A former Brockton, Massachusetts, resident pleaded guilty today to conspiracy to commit sex trafficking and related charges. Matthew Engram, 35, pleaded guilty to one count of conspiracy to commit sex trafficking by force, fraud or coercion, two counts of transportation of an individual for purposes of prostitution, and one count of conspiracy to commit interstate travel in aid of a racketeering enterprise.
- Appointment of Ambassador Stuart E. Eizenstat as Special Adviser on Holocaust Issues
December 27, 2021Office of the [Read More…]
- NASA’s Perseverance Rover Goes Through Trials by Fire, Ice, Light and Sound
September 26, 2020The agency’s new [Read More…]
- Cybersecurity: Federal Response to SolarWinds and Microsoft Exchange Incidents
January 13, 2022What GAO Found Beginning as early as January 2019, a threat actor breached the computing networks at SolarWinds—a Texas-based network management software company, according to the company’s Chief Executive Officer. The federal government later confirmed the threat actor to be the Russian Foreign Intelligence Service. Since the company’s software, SolarWinds Orion, was widely used in the federal government to monitor network activity and manage network devices on federal systems, this incident allowed the threat actor to breach several federal agencies’ networks that used the software (see figure 1). Figure 1: Analysis of How a Threat Actor Exploited SolarWinds Orion Software While the response and investigation into the SolarWinds breach were still ongoing, Microsoft reported in March 2021 the exploitation or misuse of vulnerabilities used to gain access to several versions of Microsoft Exchange Server. This included versions that federal agencies hosted and used on their premises. According to a White House statement, based on a high degree of confidence, malicious cyber actors affiliated with the People’s Republic of China’s Ministry of State Security conducted operations utilizing these Microsoft Exchange vulnerabilities. The vulnerabilities initially allowed threat actors to make authenticated connections to Microsoft Exchange Servers from unauthorized external sources. Once the threat actor made a connection, the actor then could leverage other vulnerabilities to escalate account privileges and install web shells that enabled the actor to remotely access a Microsoft Exchange Server. This in turn allowed for persistent malicious operations even after the vulnerabilities were patched (see figure 2). Figure 2: Analysis of How Threat Actors Exploited Microsoft Exchange Server Vulnerabilities Federal agencies took several steps to coordinate and respond to the SolarWinds and Microsoft Exchange incidents including forming two Cyber Unified Coordination Groups (UCG), one for the SolarWinds incident and one for the Microsoft Exchange incident. Both UCGs consisted of the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Office of the Director of National Intelligence (ODNI), with support from the National Security Agency (NSA). According to UCG agencies, the Microsoft Exchange UCG also integrated several private sector partners in a more robust manner than their involvement in past UCGs. CISA issued emergency directives to inform federal agencies of the vulnerabilities and describe what actions to take in response to the incidents. To aid agencies in conducting their own investigations and securing their networks, UCG agencies also provided guidance through advisories, alerts, and tools. For example, the Department of Homeland Security (DHS), including CISA, the FBI, and NSA released advisories for each incident providing information on the threat actor’s cyber tools, targets, techniques, and capabilities. CISA and certain agencies affected by the incidents have taken steps and continue to work together to respond to the SolarWinds incident. Agencies have completed steps to respond to the Microsoft Exchange incident. Agencies also identified multiple lessons from these incidents. For instance, coordinating with the private sector led to greater efficiencies in agency incident response efforts; providing a centralized forum for interagency and private sector discussions led to improved coordination among agencies and with the private sector; sharing of information among agencies was often slow, difficult, and time consuming and; collecting evidence was limited due to varying levels of data preservation at agencies. Effective implementation of a recent executive order could assist with efforts aimed at improving information sharing and evidence collection, among others. Why GAO Did This Study The risks to information