscal year 2004 combating terrorism 

funding report to Congress, DOD plans to highlight the personnel costs 

and the methodology used to determine them.



DOD officials also provided technical comments that we have 

incorporated as appropriate. DODís written comments are reprinted in 

their entirety in appendix II.



We are sending copies of this report to the Secretaries of Defense, the 

Army, the Navy, and the Air Force; the Commandant of the Marine Corps; 

and interested congressional committees. We will also make copies 

available to others upon request. In addition, the report will be 

available at no charge on the GAO Web site at http://www.gao.gov.



If you or your staff has any questions about this report, please 

contact me at (202) 512-6020. Key contributors to this report are 

listed in appendix III.



Sincerely yours,



Raymond J. Decker, Director

Defense Capabilities and Management:



Signed by Raymond J. Decker:



[End of section]



Appendix I: Scope and Methodology:



The scope of our study was limited to the antiterrorism preparedness of 

Department of Defense (DOD) installations in the continental United 

States. To perform our review, we contacted the antiterrorism offices 

for each of the four military services, as well as two commands within 

each service. We selected an active-duty command from each service that 

was responsible for a large number of installations and that had a key 

role in providing personnel and weapons systems for military 

operations. Additionally, we selected a reserve command from each 

service because they typically have smaller-sized installations than do 

active-duty commands; consequently, a large number of them do not 

receive service-level reviews of their antiterrorism efforts.[Footnote 

27]



To determine whether the services use a results-oriented management 

framework to guide their antiterrorism efforts, we met with Office of 

the Secretary of Defense and service headquarters and command 

antiterrorism officials, and reviewed their strategic-planning 

documents for evidence of the critical elements of a strategic plan and 

performance plan--as embodied in the Government Performance and Results 

Act of 1993. We also reviewed service-and command-specific documents, 

such as campaign plans, operating orders, and briefing slides, which 

describe and communicate the management structure of the services and 

commands antiterrorism programs. We interviewed officials and gathered 

relevant documentation for our review primarily from the following DOD 

organizations located in the Washington, D.C., area:



* Assistant Secretary of Defense for Special Operations and Low-

Intensity Conflict.



* Headquarters, Department of the Army, Force Protection and Law 

Enforcement Division, Antiterrorism Branch.



* Headquarters, Department of the Navy, Interagency Support and 

Antiterrorism/ Force Protection Division.



* Headquarters, Department of the Air Force, Force Protection Branch, 

Directorate of Security Forces.



* Headquarters, U.S. Marine Corps, Homeland Defense Branch, Security 

Division.



We also spoke with officials from the following commands, who provided 

data on the number of domestic installations within their respective 

commands.



* Army Forces Command, Atlanta, Georgia (number of installations = 11).



* Navy Atlantic Fleet, Norfolk, Virginia (number of installations = 

18).



* Air Combat Command, Hampton, Virginia (number of installations = 16).



* Marine Forces Atlantic, Norfolk, Virginia (number of installations = 

7).



* Army National Guard, Arlington, Virginia (number of installations = 

165).



* Naval Reserve Force, New Orleans, Louisiana (number of installations 

= 116).



* Air National Guard, Arlington, Virginia (number of installations = 

69).



* Marine Force Reserve, New Orleans, Louisiana (number of installations 

= 42).



To determine the extent to which the military services use risk 

management analysis to develop antiterrorism requirements, we obtained 

relevant documents and interviewed antiterrorism officials from the 

organizations and commands previously listed as well as the following 

organizations:



* Joint Staff Directorate for Combating Terrorism Programs and 

Requirements, Washington, D.C.



* Air Force Security Forces Center, Lackland Air Force Base, San 

Antonio, Texas.



We reviewed DOD as well as Joint Staff-, service-, and command-specific 

regulations, orders, pamphlets, manuals, and other antiterrorism 

guidance to determine whether organizations were required to perform 

the three assessments (of threat, vulnerability, and asset criticality) 

that comprise risk management to identify and prioritize antiterrorism 

requirements. We also reviewed these documents for procedures and 

directions on how these assessments are to be performed. We spoke with 

headquarters and command officials about their involvement in 

overseeing how installations identify antiterrorism requirements and 

about their process for merging, reprioritizing, and funding these 

installation requirements. Additionally, we spoke with Air Force and 

Navy headquarters officials as well as officials from the Air Force 

Security Forces Center about the utility of the Vulnerability 

Assessment Management Program for prioritizing and tracking 

installation antiterrorism requirements servicewide.



