Prompted by the suspicious cyber activities on election systems in 2016, Secretary Jeh Johnson designated the election infrastructure as a subsector to one of the Nation’s existing critical sectors. Our audit objective was to evaluate the effectiveness of the Department’s efforts to coordinate with states on securing the Nation’s election infrastructure. DHS has taken some steps to mitigate risks to the Nation’s election infrastructure; however, improved planning, more staff, and clearer guidance could better facilitate the Department’s coordination with state and local officials. Specifically, despite Federal requirements, DHS has not completed the plans and strategies critical to identifying emerging threats and mitigation activities, or established metrics to measure progress in securing the election infrastructure. Senior leadership turnover and insufficient guidance and administrative staff have hindered DHS’ ability to accomplish such planning.

National Protection and Programs Directorate (NPPD) Chief of Staff requested a review to determine whether Federal Protective Service (FPS) inspectors’ positions were classified correctly for purposes of earning overtime under the Fair Labor Standards Act. Although properly classified as non-exempt, inspectors’ excessive use of overtime does raise significant concerns. Specifically, 11 of the 19 inspectors reviewed frequently worked multiple 17- to 21-hour shifts with no days off in between. This kind of extensive overtime allowed seven inspectors to earn more than the most senior executives in the Federal Government, with three earning more than the Vice President of the United States. Furthermore, FPS’ increasing use of overtime contributed to a projected budget shortfall for fiscal year 2018, potentially putting the FPS mission at risk. The inspectors were able to accumulate the extensive overtime because of poor internal controls, such as management not monitoring the use of overtime.

On January 25, 2017, the President issued two Executive Orders directing the Department of Homeland Security to hire an additional 15,000 law enforcement officers. We conducted this audit to determine whether the Department and its components — specifically FLETC, USBP, and ICE — have the training strategies and capabilities in place to train 15,000 new agents and officers.  Prior to the start of the hiring surge, FLETC’s capacity is already overextended. FLETC is not only responsible for accommodating the anticipated Department hiring surge, but also for an expected increase in demand from other Partner Organizations. Despite observing ongoing work in the development of hiring surge training plans and strategies, challenges exist due to uncertain funding commitments and current training conditions. Absent remedial action, these challenges may impede consistency and lead to a degradation in training and standards. As a result, trainees will be less prepared for their assigned field environment, potentially impeding mission achievability and increasing safety risk to themselves, other law enforcement officers, and anyone within their enforcement authority.

We conducted our review of the Science and Technology’s (S&T) insider threat program between January 2017 and June 2017.  S&T is the primary research arm of the Department of Homeland Security (DHS).  Its mission is to strengthen the Nation’s security and resiliency by providing knowledge products and innovative solutions to support DHS mission operations.  Specifically, Congress created S&T in 2003 to conduct basic and applied research, development, demonstration, testing, and evaluation activities relevant to any or all elements of the Department.  S&T oversees laboratories where scientists perform mission-critical research on chemical and biological threats, radiological and nuclear detection, animal diseases, transportation security, and explosives trace identification.  S&T employees, contractors, and business partners—especially those with special or elevated privileges—can potentially use their inside knowledge and access to exploit vulnerabilities and cause harm to mission-critical systems and operations.  We made nine recommendations that, if implemented, should strengthen S&T’s management of insider threat risks.  The Department concurred with all of the recommendations.

Between January 2016 and April 2017, DHS OIG received dozens of allegations regarding a variety of issues at the FLETC facility in Glynco, Georgia. Following extensive investigation, DHS OIG determined that many of the allegations could not be substantiated. However, with respect to certain other allegations, DHS OIG’s findings indicate that some of FLETC’s senior managers, including former Director Connie Patrick, failed to exercise the judgment, stewardship, and leadership expected of DHS senior officials. This report focuses on two specific allegations that exemplify the broader issues uncovered by DHS OIG’s investigation. Many of the allegations DHS OIG received regarding FLETC related to the official travel of the former FLETC Director, Connie Patrick. Patrick served as the Director of FLETC from 2002 until her retirement in June 2017. During this time, she frequently traveled domestically and internationally on FLETC-related business. DHS OIG conducted an extensive review of Patrick’s travel for the period January 15, 2014 through June 23, 2016 to identify any instances of impropriety. In addition to multiple complaints about Patrick’s alleged noncompliance with federal, DHS, and FLETC travel rules and regulations, DHS OIG received complaints alleging that Patrick pressured FLETC managers to hire her husband, John Patrick (JP), for a term position within the FLETC Law Enforcement Leadership Institute (LELI). DHS OIG’s investigation determined that JP was hired to a term position with LELI on January 3, 2010 and completed the term on September 11, 2011 — all during Patrick’s tenure as Director of FLETC

Homeland Security Presidential Directive (HSPD) 12 requires that Federal agencies implement a government-wide standard for secure, reliable identification for their employees and contractors to access facilities and systems. Our objective was to assess DHS’ progress in implementing and managing the HSPD-12 program since our prior audits in 2007 and 2010.  The Department of Homeland Security has not made much progress in implementing and managing requirements of the HSPD-12 program department-wide. Many of the same issues we previously reported in 2007 and 2010 pose challenges today.