technology systems supporting the federal government and the nation’s critical infrastructure are increasing, including escalating and emerging threats from around the globe, the emergence of new and more destructive attacks, and insider threats from witting or unwitting employees. Information security has been on GAO’s High Risk List since 1997. Recent incidents highlight the significant cyber threats facing the nation and the range of consequences that these attacks pose. A recent such incident, involving SolarWinds, resulted in one of the most widespread and sophisticated hacking campaigns ever conducted against the federal government and private sector. Another incident included zero-day Microsoft Exchange Server vulnerabilities that had the potential to affect email servers across the federal government and provide malicious threat actors with unauthorized remote access. According to CISA, the potential exploitation from both incidents posed an unacceptable risk to federal civilian executive branch agencies because of the likelihood of vulnerabilities being exploited and the prevalence of affected software. GAO performed its work under the authority of the Comptroller General to conduct an examination of these cybersecurity incidents in light of widespread congressional interest in this area. Specifically, GAO’s objectives were to (1) summarize the SolarWinds and Microsoft Exchange cybersecurity incidents, (2) determine the steps federal agencies have taken to coordinate and respond to the incidents, and (3) identify lessons federal agencies have learned from the incidents. To do so, GAO reviewed documentation such as descriptions of the incidents, federal agency press releases, response plans, joint statements, and guidance issued by the agencies responsible for responding to the incidents: DHS (CISA), the Department of Justice (FBI), and ODNI with support from NSA. In addition, GAO analyzed incident reporting documentation from affected agencies and after-action reports to identify lessons learned. For all objectives, GAO interviewed agency officials to obtain additional information about the incidents, coordination and response activities, and lessons learned.
- West Texas Gas Companies Agree to Pay $3 Million Civil Penalty in Federal Settlement Requiring $5 Million in Safety Improvements and Clean Air Act Compliance at Eight Natural Gas Processing Plants
October 1, 2021Five subsidiaries of West Texas Gas Inc. will spend up to $5 million on compliance measures in a settlement that resolves allegations in the United States’ complaint, lodged today, that they violated federal Clean Air Act chemical accident prevention requirements at several of their natural gas processing plants. The companies will pay more than $3 million in civil penalties to resolve claims stemming from fatal chemical accidents and accident prevention program violations.
- Biodefense: Opportunities to Address National Strategy and Programmatic Challenges
February 17, 2022What GAO Found For over a decade, GAO has conducted work evaluating federal biodefense efforts and has identified challenges and opportunities for improvement in several key areas: Implementing the National Biodefense Strategy. In February 2020, GAO found that challenges with data collection and assessment and decision-making across the biodefense enterprise could limit successful Strategy implementation. GAO recommended four actions, including that the Department of Health and Human Services, which coordinates interagency Strategy efforts, work with agencies to better define roles and responsibilities. The agency agreed and is taking steps to address these recommendations. Strengthening Biodefense Preparedness. In August 2021, GAO reported that key federal agencies, including the Department of Homeland Security (DHS), had developed interagency response plans and conducted exercises to prepare for biological incidents in the years prior to the COVID-19 pandemic. However, GAO found that the nation lacked certain elements necessary in preparing for biological incidents, including an interagency process to communicate priorities for conducting biodefense exercises. Further, GAO found that agencies did not routinely work together to monitor results from exercises and real-world incidents to identify patterns and root causes for systemic challenges. GAO recommended 16 actions, including that DHS and other agencies better identify root causes and the agencies responsible for addressing them. The agencies generally agreed with these recommendations and are taking steps to implement them. Strengthening DHS’s National Biosurveillance