Combating Terrorism: Selected Challenges and Related Recommendations

In a Memorandum to the Office of the Chief Financial Officer, Department of Homeland Security, from the Assistant Director, Office of Inspection, U.S. Secret Service, Department of Homeland Security (dated May 14, 2003), the Office of Inspection noted that chapter 4 (p. 77) of the GAO report (GAO-01-822, Sept. 20, 2001) indicates that the U.S. Secret Service had previously adopted a policy to produce after-action reports for the indicated exercises. According to the Office of Inspection, the U.S. Secret Service continues to produce after-action reports as recommended, and remains in compliance with this recommendation.

Per EO 13228, the Office of Homeland Security (OHS) shall coordinate domestic exercises and simulations designed to assess and practice systems that would be called upon to respond to a terrorist threat or attack within the United States and coordinate programs and activities for training. OHS shall also ensure that such programs and activities are regularly evaluated under appropriate standards and that resources are allocated to improving and sustaining preparedness based on such evaluations. Given the relative newness of OHS, it is too early to determine how it has implemented this responsibility.

U.S. Coast Guard policy requires after-action reports, and reports generally discuss interagency issues. The U.S. Coast Guard provided GAO with its current policy and procedures on preparing after-action reports in its web-based Commandant Instruction 3010.19A, Coast Guard Standard After Action Information and Lessons Learned System (CG-SAILS) dated May 3, 2001.

In June 2002, the President proposed that a new Department of Homeland Security (DHS) take the lead for federal programs to assist state and local governments. According to language in the White House's proposal, DHS would incorporate the three agencies recommended for consolidation by GAO. The Homeland Security Act of 2002 (P.L. 107-296, Nov. 25, 2002) created the Department of Homeland Security (sec. 101(a)), which consolidated these agencies. However, it is too early to determine whether these offices and their functions have been successfully consolidated.

FEMA currently requires the submission of after-action reports following every disaster response and major exercise. However, FEMA will be improving the accelerated collection and identification of issues through the implementation of a mandatory "hotwash" program for all disaster responses and major exercises. FEMA also is planning to adapt the Emergency Management Exercise Reporting System, which is an evaluation collection and management tool provided at no cost to state and local emergency managers, as a basis for a national exercise information collection instrument. On June 17, 2003, FEMA issued Instruction 8610.2, Remedial Action Management Program, which outlines procedures and processes for identifying, assigning responsibility for, coordinating, and resolving issues and problems arising from or occurring during emergency management-related operations and/or exercises. It also identifies how lessons learned are captured and processed for distribution within the emergency management community. In July 2003, FEMA issued the Emergency Response Team Information and Planning Section of its Operations Manual (9330.1-PR). This section explains the importance of after-action reports: their use, management, and distribution; submission guidance; special instructions; and prescribed format.

Subsequent to GAO's earlier report on these teams (GAO/NSIAD-99-110), and a report by the DOD Inspector General, which found some similar problems, and the most recent GAO report (GAO-01-822) calling for a suspension of new teams, DOD agreed to review these National Guard teams and work with other agencies to clarify their roles in responding to terrorist incidents. In September 2001, DOD restricted the number of teams to 32.

The Department of Agriculture (USDA) produces after action reports for exercises that it sponsors; however, GAO recommended that the Department generate evaluations for all terrorism-related exercises in which it participates. In its 31 U.S.C. 720 response, the Department concurred with this recommendation. In its Statement of Action, the Department said that "as a matter of professional practice, USDA organizations now prepare After Action Reports or similar evaluations following all emergency exercises. Department-level policy is being developed to reinforce this practice that would also require submission of exercise evaluations to USDA's Office of Crisis Planning and Management." In addition, a regulation is in the planning stages that will require all USDA organizations to submit after-action reports following any Continuity of Operations activation or exercises. USDA officials expect this regulation to be published by November 2003.

DOD has used its Joint Uniform Lessons Learned System to document observations and lessons learned during exercises, including interagency exercises to combat terrorism. The Chairman of the Joint Chiefs of Staff Instruction (CJCSI) 3150.25A, Joint Lessons Learned Program (Oct. 1, 2000), establishes policies, reporting procedures, and responsibilities for the management and execution of the program. In its agency comments on a draft of this recommendation, DOD stated that the Department concurs with the recommendation and encourages this practice. In its 31 U.S.C. 720 response, DOD stated that its overall position remains unchanged from the time the GAO report was issued: DOD remains generally supportive of the report's conclusions.

The National Strategy for Homeland Security includes a chapter on science and technology, which includes an initiative to coordinate research and development of the homeland security apparatus. The Department of Homeland Security, working with the White House and other federal departments, would set the overall direction for homeland security research and development. The department would also establish a network of national laboratories for homeland security. Given that the department is relatively new, it is too early to determine how it might implement GAO's recommendation.