To identify funding trends and determine if DOD accurately and 

completely reports its combating terrorism funding to Congress, we 

obtained and analyzed the three annual combating terrorism activities 

budget reports that cover fiscal years 1999 through 2003. We did not 

independently verify the information contained in the funding reports, 

although we did examine the methodology and assumptions that were used 

to develop the information. We discussed how the budget report is 

reviewed and consolidated with officials from the DOD Comptrollerís 

Office, the Office for Special Operations and Low-Intensity Conflict, 

and the Program Analysis and Evaluation Directorate. To determine if 

the military servicesí funding information is accurate and complete, we 

interviewed budget officials responsible for compiling the information 

for each service.



To estimate the combating terrorism personnel funding that appears in 

figure 2, we analyzed 5 fiscal years of funding from the previously 

mentioned combating terrorism budget reports. The $14.1 billion of 

military personnel presented in the figure represents appropriations 

for military personnel for combating terrorism. We estimated civilian 

personnel funding by combining the four antiterrorism activities that 

contain most of the operation and maintenance funds for personnel: 

physical security management and planning, security forces and 

technicians, law enforcement, and security and investigative matters. 

DODís budget report does not distinguish civilian personnel funds from 

the other funds contained in these activities; therefore, our estimate 

of civilian personnel funds includes the nonpersonnel funds as well. 

However, we believe that the estimate is appropriate on the basis of 

our analysis of DODís budget report and discussions with DOD officials. 

We could not determine the civilian personnel funds embedded in other 

operation and maintenance activities and in research and development 

activities and, therefore, did not include them in our estimate of 

personnel funding.



We conducted our review from February through August 2002 in accordance 

with generally accepted government auditing standards.



[End of section]



Appendix II Comments from the Department of Defense:



Department of Defense:



OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE:



WASHINGTON, D.C. 20301-2500:



OCT 22 2002:



SPECIAL OPERATIONS/ LOW-INTENSITY CONFLICT:



Mr. Raymond J. Decker:



Director, Defense Capabilities Management U.S. General Accounting 

Office Washington, D.C. 20548:



Dear Mr. Decker:



This is the Department of Defense (DOD) response to the General 

Accounting Office (GAO) draft report GAO-03-14, ďCOMBATING TERRORISM: 

Actions Needed to Guide Servicesí Antiterrorism Efforts at 

Installations,Ē dated November 2002 (GAO Code 350084).



The Department concurs with the draft report. Comments on the 

recommendations are included in the enclosure. Technical and factual 

comments have been forwarded to your staff for consideration and 

inclusion into the report, as appropriate.



Sincerely,



Marshall Billingslea, Principal Deputy:



Signed by Marshall Billingslea:



GAO DRAFT REPORT - DATED NOVEMBER 2002 GAO-03-14 / CODE 350084:



ďCOMBATING TERRORISM: Actions Needed to Guide Servicesí Antiterrorism 

Efforts at InstallationsĒ:



DEPARTMENT OF DEFENSE RESPONSE TO THE RECOMMENDATIONS:



RECOMMENDATION 1: Because of the magnitude of the funds being allocated 

for, and the importance of antiterrorism efforts within, DoD, GAO 

recommends that simultaneous steps be taken within the Department to 

improve the management framework guiding these efforts. Accordingly, to 

establish a foundation for the Servicesí antiterrorism efforts, GAO 

recommends that the Secretary of Defense (1) direct the Assistant 

Secretary of Defense for Special Operations and Low-Intensity Conflict 

to accelerate and set a target date to issue a department-wide 

antiterrorism strategy that will underpin each Serviceís efforts, and 

(2) work with each Service to ensure that its management framework is 

consistent with this department-wide strategy. (pp. 16-17/GAO Draft 

Report):



DoD RESPONSE: Concur. OASD(SO/LIC) has completed the draft of the 

Department of Defense Antiterrorism Strategic Plan to guide DODís 

antiterrorism program efforts by articulating strategic goals, 

objectives, and a proposed strategy to achieve them. This plan will 

serve as strategic guidance for all DoD Component antiterrorism 

programs. OASD(SO/LIC) will publish the plan no later than January 

2003. OASD(SO/LIC) will orchestrate the implementation of the strategic 

goals and objectives throughout DoD in coordination with other OSD 

offices, the Joint Staff, the Services, and DoD agencies.