Integration Center (NBIC). GAO has reported that NBIC—created to integrate data across the federal government to enhance detection and situational awareness of biological events—has experienced longstanding challenges related to its lack of a clear purpose and limited collaboration with other agencies. DHS implemented GAO’s past recommendations to strengthen NBIC, However, in 2015 GAO found NBIC continued to face challenges, such as limited partner participation in the center’s activities. GAO identified options that could address these challenges, ranging from strengthening the center’s ability to implement its current roles to repealing NBIC’s statute. GAO plans to initiate work to assess NBIC’s more recent efforts. Acquiring Biodetection Technologies. GAO has reported on challenges with DHS efforts to implement its BioWatch program to detect an aerosolized biological attack. Most recently, GAO reported in May 2021 on DHS’s current effort to replace BioWatch, known as BD21. For example, GAO found that BD21 faces challenges due to technology limitations and uncertainties with combining technologies for use in biodetection, including possible false alarms. GAO recommended three actions, including that the BD21 program office conduct technology readiness assessments that follow GAO’s best practices prior to the program’s future acquisition decision. DHS agreed with these recommendations and is taking steps to address them. Why GAO Did This Study Biological threats, such as the COVID-19 pandemic, can cause catastrophic loss of life and damage to the economy. The 2018 National Biodefense Strategy outlines goals and objectives to help prepare for and respond to such threats. However, DHS has long faced challenges implementing its biodefense responsibilities, including acquiring biodetection capabilities. This statement discusses GAO reports issued from December 2009 through August 2021 on efforts to implement the National Biodefense Strategy and strengthen biodefense preparedness, as well as ongoing challenges to DHS’s biosurveillance and biodetection efforts. The statement also includes recommendation follow-up work conducted through January 2022. For the prior work, GAO reviewed relevant presidential directives, statutes, regulations, policies, strategic plans, and after-action reports; and interviewed federal and state officials, among others. For recommendation updates, GAO reviewed agency documentation and met with agency officials.
- Defense Department Linguist Sentenced to 23 Years in Prison for Transmitting Highly Sensitive Classified National Defense Information to Aid a Foreign Government
June 23, 2021Mariam Taha Thompson, 62, formerly of Rochester, Minnesota, was sentenced today to 23 years in prison for delivering classified national defense information to aid a foreign government. As part of her March 26 guilty plea, Thompson admitted that she believed that the classified national defense information that she was passing to a Lebanese national would be provided to Lebanese Hezbollah, a designated foreign terrorist organization.
- Financial Audit: Office of Financial Stability’s (Troubled Asset Relief Program) FY 2020 and FY 2019 Financial Statements
November 10, 2020GAO found (1) the Office of Financial Stability’s (OFS) financial statements for the Troubled Asset Relief Program (TARP) as of and for the fiscal years ended September 30, 2020, and 2019, are presented fairly, in all material respects, in accordance with U.S. generally accepted accounting principles; (2) OFS maintained, in all material respects, effective internal control over financial reporting for TARP as of September 30, 2020; and (3) no reportable noncompliance for fiscal year 2020 with provisions of applicable laws, regulations, contracts, and grant agreements GAO tested. In commenting on a draft of this report, OFS stated that it is proud to receive an unmodified opinion on its financial statements and its internal control over financial reporting. OFS also stated that it is committed to maintaining the high standards and transparency reflected in these audit results. The Emergency Economic Stabilization Act of 2008 (EESA) that authorized TARP on October 3, 2008, includes a provision for TARP, which is implemented by OFS, to annually prepare and submit to Congress and the public audited fiscal year financial statements that are prepared in accordance with U.S. generally accepted accounting principles. EESA further states that GAO shall audit TARP’s financial statements annually. For more information, contact Cheryl E. Clark at (202) 512-3406 or firstname.lastname@example.org.