Department of Energy (DOE) policy requires that exercises undergo formal evaluation, including means of identifying corrective actions and disseminating lessons learned. DOE Order (DOEO) 151.1A (November 1, 2002), Comprehensive Emergency Management System, Chapter IV, Operational Emergency Hazardous Material Program, states that "A formal exercise program shall be established to validate all elements of the emergency management program over a multi-year period. Each exercise shall have specific objectives and shall be fully documented (e.g., by scenario packages that include objectives, scope, timelines, injects, controller instructions, and evaluation criteria). Exercises shall be evaluated. A critique process, which includes gathering and documenting observations of the participants, shall be established. Corrective action items identified as a result of the critique process shall be incorporated into the emergency management program." In addition, Chapter VIII, Communications Requirements, requires a Final Emergency Report. It states that "Following termination of emergency response, and in conjunction with the Final Occurrence Report (see DOE O 232.1A), each activated Emergency Management Team shall submit a final report on the emergency response to the Emergency Manager for submission to the Director of Emergency Operations."

Through Executive Order (EO) 13228, the President established an Office of Homeland Security (OHS) to develop and coordinate the implementation of a comprehensive national strategy to secure the United States from terrorist threats or attacks. (1) EO 13228 establishes OHS within the Executive Office of the President. OHS functions include efforts to detect, prepare for, prevent, protect against, respond to, and recover from terrorist attacks within the United States. (2) EO 13228 states that OHS shall identify priorities and coordinate efforts for collection and analysis of information within the United States regarding threats of terrorism against the United States and activities of terrorists or terrorist groups within the United States. OHS shall identify, in coordination with the National Security Council (NSC), priorities for collection of intelligence outside the United States regarding threats of terrorism within the United States. EO 13228 does not address risk assessments. (3) EO 13228 states that OHS will develop a comprehensive national strategy to secure the United States from terrorist threats or attacks. The National Strategy for Homeland Security was issued in July 2002. (a) The National Strategy for Homeland Security, while not including measurable outcomes, calls for their development. (b) OHS worked with state and local governments to develop the national strategy. (c) The National Strategy for Homeland Security includes a discussion of research and development. (4) EO 13228 directs OHS to coordinate the implementation of a comprehensive national strategy to secure the United States from terrorist threats or attacks. OHS shall work with, among others, federal agencies to ensure the adequacy of the national strategy for detecting, preparing for, preventing, protecting against, responding to, and recovering from terrorist attacks within the United States and shall periodically review and coordinate revisions to that strategy as necessary. The National Strategy for Homeland Security was issued in July 2002. Given the recent publication of the plan, it is too early to determine the OHS role in coordinating its implementation. (5) EO 13228 states OHS shall work with the Office of Management and Budget (OMB) and agencies to identify homeland security programs, and shall review and provide advice to OMB and departments and agencies for such programs. Per EO 13228, OHS shall certify that the funding levels are necessary and appropriate for the homeland security-related activities of the executive branch. (6) Per EO 13228, OHS shall coordinate efforts to protect the United States and its critical infrastructure from the consequences of terrorist attacks. In performing this function, the office shall work with federal, state, and local agencies, and private entities as appropriate to, among other things, coordinate efforts to protect critical public and privately owned information systems within the United States from terrorist attacks. In addition, the President created a Special Advisor for Cyberspace Security and appointed him as Chair of the President's Critical Infrastructure Protection Board. This Chair reports to both OHS and NSC. (7) Not implemented. The Homeland Security Act of 2002 (P.L. 107-296, Nov. 25, 2002) established the Department of Homeland Security (sec. 101(a)) and the Secretary of Homeland Security (sec. 102(a)), who is appointed by the President, by and with the advice and consent of the U.S. Senate. However, the Office of Homeland Security, led by the Director of Homeland Security, has not been established by legislation. (8) EO 13228 has provisions for OHS to hire staff, and for other federal departments to detail their staff to OHS. Given the relative newness of OHS, it is too early to determine whether staff levels are adequate.

Several of the agencies agreed with this recommendation and cited steps they were taking to ensure that after-action reports or similar evaluations are completed as appropriate for exercises to combat terrorism. In its OMB Circular A-50 response, the Department of Health and Human Services concurred with GAO's recommendation to prepare after-action reports. The department was preparing after-action reports in response to the September 11, 2001, terrorist attacks and subsequent events (anthrax attacks in October 2001) involving intentional human infection of B. anthracis. The department's Office of Public Health Preparedness, established in 2001 to coordinate the department's preparedness for public health emergencies, was renamed the Office of Public Health Emergency Preparedness in June 2002, and elevated to the level of an assistant secretary. It now has the responsibility of coordinating all of the department's emergency preparedness activities. A critical component of this responsibility is the preparation and follow-on tracking of after-action reports and lessons learned from both response operations and exercises. Within this office, the Office of Planning and Emergency Response Coordination maintains a distinct Operations Analysis group to provide critical analysis to both response operations and exercises. Although the Operational Analysis function has been established and tested, as of August 2003, the supporting policies and procedures for this function still are in development.

