Others

Prompted by the suspicious cyber activities on election systems in 2016, Secretary Jeh Johnson designated the election infrastructure as a subsector to one of the Nation’s existing critical sectors. Our audit objective was to evaluate the effectiveness of the Department’s efforts to coordinate with states on securing the Nation’s election infrastructure. DHS has taken some steps to mitigate risks to the Nation’s election infrastructure; however, improved planning, more staff, and clearer guidance could better facilitate the Department’s coordination with state and local officials. Specifically, despite Federal requirements, DHS has not completed the plans and strategies critical to identifying emerging threats and mitigation activities, or established metrics to measure progress in securing the election infrastructure. Senior leadership turnover and insufficient guidance and administrative staff have hindered DHS’ ability to accomplish such planning.

National Protection and Programs Directorate (NPPD) Chief of Staff requested a review to determine whether Federal Protective Service (FPS) inspectors’ positions were classified correctly for purposes of earning overtime under the Fair Labor Standards Act. Although properly classified as non-exempt, inspectors’ excessive use of overtime does raise significant concerns. Specifically, 11 of the 19 inspectors reviewed frequently worked multiple 17- to 21-hour shifts with no days off in between. This kind of extensive overtime allowed seven inspectors to earn more than the most senior executives in the Federal Government, with three earning more than the Vice President of the United States. Furthermore, FPS’ increasing use of overtime contributed to a projected budget shortfall for fiscal year 2018, potentially putting the FPS mission at risk. The inspectors were able to accumulate the extensive overtime because of poor internal controls, such as management not monitoring the use of overtime.

On January 25, 2017, the President issued two Executive Orders directing the Department of Homeland Security to hire an additional 15,000 law enforcement officers. We conducted this audit to determine whether the Department and its components — specifically FLETC, USBP, and ICE — have the training strategies and capabilities in place to train 15,000 new agents and officers.  Prior to the start of the hiring surge, FLETC’s capacity is already overextended. FLETC is not only responsible for accommodating the anticipated Department hiring surge, but also for an expected increase in demand from other Partner Organizations. Despite observing ongoing work in the development of hiring surge training plans and strategies, challenges exist due to uncertain funding commitments and current training conditions. Absent remedial action, these challenges may impede consistency and lead to a degradation in training and standards. As a result, trainees will be less prepared for their assigned field environment, potentially impeding mission achievability and increasing safety risk to themselves, other law enforcement officers, and anyone within their enforcement authority.

We conducted our review of the Science and Technology’s (S&T) insider threat program between January 2017 and June 2017.  S&T is the primary research arm of the Department of Homeland Security (DHS).  Its mission is to strengthen the Nation’s security and resiliency by providing knowledge products and innovative solutions to support DHS mission operations.  Specifically, Congress created S&T in 2003 to conduct basic and applied research, development, demonstration, testing, and evaluation activities relevant to any or all elements of the Department.  S&T oversees laboratories where scientists perform mission-critical research on chemical and biological threats, radiological and nuclear detection, animal diseases, transportation security, and explosives trace identification.  S&T employees, contractors, and business partners—especially those with special or elevated privileges—can potentially use their inside knowledge and access to exploit vulnerabilities and cause harm to mission-critical systems and operations.  We made nine recommendations that, if implemented, should strengthen S&T’s management of insider threat risks.  The Department concurred with all of the recommendations.

Homeland Security Presidential Directive (HSPD) 12 requires that Federal agencies implement a government-wide standard for secure, reliable identification for their employees and contractors to access facilities and systems. Our objective was to assess DHS’ progress in implementing and managing the HSPD-12 program since our prior audits in 2007 and 2010.  The Department of Homeland Security has not made much progress in implementing and managing requirements of the HSPD-12 program department-wide. Many of the same issues we previously reported in 2007 and 2010 pose challenges today.

Following news reports that U.S. Customs and Border Protection (CBP) personnel implementing Executive Order#13769 (EO) “Protecting the Nation from Foreign Terrorist Entry into the United States”(January 27, 2017) potentially violated the civil rights of individual travelers, we received a congressional request to investigate DHS’s implementation of the EO. In response, we investigated how DHS and CBP, the DHS entity primarily responsible for implementation of the EO, responded to challenges presented by the EO, including the consequence of court orders and CBP’s compliance with them. In our investigation, we found that CBP was caught by surprise when the President issued the EO on January 27, 2017. DHS had little opportunity to prepare for and respond to basic questions about which categories of travelers were affected by the EO. We found that the bulk of travelers affected by the EO who arrived in the United States, particularly LPRs, received national interest waivers. In addition, we observed that the lack of a public or congressional relations strategy significantly hampered CBP and harmed its public image.

During our August 2017 site visit to the FLETC Artesia Training Center, we identified a potential safety issue at a warehouse, Building 13. The Border Patrol Academy had been using the warehouse to train new hires on search and conveyance. In 2009, a vehicle from an adjacent driving course struck the warehouse. FLETC officials could not provide documentation to support that an engineering evaluation was conducted to determine whether the accident affected the integrity of the warehouse structure. Border Patrol Academy officials also expressed safety concerns about using the warehouse to train new hires.

We evaluated the Office of Health Affairs’ (OHA) privacy safeguards for protecting the personally identifiable information (PII) it collects and maintains. OHA has not implemented an effective organizational framework for safeguarding PII in accordance with Federal requirements. OHA appointed a Privacy Officer, but this official lacks adequate authority and resources to carry out the various required privacy management responsibilities. This official also has not received OHA senior leadership support to issue the policies and procedures needed for effective organization-wide privacy management. Further, there was no central tracking to ensure that all employees completed annual privacy training and to accurately report this information to the Department and Congress as required.