Combating Terrorism:

Selected Challenges and Related Recommendations

GAO-01-822: Published: Sep 19, 2001. Publicly Released: Sep 20, 2001.

Additional Materials:

Contact:

Davi M. Dagostino
(202) 512-6020
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

As concerns about terrorism have grown, Executive Branch responsibilities and authorities have received greater attention, which led to the 1998 appointment of a national coordinator in the National Security Council. Both Congress and the President have recognized the need to review and clarify the structure for overall leadership and coordination. The President recently requested that the Vice President oversee a coordinated national effort to improve national preparedness, including efforts to combat terrorism. Federal efforts to develop a national strategy to combat terrorism and related guidance have progressed, but key efforts remain incomplete. The first step toward developing a national strategy is to conduct a national threat and risk assessment. The Department of Justice and the Federal Bureau of Investigation have collaborated on such an assessment, but they have not formally coordinated with other departments and agencies on this task. Under current policy, the federal government also has improved its capabilities to respond to a domestic terrorist incident. The Federal Bureau of Investigation and the Federal Emergency Management Agency are tasked with leading federal efforts in their respective roles for managing a terrorist crisis and the consequences of an incident. Several other federal agencies with response capabilities would support these two agencies. Federal assistance to state and local governments to prepare for terrorist incidents has resulted in training for thousands of first responders--those state and local officials who would first respond at the scene of an incident. To improve this training effort, state and local officials have called for a single federal liaison for state and local preparedness programs. To protect computer systems and the critical operations and infrastructures they support, various efforts have been undertaken to implement a national strategy outlined in Presidential Decision Directive 63. However, progress in some areas has been slow. Specifically, federal agencies have taken initial steps to develop critical infrastructure protection plans, but independent audits continue to identify persistent, significant information security weaknesses that place federal operations at high risk of tampering and disruption.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: The National Strategy for Homeland Security includes a chapter on science and technology, which includes an initiative to coordinate research and development of the homeland security apparatus. The Department of Homeland Security, working with the White House and other federal departments, would set the overall direction for homeland security research and development. The department would also establish a network of national laboratories for homeland security. Given that the department is relatively new, it is too early to determine how it might implement GAO's recommendation.

    Recommendation: To reduce duplication and leverage resources, the Assistant to the President for Science and Technology should complete efforts to develop a strategic plan for research and development to combat terrorism, coordinating this with federal agencies and state and local authorities. If GAO's recommendation in chapter 2 of this report is adopted and a single focal point is established in the Executive Office of the President to lead and coordinate federal programs to combat terrorism, then the focal point also should ensure that a research and development strategy for combating terrorism is integrated or coordinated with the national strategy to combat terrorism.

    Agency Affected: Department of Defense

  2. Status: Closed - Implemented

    Comments: The Department of Veterans Affairs plans to implement the recommendation using its current, standard after-action report policy of preparing after-action reports or similar evaluations for all exercises the Department has a lead or contributing role. The Department's policy was developed internally to identify lessons-learned in counter terrorism exercises. On July 24, 2003, the department's Emergency Management Strategic Healthcare Group (EMHSG) issued the draft EMSHG Memorandum 13C-03-05, After-Action Reports (AARs)--Report Accomplishment and Monitoring of Issues. It describes the process for developing an AAR for EMHSG and departmental activities related to responses to a significant event or disaster and the subsequent monitoring and follow-up associated with the identified issues for action, if any.

    Recommendation: To ensure that agencies benefit fully from exercises in which they participate, the Secretaries of Agriculture, Defense, Energy, Health and Human Services, and Veterans Affairs; the Directors of the Bureau of Alcohol, Tobacco, and Firearms, Federal Emergency Management Agency, Federal Bureau of Investigation, and the U.S. Secret Service; the Administrator of the Environmental Protection Agency; and the Commandant of the U.S. Coast Guard should require their agencies to prepare after-action reports or similar evaluations for all exercises they lead and for all field exercises in which they participate.