The FBI is developing guidelines for systematic gathering, analysis, and dissemination of lessons-learned. The FBI's Critical Incident Response Unit (CIRG), Crisis Management Unit (CMU), is the FBI's focal point for carrying out a wide-range of crisis management exercises, including large-scale counterterrorism WMD exercises. Its internal policy requires the production of a written after-action report following each CMU-sponsored field training exercise, including the annual combating terrorism/weapons of mass destruction exercises. The CMU Program Plan for Fiscal Year 2002 states that "In conjunction with Manual of Investigative Operations and Guidelines amendments relative to a mandatory annual field training exercise, draft guidelines for the production of after-action reports and create a mechanism for the effective review of those documents. Identify significant lessons learned and move toward a broad-based dissemination of those lessons to FBI personnel." The FBI's CMU drafted and submitted several amendments for inclusion in the crisis management section of the manual. These written policy changes would mandate, inter alia, the production of an after-action report following participation in any exercise. After-action reports would include discussion of the command and control, operations, support, and communications issues. Significant lessons learned would be identified in the report. The policy would direct FBI field offices to maintain the reports in an office crisis management control file and forward copies to the CIRG/CMU on an annual basis for inclusion in a broader review. The amendment changes were expected to be completed in March 2003. The CIRG/CMU also contracted for a review of existing exercise and operational after-action reports to identify overarching and repetitive issues and lessons in crisis management. As of September 2002, that review was in the final stages. In response to GAO's report (GAO-01-822, Sept. 20, 2001), the Director of the FBI sent out a Memorandum to All Special Agents In Charge (dated Apr. 10, 2003) regarding the Crisis Response Program. In this memorandum, the Director advised all FBI Field Offices of GAO's review of the FBI's process of documenting lessons learned from special events, critical incidents, and crisis preparedness activities. The Director stated that the deficiencies GAO noted would be readily and effectively addressed by the use of after-action reports. According to the FBI, specific guidelines and requirements for the preparation of after-action reports are contained in the FBI Manual of Investigative Operations and Guidelines (MIOG), Part 2, Section 30-1.8: Reporting of Division Crisis Management Activities.

The Federal Bureau of Investigation (FBI) agreed with this recommendation just after the report was issued. In January 2003, the FBI published its FBI Counterterrorism Assessment, which analyzed terrorist threats to the U.S. homeland from both domestic and international terrorist groups. The assessment included a discussion of risk, groups, motivations, capabilities, targets, likelihood of attack, and emerging threats. It also included some discussion of weapons of mass destruction.

Paragraph 62 of the Bureau of Alcohol, Tobacco, Firearms and Explosives Handbook (ATF H) 3510.1, National/International Response Team Handbook (February 8, 2000), prescribes the process, format, and distribution for preparing after-action reports following an ATF activation. It also has provisions for recommending any changes that might be needed to improve ATF's National Response Team.

The Department of Justice asserted that the 5-Year Plan included desired outcomes. GAO disagreed with the department and believes what it cited as outcomes are outputs--agency activities rather than results the federal government is trying to achieve. The National Strategy for Homeland Security, issued in July 2002, supersedes the Attorney General's 5-Year Plan as the interagency plan for combating terrorism domestically. This strategy does not include measurable outcomes, but calls for their development.

The Department of Veterans Affairs plans to implement the recommendation using its current, standard after-action report policy of preparing after-action reports or similar evaluations for all exercises the Department has a lead or contributing role. The Department's policy was developed internally to identify lessons-learned in counter terrorism exercises. On July 24, 2003, the department's Emergency Management Strategic Healthcare Group (EMHSG) issued the draft EMSHG Memorandum 13C-03-05, After-Action Reports (AARs)--Report Accomplishment and Monitoring of Issues. It describes the process for developing an AAR for EMHSG and departmental activities related to responses to a significant event or disaster and the subsequent monitoring and follow-up associated with the identified issues for action, if any.

The Department of Homeland Security, Emergency Preparedness and Response Directorate (FEMA) has expanded and elaborated the agency's role in national consequence management exercises. FEMA now is co-chair of the Counter-Terrorism Exercise Sub-Group of the National Security Council's Counter-Terrorism Security Group. As the lead federal agency for the consequence management of a domestic terrorism threat or incident, FEMA will oversee and coordinate federal, state, and local consequence management exercise programs, including exercising first responders. Other departments and agencies sponsoring domestic terrorism consequence management exercises will coordinate their efforts with FEMA. Also, FEMA has established a FEMA Exercise Coordination Group to ensure improved internal coordination and management of exercise activity and participation. FEMA also is working with the Department of Homeland Security, Border and Transportation Security, and the Office of Domestic Preparedness, to unify national exercise scheduling activities, and is an active participant on the Office of Homeland Security's Training and Exercise Policy Coordinating Committee.

On June 27, 2003, the Administrator of EPA signed a National Approach to Response policy, which is a multifaceted approach to help ensure the efficient and effective use of EPA's existing emergency response assets. To assist in the implementation of this new approach, EPA identified ten priorities. One of these priorities is the development and implementation of a national training and exercise strategy. This strategy is under development and will include a requirement for after-action reports for all exercises which EPA leads as well as for field exercises in which EPA participates. EPA already has been implementing this policy. For example, an EPA after-action report and lessons learned document is being prepared following the TOPOFF 2 exercise in 2003.