- Updated – Secretary Pompeo’s Travel to India, Sri Lanka, Maldives, Indonesia, and Vietnam
October 28, 2020Morgan Ortagus, [Read More…]
- Laredo man sentenced for undocumented alien death due to car wreck
In Justice NewsAugust 5, 2021A 28-year-old Laredoan [Read More…]
- Federal Reserve Lending Programs: Credit Markets Served by the Programs Have Stabilized, but Vulnerabilities Remain
October 19, 2021What GAO Found The Board of Governors of the Federal Reserve System (Federal Reserve) authorized 13 lending programs—known as facilities—to ensure the flow of credit to various parts of the economy affected by the COVID-19 pandemic. The last of the nine facilities supported through CARES Act funding ceased purchasing assets, such as corporate bonds, or extending credit by January 8, 2021. As of September 1, 2021, the CARES Act facilities held about $19 billion in assets. The Federal Reserve oversight reviews completed in December 2020 identified opportunities to enhance certain areas, including internal process and controls. These reviews also identified areas for continued monitoring, such as cybersecurity and conflicts of interest. GAO found that Federal Reserve’s plans for ongoing monitoring of the facilities align with federal internal control standards for ongoing monitoring of an entity’s internal control system. Available indicators suggest the facilities helped improve access to credit and liquidity in the corporate and municipal credit markets. For example, corporate bond spreads (which reflect borrowing costs) have remained low, and municipal spreads have decreased to prepandemic levels. Also, officials from state and local entities that participated in the Municipal Liquidity Facility (which targeted the municipal bond market) generally said the facility was beneficial and helped restore investor confidence in the municipal bond market. However, corporate and municipal credit markets remain vulnerable. For corporate credit markets, corporate bonds outstanding remain elevated and the high level of debt leaves businesses vulnerable to distress. Municipal credit markets also remain vulnerable because of the pandemic’s extended duration, which may adversely affect local economies. According to surveys of small and independent businesses and lenders, access to credit has improved, but recovery remains slow, including for businesses in the services sector. Loans made under the Main Street facilities (which targeted small and mid-sized businesses and nonprofits) were concentrated among small for-profit businesses in certain economic sectors, such as restaurants. According to GAO’s generalizable survey of Main Street borrowers, an estimated 88 percent said that the program was “very important” in helping them maintain operations. Women-owned businesses participated at lower rates compared to their representation among U.S. businesses. Although estimates of veteran- and minority-owned business participation were somewhat lower compared to their representation among U.S. businesses, the differences were not statistically significant (see figure). Estimated Participation of Business Types in the Main Street Lending Program Why GAO Did This Study On July 30, 2021, the last of the 13 Federal Reserve lending facilities stopped purchasing assets or extending credit. However, some of these facilities, including facilities that were supported through Department of the Treasury funding appropriated under section 4003(b)(4) of the CARES Act, continue to hold outstanding assets and loans. The Federal Reserve will continue to monitor and manage the facilities until these assets and loans are no longer outstanding. The CARES Act included a provision for GAO to periodically report on section 4003 loans, loan guarantees, and investments. This report examines the Federal Reserve’s continued oversight and monitoring of the CARES Act facilities; what available evidence suggests about the facilities’ effects on corporate credit markets, states and municipalities, and small businesses; and the characteristics of Main Street Lending Program participants, among other things. GAO reviewed applicable laws and agency and Federal Reserve Bank documentation; analyzed agency and other data on the facilities and credit markets; interviewed Federal Reserve and Treasury officials and representatives of state and local governments; and conducted a generalizable survey of for-profit Main Street borrowers. For more information, contact Michael E. Clements at (202) 512-8678 or email@example.com.
- Justice Department Settles Investigation into Language Barriers in the Hazleton Police Department
May 28, 2021The Justice Department today announced it has reached a settlement agreement with the Hazleton Police Department (HPD) and the City of Hazleton, Pennsylvania, to help people with limited English proficiency (LEP) communicate with the police.