    Agency Affected: Executive Office of the President

  3. Status: Closed - Implemented

    Comments: On June 27, 2003, the Administrator of EPA signed a National Approach to Response policy, which is a multifaceted approach to help ensure the efficient and effective use of EPA's existing emergency response assets. To assist in the implementation of this new approach, EPA identified ten priorities. One of these priorities is the development and implementation of a national training and exercise strategy. This strategy is under development and will include a requirement for after-action reports for all exercises which EPA leads as well as for field exercises in which EPA participates. EPA already has been implementing this policy. For example, an EPA after-action report and lessons learned document is being prepared following the TOPOFF 2 exercise in 2003.

    Recommendation: To ensure that agencies benefit fully from exercises in which they participate, the Secretaries of Agriculture, Defense, Energy, Health and Human Services, and Veterans Affairs; the Directors of the Bureau of Alcohol, Tobacco, and Firearms, Federal Emergency Management Agency, Federal Bureau of Investigation, and the U.S. Secret Service; the Administrator of the Environmental Protection Agency; and the Commandant of the U.S. Coast Guard should require their agencies to prepare after-action reports or similar evaluations for all exercises they lead and for all field exercises in which they participate.

    Agency Affected: Executive Office of the President

  4. Status: Closed - Implemented

    Comments: FEMA currently requires the submission of after-action reports following every disaster response and major exercise. However, FEMA will be improving the accelerated collection and identification of issues through the implementation of a mandatory "hotwash" program for all disaster responses and major exercises. FEMA also is planning to adapt the Emergency Management Exercise Reporting System, which is an evaluation collection and management tool provided at no cost to state and local emergency managers, as a basis for a national exercise information collection instrument. On June 17, 2003, FEMA issued Instruction 8610.2, Remedial Action Management Program, which outlines procedures and processes for identifying, assigning responsibility for, coordinating, and resolving issues and problems arising from or occurring during emergency management-related operations and/or exercises. It also identifies how lessons learned are captured and processed for distribution within the emergency management community. In July 2003, FEMA issued the Emergency Response Team Information and Planning Section of its Operations Manual (9330.1-PR). This section explains the importance of after-action reports: their use, management, and distribution; submission guidance; special instructions; and prescribed format.

    Recommendation: To ensure that agencies benefit fully from exercises in which they participate, the Secretaries of Agriculture, Defense, Energy, Health and Human Services, and Veterans Affairs; the Directors of the Bureau of Alcohol, Tobacco, and Firearms, Federal Emergency Management Agency, Federal Bureau of Investigation, and the U.S. Secret Service; the Administrator of the Environmental Protection Agency; and the Commandant of the U.S. Coast Guard should require their agencies to prepare after-action reports or similar evaluations for all exercises they lead and for all field exercises in which they participate.