RECOMMENDATION 2: To improve the effectiveness of the Servicesí 

antiterrorism efforts, the GAO recommends that the Secretary of Defense 

direct the Secretaries of the Army, Navy, and Air Force to adopt and 

effectively communicate a results-oriented management framework, 

consistent with DODís overall antiterrorism strategy, to guide each 

Serviceís antiterrorism efforts. This framework should include the 

following:



A strategy that defines:



-long-term antiterrorism goals,



-approaches to achieve the goals, and:



-key factors that might significantly affect achieving the goals:



An implementation approach that provides:



-performance goals that are objective, quantifiable, and measurable; - 

resources to achieve the goals;



-performance indicators to measure outputs;



-an evaluation plan to compare program results with established goals; 

and - actions needed to address any unmet goals. (p. 17/GAO Draft 

Report):



DoD RESPONSE: Concur with comments. DoD Directive 2000.12 is currently 

being revised to require the Secretaries of the Military Departments to 

develop Service-oriented Antiterrorism Strategic Plans that detail the 

vision, mission, goals, and performance measures in support of the DoD 

Strategic Plan. The Vulnerability Assessment Management Program is one 

management framework tool being used to guide Commanders in 

implementing performance goals.



RECOMMENDATION 3: To improve risk management approach for identifying 

antiterrorism requirements, GAO recommends that the Secretary of 

Defense direct the Secretaries of the Army, Navy, and Air Force to 

require:



-installation commanders to document all threat, vulnerability, and 

asset criticality assessments and:



-periodic higher headquarters evaluations of the methodologies used by 

installations to conduct their threat, vulnerability, and asset 

criticality assessments. Such an evaluation may be incorporated into 

the existing service-level review process; however, for those 

installations that are not covered by this process, the Services should 

develop an alternative approach. (p. 17/GAO Draft Report):



DoD RESPONSE: Concur with comments. DoD Instruction 2000.16, Standard 

20, requires Commanders at all levels to review their own antiterrorism 

program and plans, and the program of their immediate subordinate in 

the chain of command, at least annually. DoD Directive 2000.12 is 

currently being revised to require the Secretaries of the Military 

Departments to ensure all installations and activities conduct 

comprehensive antiterrorism program reviews and assessments in 

accordance with DoD Instruction 2000.16. The Directive will also 

require Services to ensure antiterrorism program reviews include an 

evaluation of the Risk Management process to validate the methodology 

and thoroughness of assessments conducted for critical assets, 

terrorist threat, and vulnerabilities.



RECOMMENDATION 4: To clarify the annual consolidated budget 

justification display for combating terrorism reported to Congress, the 

GAO recommends that the Secretary of Defense highlight the military and 

civilian personnel funding included in the report and clearly indicate 

that these total personnel funds are reported even though the 

individuals may spend only a portion of their time performing combating 

terrorism activities. (p. 18/GAO Draft Report):



DoD RESPONSE: Concur. The Fiscal Year 2004 consolidated budget 

justification display for combating terrorism activities will be 

annotated to highlight the personnel costs and the methodology used to 

determine the military and civilian personnel costs associated with 

combating terrorism activities.



[End of section]



Appendix III GAO Contacts and Staff Acknowledgments:



GAO Contacts:



Ray Decker, (202) 512-6020

Bob Repasky, (202) 512-9868:



Acknowledgments:



In addition to those named above, Alan Byroade, J. Paul Newton, 

Marc Schwartz, Corinna Wengryn, R. K. Wild, Susan Woodward, and Richard 

Yeh made key contributions to this report.



[End of section]



Related GAO Products:



Combating Terrorism: Department of State Programs to Combat Terrorism 

Abroad. GAO-02-1021. Washington, D.C.: September 6, 2002.



Port Security: Nation Faces Formidable Challenges in Making New 

Initiatives Successful. GAO-02-993T. Washington, D.C.: August 5, 2002.



Combating Terrorism: Preliminary Observations on Weaknesses in Force 

Protection for DOD Deployments Through Domestic Seaports. GAO-02-

955TNI. Washington, D.C.: July 23, 2002.



Combating Terrorism: Critical Components of a National Strategy to 

Enhance State and Local Preparedness. GAO-02-548T. Washington, D.C.: 

March 25, 2002.



Combating Terrorism: Key Aspects of a National Strategy to 

Enhance State and Local Preparedness. GAO-02-473T. Washington, D.C.: 

March 1, 2002.