- The United States Condemns the Houthi Detention of Yemeni Staff of the U.S. Embassy in Sana’a and Breach of Embassy Compound
November 19, 2021Antony J. Blinken, [Read More…]
- Secretary Michael R. Pompeo With Paul W. Smith of The Paul W. Smith Show on WJR Detroit
October 15, 2020Michael R. Pompeo, [Read More…]
- Federal Real Property: Additional Documentation of Decision Making Could Improve Transparency of New Disposal Process
January 29, 2021In 2016, the Federal Assets Sale and Transfer Act (FASTA) created the independent Public Buildings Reform Board (the Board) to support a new, three-round process for disposing of unneeded federal real property. The first of these rounds required the Board to identify and recommend at least five high-value disposal candidates with a total market value between $500 and $750 million. To identify these properties, the General Services Administration (GSA) collected and evaluated agency recommendations; a GSA-hired contractor analyzed real property data; and the Board held public hearings, visited properties, and met with federal officials. This process resulted in identifying 44 properties. The Board then took various steps to evaluate the 44 properties and recommended 12 final disposal candidates that the Office of Management and Budget (OMB) approved in January 2020. (See figure.) However, the Board did not fully document the process used to evaluate these candidates. For example, the Board’s rationales for why individual candidates were or were not recommended were vague or incomplete. Full documentation on the decision-making process would better position stakeholders, including members of Congress, to understand the Board’s rationales, especially for decisions with financial implications. Process Used by Stakeholders for Identifying and Recommending High-Value Federal Real Property for Potential Disposal Candidates According to Board and selected federal agency officials, FASTA made it easier for agencies to pursue high-value property disposals due, in part, to exemptions from some requirements, such as having to first offer properties to federal, state, or local agencies. However, FASTA’s effect on other long-standing challenges, including funding to prepare properties for disposal, is unclear. For example, FASTA created a dedicated funding source to implement Board recommendations including those related to covering disposal costs, such as relocating agency staff. However, officials expressed concern that access to these funds is not automatic and must go through the annual appropriations process, which rarely coincides with the timing of these projects. The administration proposed legislative language to make proceeds from the sale of assets in fiscal year 2021 available without additional actions by Congress. However, as of January 2021, legislation containing the proposed language had not been enacted. This report discusses elements Congress may wish to evaluate when determining whether to grant such budget-related flexibility. GAO designated federal real property management, including the disposal of properties, as a high-risk area in 2003. FASTA included a provision for GAO to review the recommendations and selection processes such as those used in the first round of identifying and recommending high-value properties as candidates for disposal. This report examines: (1) how stakeholders implemented FASTA to identify and evaluate high-value properties as potential disposal candidates and (2) stakeholder views on the extent to which FASTA helped agencies with the disposal of unneeded high-value properties and addressed long-standing challenges in disposing of federal properties. GAO reviewed FASTA and analyzed documents from the Board, OMB, GSA, and selected 14 federal agencies to examine the processes they used and the challenges they encountered under the FASTA process. Agencies were selected based on their recommendations of high-value properties and inclusion on the Board’s final list, among other things. GAO also interviewed officials from the Board, OMB, GSA, and selected federal agencies. GAO is recommending that the Board fully document its process for recommending FASTA disposal candidates, including the rationales behind disposal decisions. The Board noted plans to develop more documentation of its future disposal decisions. For more information, contact David Trimble at (202) 512-2834 or firstname.lastname@example.org.
- Justice Department Enters Agreement to Ensure Public Transportation for Passengers with Disabilities in the County of Hawaii
August 24, 2021The Justice Department entered into a settlement agreement with the County of Hawaii and the County’s Mass Transit Agency (MTA) to resolve an investigation conducted under Title II of the Americans with Disabilities Act (ADA).
- International Day of United Nations Peacekeepers
May 28, 2021Antony J. Blinken, [Read More…]
- Two Kentucky Real Estate Professionals Indicted for Rigging Farmland Auction
May 21, 2021A federal grand jury in the Western District of Kentucky returned an indictment charging two Kentucky real estate professionals with conspiring to rig bids at an estate auction for farmland and timber rights.
- Multiple Defendants Indicted in Alleged Intellectual Property Theft Scheme
September 22, 2021An indictment was unsealed yesterday in the Eastern District of Pennsylvania charging a New Jersey man, a California man, and a New York man with federal crimes arising out of a wide-ranging and lucrative copyright infringement scheme.
- Former NGO Procurement Official Pleads Guilty to Bribery
December 23, 2020A former non-governmental organization (NGO) procurement official pleaded guilty today to paying bribes to NGO procurement officers in exchange for sensitive procurement information related to NGO contracts funded in part by the U.S. Agency for International Development (USAID). These contracts were for the procurement of food and supplies that would ultimately be provided to those affected by various humanitarian crises, including refugees displaced by the conflict in Syria.