    Agency Affected: Department of Health and Human Services

  5. Status: Closed - Implemented

    Comments: The FBI is developing guidelines for systematic gathering, analysis, and dissemination of lessons-learned. The FBI's Critical Incident Response Unit (CIRG), Crisis Management Unit (CMU), is the FBI's focal point for carrying out a wide-range of crisis management exercises, including large-scale counterterrorism WMD exercises. Its internal policy requires the production of a written after-action report following each CMU-sponsored field training exercise, including the annual combating terrorism/weapons of mass destruction exercises. The CMU Program Plan for Fiscal Year 2002 states that "In conjunction with Manual of Investigative Operations and Guidelines amendments relative to a mandatory annual field training exercise, draft guidelines for the production of after-action reports and create a mechanism for the effective review of those documents. Identify significant lessons learned and move toward a broad-based dissemination of those lessons to FBI personnel." The FBI's CMU drafted and submitted several amendments for inclusion in the crisis management section of the manual. These written policy changes would mandate, inter alia, the production of an after-action report following participation in any exercise. After-action reports would include discussion of the command and control, operations, support, and communications issues. Significant lessons learned would be identified in the report. The policy would direct FBI field offices to maintain the reports in an office crisis management control file and forward copies to the CIRG/CMU on an annual basis for inclusion in a broader review. The amendment changes were expected to be completed in March 2003. The CIRG/CMU also contracted for a review of existing exercise and operational after-action reports to identify overarching and repetitive issues and lessons in crisis management. As of September 2002, that review was in the final stages. In response to GAO's report (GAO-01-822, Sept. 20, 2001), the Director of the FBI sent out a Memorandum to All Special Agents In Charge (dated Apr. 10, 2003) regarding the Crisis Response Program. In this memorandum, the Director advised all FBI Field Offices of GAO's review of the FBI's process of documenting lessons learned from special events, critical incidents, and crisis preparedness activities. The Director stated that the deficiencies GAO noted would be readily and effectively addressed by the use of after-action reports. According to the FBI, specific guidelines and requirements for the preparation of after-action reports are contained in the FBI Manual of Investigative Operations and Guidelines (MIOG), Part 2, Section 30-1.8: Reporting of Division Crisis Management Activities.

    Recommendation: To ensure that agencies benefit fully from exercises in which they participate, the Secretaries of Agriculture, Defense, Energy, Health and Human Services, and Veterans Affairs; the Directors of the Bureau of Alcohol, Tobacco, and Firearms, Federal Emergency Management Agency, Federal Bureau of Investigation, and the U.S. Secret Service; the Administrator of the Environmental Protection Agency; and the Commandant of the U.S. Coast Guard should require their agencies to prepare after-action reports or similar evaluations for all exercises they lead and for all field exercises in which they participate.

    Agency Affected: Environmental Protection Agency

  6. Status: Closed - Implemented

    Comments: Department of Energy (DOE) policy requires that exercises undergo formal evaluation, including means of identifying corrective actions and disseminating lessons learned. DOE Order (DOEO) 151.1A (November 1, 2002), Comprehensive Emergency Management System, Chapter IV, Operational Emergency Hazardous Material Program, states that "A formal exercise program shall be established to validate all elements of the emergency management program over a multi-year period. Each exercise shall have specific objectives and shall be fully documented (e.g., by scenario packages that include objectives, scope, timelines, injects, controller instructions, and evaluation criteria). Exercises shall be evaluated. A critique process, which includes gathering and documenting observations of the participants, shall be established. Corrective action items identified as a result of the critique process shall be incorporated into the emergency management program." In addition, Chapter VIII, Communications Requirements, requires a Final Emergency Report. It states that "Following termination of emergency response, and in conjunction with the Final Occurrence Report (see DOE O 232.1A), each activated Emergency Management Team shall submit a final report on the emergency response to the Emergency Manager for submission to the Director of Emergency Operations."

    Recommendation: To ensure that agencies benefit fully from exercises in which they participate, the Secretaries of Agriculture, Defense, Energy, Health and Human Services, and Veterans Affairs; the Directors of the Bureau of Alcohol, Tobacco, and Firearms, Federal Emergency Management Agency, Federal Bureau of Investigation, and the U.S. Secret Service; the Administrator of the Environmental Protection Agency; and the Commandant of the U.S. Coast Guard should require their agencies to prepare after-action reports or similar evaluations for all exercises they lead and for all field exercises in which they participate.