Homeland Security: Challenges and Strategies in Addressing Short-and 

Long-Term National Needs. GAO-02-160T. Washington, D.C.: November 7, 

2001.



Homeland Security: A Risk Management Approach Can Guide Preparedness 

Efforts. GAO-02-208T. Washington, D.C.: October 31, 2001.



Combating Terrorism: Considerations for Investing Resources in Chemical 

and Biological Preparedness. GAO-01-162T. Washington, D.C.: October 17, 

2001.



Homeland Security: Key Elements of a Risk Management Approach. GAO-02-

150T. Washington, D.C.: October 12, 2001.



Homeland Security: A Framework for Addressing the Nationís Issues. GAO-

01-1158T. Washington, D.C.: September 21, 2001.



Combating Terrorism: Selected Challenges and Related Recommendations. 

GAO-01-822. Washington, D.C.: September 20, 2001.



Combating Terrorism: Actions Needed to Improve DODís 

Antiterrorism Program Implementation and Management. GAO-01-909. 

Washington, D.C.: September 19, 2001.



Combating Terrorism: Comments on Counterterrorism Leadership and 

National Strategy. GAO-01-556T. Washington, D.C.: March 27, 2001.



Combating Terrorism: Linking Threats to Strategies and 

Resources. T-NSIAD-00-218. Washington, D.C.: July 26, 2000.



Combating Terrorism: Action Taken but Considerable Risks Remain for 

Forces Overseas. NSIAD-00-181. Washington, D.C.: July 19, 2000).



Chemical and Biological Defense: Program Planning and Evaluation Should 

Follow Results Act Framework. T-NSIAD-00-180. Washington, D.C.: May 24, 

2000.



Chemical and Biological Defense: Observations on Actions Taken 

to Protect Military Forces. T-NSIAD-00-49. Washington, D.C.: 

October 20, 1999.



Critical Infrastructure Protection: Comprehensive Strategy Can Draw on 

Year 2000 Experiences. AIMD-00-1. Washington, D.C.: October 1, 1999.



Combating Terrorism: Need for Comprehensive Threat and Risk Assessments 

of Chemical and Biological Attacks. NSIAD-99-163. Washington, D.C.: 

September 7, 1999.



Combating Terrorism: Opportunities to Improve Domestic 

Preparedness Program Focus and Efficiency. NSIAD-99-3. 

Washington, D.C.: November 12, 1998.



Combating Terrorism: Threat and Risk Assessments Can Help 

Prioritize and Target Program Investments. NSIAD-98-74. 

Washington, D.C.: April 9, 1998.



Combating Terrorism: Efforts to Protect U.S. Forces in Turkey and the 

Middle East. T-NSIAD-98-44. Washington, D.C.: October 28, 1997.



Combating Terrorism: Status of DOD Efforts to Protect Its Forces 

Overseas. GAO/NSIAD-97-207. Washington, D.C.: July 21, 1997.



FOOTNOTES



[1] Antiterrorism represents defensive measures used to reduce the 

vulnerability of individuals and property to terrorist acts. Examples 

of defensive measures include reducing the number of access points onto 

an installation, verifying the identity of personnel entering 

installations, increasing security patrol activity at high-risk 

targets, and issuing weapons to all security and law enforcement 

personnel.



[2] Antiterrorism constitutes only one of four combating terrorism 

categories. The other three categories are counterterrorism (offensive 

measures taken to prevent, deter, and respond to terrorism), 

consequence management (preparation for and response to a terrorist 

attack), and intelligence support (collection, analysis, and 

dissemination of terrorism-related information).



[3] See U.S. General Accounting Office, Combating Terrorism: Actions 

Needed to Improve DOD Antiterrorism Program Implementation and 

Management, GAO-01-909 (Washington, D.C.: Sept. 19, 2001).



[4] ďDomesticĒ refers to the continental United States and excludes 

Alaska, Hawaii, and the U.S. territories.



[5] The number of installations is based on information provided by the 

respective commands.



[6] DOD Directive 2000.12, DOD Antiterrorism/Force Protection Program, 

Apr. 13, 1999.



[7] The Assistant Secretary of Defense for Special Operations and Low 

Intensity Conflict performs these duties under the Under Secretary of 

Defense for Policy.



[8] DOD Instruction 2000.16, DOD Antiterrorism Standards, June 14, 

2001.



[9] The 31 antiterrorism standards in DOD Instruction 2000.16 also 

apply to the Office of the Secretary of Defense, the Chairman of the 

Joint Chiefs of Staff, the combatant commands, the Office of the 

Inspector General of the Department of Defense, defense agencies, and 

field activities.