- DOD Financial Management: Continued Efforts Needed to Correct Material Weaknesses Identified in Financial Statement Audits
October 13, 2020The Department of Defense (DOD) continues to face financial management issues and challenges that have prevented it from obtaining a clean audit opinion on the fair presentation of its financial statements. Specifically, financial statement auditors issued disclaimers of opinion on DOD’s and the military services’ fiscal year 2018 and 2019 financial statements. These disclaimers resulted from numerous material weaknesses based on thousands of notices of findings and recommendations (NFR) that the auditors issued. Of the 2,409 NFRs issued to DOD and its components in fiscal year 2018, DOD’s auditors were able to close 623 (26 percent) in fiscal year 2019; the remaining 1,786 (74 percent) remained open. These results provide useful insights on DOD’s remediation progress since beginning department-wide full audits in fiscal year 2018; it is important for DOD to equal or exceed this progress in the future. Financial statement audits have value beyond the audit opinion and can help management save resources and improve military readiness. DOD leadership identified a number of benefits that resulted from these financial statement audits. For example, the Navy identified a warehouse that was not in its property records that contained approximately $126 million in aircraft parts. The Navy was able to fill over $20 million in open orders for these parts. By using these parts, aircraft were repaired quicker and made available for use, which improved military readiness. To help guide and prioritize department-wide efforts, DOD identified eight audit remediation priority areas (four in 2019 and four in 2020), seven of which specifically related to material weaknesses that its auditor reported. The military services also developed methodologies to prioritize NFRs and determined that over half of their fiscal year 2018 NFRs are high priority and significant to their financial statement audits. DOD and its components have taken steps to develop corrective action plans (CAP) to address NFRs. However, most of the CAPs that GAO tested did not include at least one data element or evidence that a root-cause analysis was performed, as directed by Office of Management and Budget (OMB) and other related guidance, in part, because DOD guidance and monitoring efforts did not clearly identify the need for such documentation. As a result, DOD and its components may lack sufficient information and assurance that their remediation efforts will resolve the underlying causes associated with the NFRs and related material weaknesses. Based on these issues, DOD and its components are at increased risk that their actions may not effectively address identified deficiencies in a timely manner. DOD developed an NFR Database that contains useful information on deficiencies that financial auditors identified and actions to address them, which has improved its ability to monitor and report on audit remediation efforts using dashboard reports based on real-time data contained in the database. However, certain database information on which these reports are based may not be accurate, reliable, and complete. For example, although DOD reviews NFR Database information monthly, it does not follow up on instances of outdated information or other exceptions identified to ensure components resolve them timely. Without complete and reliable information on DOD’s audit remediation efforts, internal and external stakeholders may not have quality information to effectively monitor and measure DOD’s progress. DOD is responsible for about half of the federal government’s discretionary spending, yet it remains the only major federal agency that has been unable to receive a clean audit opinion on its financial statements. After years of working toward financial statement audit readiness, DOD underwent full financial statement audits in fiscal years 2018 and 2019. This report, developed in connection with fulfilling GAO’s mandate to audit the U.S. government’s consolidated financial statements, examines the (1) actions taken by DOD and the military services to prioritize financial statement audit findings; (2) extent to which DOD and its components developed CAPs to address audit findings in accordance with OMB, DOD, and other guidance; and (3) extent to which DOD improved its ability to monitor and report on audit remediation efforts. GAO reviewed documentation and interviewed officials about DOD’s and the military services’ audit remediation prioritization, monitoring, and reporting. GAO selected a generalizable sample of 98 NFRs to determine whether CAPs to address them were developed according to established guidance. GAO is making five recommendations to DOD to improve the quality of CAPs to address audit findings and information in the NFR Database and related reports provided to internal and external stakeholders to monitor and assess audit remediation efforts. DOD concurred with three of GAO’s recommendations, partially concurred with one recommendation, and disagreed with one recommendation. GAO continues to believe that all the recommendations are valid. For more information, contact Asif A. Khan at (202) 512-9869 or email@example.com.