    Agency Affected: Department of Justice: Federal Bureau of Investigation

  7. Status: Closed - Implemented

    Comments: The Department of Homeland Security, Emergency Preparedness and Response Directorate (FEMA) has expanded and elaborated the agency's role in national consequence management exercises. FEMA now is co-chair of the Counter-Terrorism Exercise Sub-Group of the National Security Council's Counter-Terrorism Security Group. As the lead federal agency for the consequence management of a domestic terrorism threat or incident, FEMA will oversee and coordinate federal, state, and local consequence management exercise programs, including exercising first responders. Other departments and agencies sponsoring domestic terrorism consequence management exercises will coordinate their efforts with FEMA. Also, FEMA has established a FEMA Exercise Coordination Group to ensure improved internal coordination and management of exercise activity and participation. FEMA also is working with the Department of Homeland Security, Border and Transportation Security, and the Office of Domestic Preparedness, to unify national exercise scheduling activities, and is an active participant on the Office of Homeland Security's Training and Exercise Policy Coordinating Committee.

    Recommendation: To improve readiness in consequence management, the Director of the Federal Emergency Management Agency should play a larger role in managing federal exercises to combat terrorism. As part of this, FEMA should seek a formal role as a cochair of the Interagency Working Group on Exercises and help to plan and conduct major interagency counterterrorist exercises to ensure that consequence management is adequately addressed.

    Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response

  8. Status: Closed - Implemented

    Comments: The Department of Justice asserted that the 5-Year Plan included desired outcomes. GAO disagreed with the department and believes what it cited as outcomes are outputs--agency activities rather than results the federal government is trying to achieve. The National Strategy for Homeland Security, issued in July 2002, supersedes the Attorney General's 5-Year Plan as the interagency plan for combating terrorism domestically. This strategy does not include measurable outcomes, but calls for their development.

    Recommendation: To guide federal efforts in combating domestic terrorism, the Attorney General should use the Five-Year Interagency Counterterrorism and Technology Crime Plan and similar plans of other agencies as a basis for developing a national strategy by including (1) desired outcomes that can be measured and that are consistent with the Results Act and (2) state and local government input to better define their roles in combating terrorism. If a single focal point is established in the Executive Office of the President to lead and coordinate federal programs to combat terrorism, then the focal point should take over this role from the Department of Justice to ensure that the national strategy is seen as an interagency document.

    Agency Affected: Department of Justice

  9. Status: Closed - Implemented

    Comments: The Federal Bureau of Investigation (FBI) agreed with this recommendation just after the report was issued. In January 2003, the FBI published its FBI Counterterrorism Assessment, which analyzed terrorist threats to the U.S. homeland from both domestic and international terrorist groups. The assessment included a discussion of risk, groups, motivations, capabilities, targets, likelihood of attack, and emerging threats. It also included some discussion of weapons of mass destruction.

    Recommendation: To help support a national strategy, the Attorney General should direct the Director of the FBI to work with appropriate agencies across government to complete ongoing national-level threat assessments regarding terrorist use of weapons of mass destruction. If a single focal point is established in the Executive Office of the President to lead and coordinate federal programs to combat terrorism, then this focal point should maintain oversight to ensure the assessments are coordinated fully with key federal agencies that combat terrorism.

    Agency Affected: Department of Justice

  10. Status: Closed - Implemented

    Comments: DOD has used its Joint Uniform Lessons Learned System to document observations and lessons learned during exercises, including interagency exercises to combat terrorism. The Chairman of the Joint Chiefs of Staff Instruction (CJCSI) 3150.25A, Joint Lessons Learned Program (Oct. 1, 2000), establishes policies, reporting procedures, and responsibilities for the management and execution of the program. In its agency comments on a draft of this recommendation, DOD stated that the Department concurs with the recommendation and encourages this practice. In its 31 U.S.C. 720 response, DOD stated that its overall position remains unchanged from the time the GAO report was issued: DOD remains generally supportive of the report's conclusions.

    Recommendation: To ensure that agencies benefit fully from exercises in which they participate, the Secretaries of Agriculture, Defense, Energy, Health and Human Services, and Veterans Affairs; the Directors of the Bureau of Alcohol, Tobacco, and Firearms, Federal Emergency Management Agency, Federal Bureau of Investigation, and the U.S. Secret Service; the Administrator of the Environmental Protection Agency; and the Commandant of the U.S. Coast Guard should require their agencies to prepare after-action reports or similar evaluations for all exercises they lead and for all field exercises in which they participate.