[10] DOD Handbook 0-2000.12-H, Protection of DOD Personnel and 

Activities Against Acts of Terrorism and Political Turbulence, Feb. 19, 

1993.



[11] Joint Staff Antiterrorism Force Protection Installation Planning 

Template, July 1, 1998.



[12] P.L. 103-62. Congress enacted the Government Performance and 

Results Act in 1993 to provide for, among other things, the 

establishment of strategic planning and performance measurement in the 

federal government.



[13] DOD Instruction 2000.16, para. E3.1.1.15 also calls for an 

assessment of incident deterrence and response capabilities.



[14] See DOD Handbook 0-2000.12-H, para. E3.1.1.5, E3.1.1.15, and 

E3.1.1.15.4.



[15] See DOD Directive 2000.12, para. 5.9.



[16] See DOD Directive 2000.12, para. 5.9.12.



[17] Toward the end of our review, the Marine Corps issued instructions 

on how installations are to perform their assessments.



[18] DOD Instruction 2000.16 requires a service-level review of DOD 

facilities with (1) at least 300 personnel, (2) an emergency response 

and physical security mission, or (3) contact with local nonmilitary or 

foreign agencies at least once every 3 years.



[19] In technical comments provided by the Air Force, officials stated 

that Air Force higher headquarters reviews also include a review of 
annual 

installation assessments. 



[20] Both the Air Force and the Navy are requiring their installations 

to submit antiterrorism requirements for fiscal year 2003 in the format 

prescribed by the Vulnerability Assessment Management Program. 



[21] 10 U.S.C. sec. 229.



[22] P.L. 106-65, sec. 932, Oct. 5, 1999; 10 U.S.C. sec. 229.



[23] The Defense Emergency Response Fund is DODís portion of the 

Emergency Supplemental Appropriations of September 2001, which was 

approved immediately following the attacks on the World Trade Center 

and the Pentagon.



[24] The Defense Emergency Response Fund request for fiscal year 2003 

was provided to Congress in a separate budget justification book.



[25] In terms of fiscal year 2002 dollars, which adjusts for inflation, 

this increase would be 105 percent.



[26] DOD 7000.14-R, Vol. 2B, Ch. 19, June 2000.



[27] DOD Instruction 2000.16 requires facilities with (1) at least 300 

personnel, (2) an emergency response and physical security mission, or 

(3) contact with local nonmilitary or foreign agencies to receive a 

service-level review at least once every 3 years. 



GAOís Mission:



The General Accounting Office, the investigative arm of Congress, 

exists to support Congress in meeting its constitutional 

responsibilities and to help improve the performance and accountability 

of the federal government for the American people. GAO examines the use 

of public funds; evaluates federal programs and policies; and provides 

analyses, recommendations, and other assistance to help Congress make 

informed oversight, policy, and funding decisions. GAOís commitment to 

good government is reflected in its core values of accountability, 

integrity, and reliability.



Obtaining Copies of GAO Reports and Testimony:



The fastest and easiest way to obtain copies of GAO documents at no 

cost is through the Internet. GAOís Web site ( www.gao.gov ) contains 

abstracts and full-text files of current reports and testimony and an 

expanding archive of older products. The Web site features a search 

engine to help you locate documents using key words and phrases. You 

can print these documents in their entirety, including charts and other 

graphics.



Each day, GAO issues a list of newly released reports, testimony, and 

correspondence. GAO posts this list, known as ďTodayís Reports,Ē on its 

Web site daily. The list contains links to the full-text document 

files. To have GAO e-mail this list to you every afternoon, go to 

www.gao.gov and select ďSubscribe to daily E-mail alert for newly 

released productsĒ under the GAO Reports heading.



Order by Mail or Phone:



The first copy of each printed report is free. Additional copies are $2 

each. A check or money order should be made out to the Superintendent 

of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 

more copies mailed to a single address are discounted 25 percent. 

Orders should be sent to:



U.S. General Accounting Office



441 G Street NW,



Room LM Washington,



D.C. 20548:



To order by Phone: 	



	Voice: (202) 512-6000:



	TDD: (202) 512-2537:



	Fax: (202) 512-6061:



To Report Fraud, Waste, and Abuse in Federal Programs:



Contact:



Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov



Automated answering system: (800) 424-5454 or (202) 512-7470:



Public Affairs:



Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S.



General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C.



20548: