GAO

GAO-19-649, DOD Installations: Monitoring Use of Physical Access Control Systems Could Reduce Risks to Personnel and Assets, August 22, 2019

The Department of Defense (DOD) has issued guidance on accessing its domestic installations and strengthening physical access control systems (PACS)—used to scan credentials to authenticate the identity and authorize individuals to access DOD installations. Specifically, DOD has recently issued guidance directing the fielding of PACS and has fielded or plans to field such systems at domestic installations. The Defense Manpower Data Center (DMDC) developed the PACS used by the Air Force, the Navy, the Marine Corps, and the Defense Logistics Agency. The Army developed its own PACS. Both types of PACS electronically connect to DOD's Identity Matching Engine for Security and Analysis (IMESA). IMESA accesses authoritative government databases to determine an individual's fitness for access (i.e., whether an individual is likely a risk to an installation or its occupants), and continually vets this fitness for subsequent visits (see fig.). PACS Connect to IMESA to Validate the Identity of Individuals and Continuously Vet Their Fitness for Access to Department of Defense Installations The Air Force and DLA have monitored their installations' use of PACS, but the Army, the Navy, and the Marine Corps have not. Army, Navy, and Marine Corps installation officials stated that they do not monitor PACS use at their installations because there is no requirement to do so. Because the Army, the Navy, and the Marine Corps do not monitor PACS use and DOD does not require that they do so, those military services do not have the data they need to evaluate the effectiveness of PACS and make informed risk-based decisions to safeguard personnel and mission-critical, high-value installation assets. DOD, Army, Navy, and Marine Corps officials agreed that monitoring installations' use of PACS would be beneficial and could be readily accomplished without significant cost using existing technology. The Army and DMDC have used a tiered approach and established helpdesks to address PACS technical issues. The Army has established performance measures and goals to assess its approach, which has improved the ability to resolve technical issues. DMDC, however, does not have performance measures and goals, and thus lacks the information needed to evaluate its PACS' performance and address issues negatively affecting operational availability. In November 2009, an Army officer killed or wounded 45 people at Fort Hood, Texas; 4 years later in September 2013, a Navy contractor killed or wounded 16 people at the Washington Navy Yard in Washington, D.C. Independent reviews conducted in the aftermath of these shootings identified physical access control weaknesses at DOD installations. The conference report accompanying the National Defense Authorization Act for Fiscal Year 2018 contained a provision for GAO to assess DOD's installation access control efforts. GAO (1) described actions DOD has taken to develop guidance on physical access to domestic installations and to field PACS at these installations, (2) evaluated the extent to which DOD has monitored the use of fielded PACS at these installations, and (3) evaluated the extent to which DOD has implemented an approach for addressing PACS technical issues and assessing associated performance. GAO analyzed DOD guidance on physical access control requirements, and visited installations to discuss with installation command and security force officials their experiences using PACS. This is a public version of a sensitive report that GAO issued in May 2019. Information that DOD deemed sensitive has been omitted. GAO made five recommendations, including that DOD monitor installations' use of PACS and develop appropriate performance measures and goals for resolving technical issues to improve PACS performance. DOD concurred with GAO's recommendations. For more information, contact Diana Maurer at (202) 512-9627 or maurerd@gao.gov.

Categories -

GAO-19-654R, Airline Consumer Protections: Information on Selected Airlines' Non-Discrimination Training Programs, August 22, 2019

Representatives from all six U.S. airlines GAO selected stated that they provide non-discrimination training to employees; representatives from four said they provide the same training to contractor staff who work directly for the airline. Specifically, all selected airline representatives told GAO they provide initial non-discrimination training to newly hired employees who interact with passengers—including, for example, pilots, flight attendants, and customer service representatives. Airline representatives provided high-level examples describing the content of their trainings, but with one exception, they declined to provide more specific information, citing the sensitive or business proprietary nature of such materials. Airlines have no legal requirement to provide GAO with their non-discrimination training materials. Representatives generally stated that trainings emphasize treating all individuals fairly and without bias, regardless of race, ancestry, or religion, among other things. Representatives from four selected airlines also said that their non-discrimination trainings cover implicit bias—a term that refers to attitudes or stereotypes about groups of people that unconsciously affect a person's understanding, actions, and decisions. Non-discrimination trainings are typically embedded in larger training programs and delivered using a combination of in-person and web-based modules, according to airline representatives. Five selected airline representatives also told GAO they use available data (e.g., passenger complaints) to evaluate the effectiveness of their non-discrimination trainings and make updates as needed. The Department of Transportation (DOT) does not require airlines to provide non-discrimination training to employees and contractors; however, officials told GAO that most larger airlines generally provide such training. DOT officials also stated that they receive few discrimination complaints relative to the millions of passenger boardings each year. Further, DOT officials said that if they were to identify an issue when reviewing passenger complaints, among various other monitoring activities, they could initiate an investigation of an airline's non-discrimination training and take enforcement action if warranted. However, representatives from non-discrimination advocacy organizations GAO interviewed identified additional actions that DOT and airlines could take to help ensure the non-discriminatory treatment of passengers, actions such as sharing non-discrimination trainings with such organizations for their input and feedback. Federal law prohibits airlines from discriminating against passengers on the basis of race, color, national origin, religion, sex, or ancestry. Nevertheless, recent high-profile events reported in the media have led some non-discrimination advocacy organizations to question whether airlines treat all passengers equally and without bias. For example, in 2017 the National Association for the Advancement of Colored People issued a travel advisory (lifted in 2018) against one airline, citing "disrespectful, discriminatory or unsafe conditions" for African-American passengers. DOT is responsible for ensuring that airlines adhere to federal non-discrimination laws. DOT encourages airlines to implement comprehensive non-discrimination training to help prevent and reduce incidents of unlawful discrimination. DOT has also developed and issued guidance to help airline employees and contractors understand their legal obligations not to discriminate against passengers. The FAA Reauthorization Act of 2018 included provisions for GAO to examine airlines' training programs on racial, ethnic, and religious non-discrimination for their employees and contractors, including how frequently airlines train new employees and contractors. This report describes selected airlines' programs for training employees and contractors on racial, ethnic, and religious non-discrimination. To understand airlines' non-discrimination training programs, GAO requested interviews and documentation from six airlines generally selected to include those with the highest number of passenger boardings and complaints of discrimination submitted directly to DOT. Representatives from five of the six selected airlines agreed to be interviewed, and one airline provided a written statement describing its non-discrimination training. Additionally, representatives from five airlines declined to provide GAO with their non-discrimination training materials, stating that their materials are business proprietary. While representatives from the remaining airline allowed GAO to attend its training, they asked GAO not to include a summary of the training in the report because it is business proprietary. To understand DOT's oversight responsibilities, GAO conducted interviews with DOT officials and reviewed relevant documents and passenger complaint data. GAO also met with representatives from four non-discrimination advocacy organizations to gain their perspectives on airlines' non-discrimination training programs. For more information, contact Andrew Von Ah, at (202) 512-2834 or vonaha@gao.gov.

Categories -

GAO-19-598, Defense Management: DOD Should Set Deadlines on Stalled Collaboration Efforts and Clarify Cross-Functional Team Funding Responsibilities, August 20, 2019

The Department of Defense (DOD) is up to 21 months late in fully addressing five of seven requirements of section 911 of the National Defense Authorization Act (NDAA) for Fiscal Year 2017. These remaining five requirements are designed to strengthen collaboration within the department to foster effective and efficient achievement of objectives and outputs (see figure). Remaining Requirements for the Department of Defense's (DOD) Implementation of Section 911 of the National Defense Authorization Act for Fiscal Year 2017, as of June 2019 DOD has not addressed most of these remaining requirements of section 911 largely because the Chief Management Officer (CMO) has not approved the documents drafted to meet the requirements or coordinated department-wide review of the documents and provided them for Secretary of Defense issuance. According to Office of the CMO (OCMO) officials, some of the draft documents were provided to the CMO for review and approval as early as August 2018. After providing a draft of this report to the department for comment, GAO learned that the organizational strategy was circulated for department coordination in July 2019, with components expected to provide input by August 2019. However, while the OCMO has set an internal time frame for the organizational strategy, it has not set similar time frames for completing the other four remaining requirements, such as delivering guidance and training on cross-functional teams. GAO previously reported that establishing internal deadlines with key milestones and deliverables is important for tracking progress and implementing actions effectively. DOD established a cross-functional team pursuant to section 911 on electromagnetic-spectrum operations (EMSO), but according to a team official, funding for the team was delayed. EMSO refers to those activities consisting of electronic warfare and joint electromagnetic-spectrum management operations used to exploit, attack, protect, and manage the electromagnetic operational environment to achieve the commander's objectives. According to the memorandum establishing the team, the CMO is required to provide administrative support to and coordinate with the team to ensure adequate resources are immediately available. However, team officials stated that this funding was delayed in part because of disagreements over responsibility for funding the team under the terms of this memorandum. Moreover, according to a team official, plans for funding in future fiscal years have not been developed. If DOD does not clarify roles and responsibilities for funding the team, the CMO and the EMSO team may face additional delays securing funding, which could negatively affect the team's ability to conduct its work and meet its objectives. DOD continues to confront organizational challenges that hinder collaboration. To address these challenges, section 911 of the NDAA for Fiscal Year 2017 directed the Secretary of Defense to, among other things, issue an organizational strategy that identifies critical objectives that span multiple functional boundaries; establish cross-functional teams to support this strategy; and provide related guidance and training. The NDAA for Fiscal Year 2017 also included a provision for GAO to assess DOD's actions in response to section 911. This report assesses the extent to which DOD has made progress in implementing the requirements of section 911, including establishing a new cross-functional team on electromagnetic spectrum operations. GAO reviewed documentation, interviewed cross-functional team members and other DOD officials, and compared DOD's actions to section 911 requirements and leading practices for cross-functional teams. GAO is making six recommendations, including that DOD set and ensure that it meets specific internal deadlines for review and approval of outstanding requirements of section 911, and that DOD clarify roles and responsibilities for providing funding for the EMSO cross-functional team. DOD concurred with GAO's recommendations and set deadlines for addressing the remaining requirements. For more information, contact Elizabeth Field at (202) 512-2775 or fielde1@gao.gov.

Categories -