    Agency Affected: Department of Defense

  11. Status: Closed - Implemented

    Comments: In a Memorandum to the Office of the Chief Financial Officer, Department of Homeland Security, from the Assistant Director, Office of Inspection, U.S. Secret Service, Department of Homeland Security (dated May 14, 2003), the Office of Inspection noted that chapter 4 (p. 77) of the GAO report (GAO-01-822, Sept. 20, 2001) indicates that the U.S. Secret Service had previously adopted a policy to produce after-action reports for the indicated exercises. According to the Office of Inspection, the U.S. Secret Service continues to produce after-action reports as recommended, and remains in compliance with this recommendation.

    Recommendation: To ensure that agencies benefit fully from exercises in which they participate, the Secretaries of Agriculture, Defense, Energy, Health and Human Services, and Veterans Affairs; the Directors of the Bureau of Alcohol, Tobacco, and Firearms, Federal Emergency Management Agency, Federal Bureau of Investigation, and the U.S. Secret Service; the Administrator of the Environmental Protection Agency; and the Commandant of the U.S. Coast Guard should require their agencies to prepare after-action reports or similar evaluations for all exercises they lead and for all field exercises in which they participate.

    Agency Affected: Executive Office of the President: Office of the Assistant to the President for National Security Affairs

  12. Status: Closed - Not Implemented

    Comments: GAO is currently updating this.

    Recommendation: The Assistant to the President for National Security Affairs should ensure that the federal government's critical infrastructure protection (CIP) strategy, which is currently under review, define: (1) specific roles and responsibilities of organizations involved in critical infrastructure protection and related information security activities; (2) interim objectives and milestones for achieving CIP goals and a specific action plan for achieving these objectives, including implementation of vulnerability assessments and related remedial plans; and (3) performance measures for which entities can be held accountable. GAO believes that the federal government's cyber-security strategy should be linked to the national strategy to combat terrorism as discussed in chapter 3 of this report. However, the two areas are different in that the threats to computer-based information are broader than terrorism, and programs to protect them are more closely associated with traditional security activities.

    Agency Affected: Executive Office of the President: Office of Science and Technology Policy

  13. Status: Closed - Implemented

    Comments: Subsequent to GAO's earlier report on these teams (GAO/NSIAD-99-110), and a report by the DOD Inspector General, which found some similar problems, and the most recent GAO report (GAO-01-822) calling for a suspension of new teams, DOD agreed to review these National Guard teams and work with other agencies to clarify their roles in responding to terrorist incidents. In September 2001, DOD restricted the number of teams to 32.

    Recommendation: To clarify the roles and missions of specialized National Guard response teams in a terrorist incident involving weapons of mass destruction, the Secretary of Defense should suspend the establishment of any additional National Guard Weapons of Mass Destruction Civil Support Teams until DOD has completed its coordination of the teams' roles and missions with the FBI. The Secretary of Defense also should reach a written agreement with the Director of the FBI that clarifies the roles of the teams in relation to the FBI.

    Agency Affected: Executive Office of the President: Office of the Assistant to the President for National Security Affairs

  14. Status: Closed - Implemented

    Comments: In June 2002, the President proposed that a new Department of Homeland Security (DHS) take the lead for federal programs to assist state and local governments. According to language in the White House's proposal, DHS would incorporate the three agencies recommended for consolidation by GAO. The Homeland Security Act of 2002 (P.L. 107-296, Nov. 25, 2002) created the Department of Homeland Security (sec. 101(a)), which consolidated these agencies. However, it is too early to determine whether these offices and their functions have been successfully consolidated.

    Recommendation: To eliminate overlapping assistance programs and to provide a single liaison for state and local officials, the President, working closely with the Congress, should consolidate the activities of the the FBI's National Domestic Preparedness Office and the Department of Justice's Office for State and Local Domestic Preparedness Support under the Federal Emergency Management Agency.

    Agency Affected: Department of Defense

  15. Status: Closed - Implemented

    Comments: Per EO 13228, the Office of Homeland Security (OHS) shall coordinate domestic exercises and simulations designed to assess and practice systems that would be called upon to respond to a terrorist threat or attack within the United States and coordinate programs and activities for training. OHS shall also ensure that such programs and activities are regularly evaluated under appropriate standards and that resources are allocated to improving and sustaining preparedness based on such evaluations. Given the relative newness of OHS, it is too early to determine how it has implemented this responsibility.

    Recommendation: To ensure that individual agencies capture, evaluate, and disseminate interagency lessons learned after each federal counterterrorism exercise, special event, or operation, the President should direct the focal point for overall leadership and coordination to develop a formal process to capture and evaluate interagency lessons learned from major interagency and intergovernmental federal exercises to combat terrorism. While agencies sponsoring and participating in such exercises should continue to collect and analyze information on their individual performance, the focal point should analyze interagency lessons learned and task individual agencies to take corrective actions as appropriate.

    Agency Affected: Executive Office of the President

  16. Status: Closed - Implemented

    Comments: U.S. Coast Guard policy requires after-action reports, and reports generally discuss interagency issues. The U.S. Coast Guard provided GAO with its current policy and procedures on preparing after-action reports in its web-based Commandant Instruction 3010.19A, Coast Guard Standard After Action Information and Lessons Learned System (CG-SAILS) dated May 3, 2001.

    Recommendation: To ensure that agencies benefit fully from exercises in which they participate, the Secretaries of Agriculture, Defense, Energy, Health and Human Services, and Veterans Affairs; the Directors of the Bureau of Alcohol, Tobacco, and Firearms, Federal Emergency Management Agency, Federal Bureau of Investigation, and the U.S. Secret Service; the Administrator of the Environmental Protection Agency; and the Commandant of the U.S. Coast Guard should require their agencies to prepare after-action reports or similar evaluations for all exercises they lead and for all field exercises in which they participate.

    Agency Affected: Department of Justice

  17. Status: Closed - Implemented

    Comments: The Department of Agriculture (USDA) produces after action reports for exercises that it sponsors; however, GAO recommended that the Department generate evaluations for all terrorism-related exercises in which it participates. In its 31 U.S.C. 720 response, the Department concurred with this recommendation. In its Statement of Action, the Department said that "as a matter of professional practice, USDA organizations now prepare After Action Reports or similar evaluations following all emergency exercises. Department-level policy is being developed to reinforce this practice that would also require submission of exercise evaluations to USDA's Office of Crisis Planning and Management." In addition, a regulation is in the planning stages that will require all USDA organizations to submit after-action reports following any Continuity of Operations activation or exercises. USDA officials expect this regulation to be published by November 2003.

    Recommendation: To ensure that agencies benefit fully from exercises in which they participate, the Secretaries of Agriculture, Defense, Energy, Health and Human Services, and Veterans Affairs; the Directors of the Bureau of Alcohol, Tobacco, and Firearms, Federal Emergency Management Agency, Federal Bureau of Investigation, and the U.S. Secret Service; the Administrator of the Environmental Protection Agency; and the Commandant of the U.S. Coast Guard should require their agencies to prepare after-action reports or similar evaluations for all exercises they lead and for all field exercises in which they participate.

    Agency Affected: Department of Justice

  18. Status: Closed - Implemented

    Comments: Several of the agencies agreed with this recommendation and cited steps they were taking to ensure that after-action reports or similar evaluations are completed as appropriate for exercises to combat terrorism. In its OMB Circular A-50 response, the Department of Health and Human Services concurred with GAO's recommendation to prepare after-action reports. The department was preparing after-action reports in response to the September 11, 2001, terrorist attacks and subsequent events (anthrax attacks in October 2001) involving intentional human infection of B. anthracis. The department's Office of Public Health Preparedness, established in 2001 to coordinate the department's preparedness for public health emergencies, was renamed the Office of Public Health Emergency Preparedness in June 2002, and elevated to the level of an assistant secretary. It now has the responsibility of coordinating all of the department's emergency preparedness activities. A critical component of this responsibility is the preparation and follow-on tracking of after-action reports and lessons learned from both response operations and exercises. Within this office, the Office of Planning and Emergency Response Coordination maintains a distinct Operations Analysis group to provide critical analysis to both response operations and exercises. Although the Operational Analysis function has been established and tested, as of August 2003, the supporting policies and procedures for this function still are in development.

    Recommendation: To ensure that agencies benefit fully from exercises in which they participate, the Secretaries of Agriculture, Defense, Energy, Health and Human Services, and Veterans Affairs; the Directors of the Bureau of Alcohol, Tobacco, and Firearms, Federal Emergency Management Agency, Federal Bureau of Investigation, and the U.S. Secret Service; the Administrator of the Environmental Protection Agency; and the Commandant of the U.S. Coast Guard should require their agencies to prepare after-action reports or similar evaluations for all exercises they lead and for all field exercises in which they participate.

    Agency Affected: Executive Office of the President

  19. Status: Closed - Implemented

    Comments: Paragraph 62 of the Bureau of Alcohol, Tobacco, Firearms and Explosives Handbook (ATF H) 3510.1, National/International Response Team Handbook (February 8, 2000), prescribes the process, format, and distribution for preparing after-action reports following an ATF activation. It also has provisions for recommending any changes that might be needed to improve ATF's National Response Team.

    Recommendation: To ensure that agencies benefit fully from exercises in which they participate, the Secretaries of Agriculture, Defense, Energy, Health and Human Services, and Veterans Affairs; the Directors of the Bureau of Alcohol, Tobacco, and Firearms, Federal Emergency Management Agency, Federal Bureau of Investigation, and the U.S. Secret Service; the Administrator of the Environmental Protection Agency; and the Commandant of the U.S. Coast Guard should require their agencies to prepare after-action reports or similar evaluations for all exercises they lead and for all field exercises in which they participate.

    Agency Affected: Executive Office of the President: Office of Science and Technology Policy

  20. Status: Closed - Implemented

    Comments: Through Executive Order (EO) 13228, the President established an Office of Homeland Security (OHS) to develop and coordinate the implementation of a comprehensive national strategy to secure the United States from terrorist threats or attacks. (1) EO 13228 establishes OHS within the Executive Office of the President. OHS functions include efforts to detect, prepare for, prevent, protect against, respond to, and recover from terrorist attacks within the United States. (2) EO 13228 states that OHS shall identify priorities and coordinate efforts for collection and analysis of information within the United States regarding threats of terrorism against the United States and activities of terrorists or terrorist groups within the United States. OHS shall identify, in coordination with the National Security Council (NSC), priorities for collection of intelligence outside the United States regarding threats of terrorism within the United States. EO 13228 does not address risk assessments. (3) EO 13228 states that OHS will develop a comprehensive national strategy to secure the United States from terrorist threats or attacks. The National Strategy for Homeland Security was issued in July 2002. (a) The National Strategy for Homeland Security, while not including measurable outcomes, calls for their development. (b) OHS worked with state and local governments to develop the national strategy. (c) The National Strategy for Homeland Security includes a discussion of research and development. (4) EO 13228 directs OHS to coordinate the implementation of a comprehensive national strategy to secure the United States from terrorist threats or attacks. OHS shall work with, among others, federal agencies to ensure the adequacy of the national strategy for detecting, preparing for, preventing, protecting against, responding to, and recovering from terrorist attacks within the United States and shall periodically review and coordinate revisions to that strategy as necessary. The National Strategy for Homeland Security was issued in July 2002. Given the recent publication of the plan, it is too early to determine the OHS role in coordinating its implementation. (5) EO 13228 states OHS shall work with the Office of Management and Budget (OMB) and agencies to identify homeland security programs, and shall review and provide advice to OMB and departments and agencies for such programs. Per EO 13228, OHS shall certify that the funding levels are necessary and appropriate for the homeland security-related activities of the executive branch. (6) Per EO 13228, OHS shall coordinate efforts to protect the United States and its critical infrastructure from the consequences of terrorist attacks. In performing this function, the office shall work with federal, state, and local agencies, and private entities as appropriate to, among other things, coordinate efforts to protect critical public and privately owned information systems within the United States from terrorist attacks. In addition, the President created a Special Advisor for Cyberspace Security and appointed him as Chair of the President's Critical Infrastructure Protection Board. This Chair reports to both OHS and NSC. (7) Not implemented. The Homeland Security Act of 2002 (P.L. 107-296, Nov. 25, 2002) established the Department of Homeland Security (sec. 101(a)) and the Secretary of Homeland Security (sec. 102(a)), who is appointed by the President, by and with the advice and consent of the U.S. Senate. However, the Office of Homeland Security, led by the Director of Homeland Security, has not been established by legislation. (8) EO 13228 has provisions for OHS to hire staff, and for other federal departments to detail their staff to OHS. Given the relative newness of OHS, it is too early to determine whether staff levels are adequate.

    Recommendation: The President, in conjunction with the Vice President's efforts, should appoint a single focal point that has the responsibility and authority for all critical leadership and coordination functions to combat terrorism. The focal point should have the following characteristics and responsibilities. (1) The focal point should be in the Executive Office of the President, outside individual agencies, and encompass activities to include prevention, crisis management, and consequence management. (2) The focal point should oversee a national-level authoritative threat and risk assessment on the potential use of weapons of mass destruction by terrorists on U.S. soil. Such assessments should be updated regularly. (3) The focal point also should lead the development of a national strategy for combating terrorism. The current Attorney General's Five-Year Plan could serve as an initial point of departure with revisions to include measurable outcomes and the roles and participation of state and local governments. In addition, the national strategy should include research and development priorities and needs in order to facilitate interagency coordination, decrease duplication, and leverage monetary resources. (4) The focal point should coordinate implementation of the national strategy among the various federal agencies. This would entail reviewing agency and interagency programs to ensure that they are being implemented in accordance with the national strategy and do not constitute duplication of effort. (5) The focal point should analyze and prioritize governmentwide budgets and spending to combat terrorism to eliminate gaps and duplication of effort. The focal point's role will be to provide advice or to certify that the budgets are consistent with the national strategy, not to make final budget decisions. (6) The focal point should coordinate the nation's strategy for combating terrorism with efforts to prevent, detect, and respond to computer-based attacks on critical infrastructures. GAO does not see the focal point for combating terrorism with responsibility for also protecting computer-based infrastructures because the threats are broader than terrorism and such programs are more closely associated with traditional information security activities. Nonetheless, there should be close coordination between the two areas. (7) The focal point should be established by legislation to provide it with legitimacy and authority and its head should be appointed by the President with the advice and consent of the U.S. Senate. This would provide accountability to both the President and the Congress. Also, it would provide continuity across administrations. (8) The focal point should be adequately staffed to carry out its duties for planning and oversight across the federal government. While some of the details of these interagency functions could be delegated to other agencies, the focal point should retain overall responsibility and be held accountable for their implementation.

    Agency Affected: Executive Office of the President

 

Explore the full database of GAO's Open Recommendations »

Dec 19, 2014

Dec 17, 2014

Nov 6, 2014

Oct 14, 2014

Sep 30, 2014

Sep 24, 2014

Sep 18, 2014

Looking for more? Browse all our products here