Skip to main content
U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Audits, Inspections, and Evaluations

Report Number Title Issue Date Sort ascending Fiscal Year
OIG-21-37 We determined that DHS needs to improve the collection and management of data across its multiple components to better serve and safeguard the public.  The data access, availability, accuracy, completeness, and relevance issues we identified presented numerous obstacles for DHS personnel who did not have essential information they needed for decision making or to effectively and efficiently carry out day-to-day mission operations.  Although DHS has improved its information security program and developed plans to improve quality and management of its data, follow through and continued improvement will be essential to address the internal control issues underlying the data deficiencies highlighted in the report.  We made no recommendations in the summary report.

>Persistent Data Issues Hinder DHS Mission, Programs, and Operations
2021
OIG-21-36 We determined that before July 12, 2018, migrant parents did not consistently have the opportunity to reunify with their children before removal.  Although DHS and ICE have claimed that parents removed without their children chose to leave them behind, there was no policy or standard process requiring ICE officers to ascertain, document, or honor parents’ decisions regarding their children.  As a result, from the time the Government began increasing criminal prosecutions in July 2017, ICE removed at least 348 separated parents without documenting whether those parents wanted to leave their children in the United States.  In fact, ICE removed some parents without their children despite having evidence the parents wanted to bring their children back to their home country.  In addition, we found that some ICE records purportedly documenting migrant parents’ decisions to leave their children in the United States were significantly flawed.  We made two recommendation that will ensure ICE documents separated migrant parents’ decisions regarding their minor children upon removal from the United States, and develops a process to share information with Government officials to contact parents for whom ICE lacks documentation on reunification preferences.  ICE concurred with our recommendations.

>ICE Did Not Consistently Provide Separated Migrant Parents the Opportunity to Bring Their Children upon Removal
2021
OIG-21-35 We determined DHS law enforcement components did not consistently collect DNA from arrestees as required.  Of the five DHS law enforcement components we reviewed that are subject to these DNA collection requirements, only Secret Service consistently collected DNA from arrestees.  U.S. Immigration and Customs Enforcement (ICE) and the Federal Protective Service inconsistently collected DNA, and U.S. Customs and Border Protection (CBP) and the Transportation Security Administration (TSA) collected no DNA.  DHS did not adequately oversee its law enforcement components to ensure they properly implemented DNA collection.  Based on our analysis, we project the DHS law enforcement components we audited did not collect DNA for about 212,646, or 88 percent, of the 241,753 arrestees from fiscal years 2018 and 2019.  Without all DHS arrestees’ DNA samples in the Federal Bureau of Investigation’s criminal database, law enforcement likely missed opportunities to receive investigative leads based on DNA matches.  Additionally, DHS did not benefit from a unity of effort, such as sharing and leveraging processes, data collection, and best practices across components.  We recommended DHS oversee and guide its law enforcement components to ensure they comply with collection requirements.  DHS concurred with all four of our recommend.

>DHS Law Enforcement Components Did Not Consistently Collect DNA from Arrestees
2021
OIG-21-34 We determined that U.S. Customs and Border Protection (CBP) and Border Patrol headquarters officials were only aware of a few of the 83 CBP employees’ cases of social media misconduct.  CBP and Border Patrol senior officials only responded to one of those cases, upon direction from DHS.  In contrast, the senior Office of Field Operations (OFO) headquarters leader issued guidance to remind OFO employees of acceptable use of social media.  With regard to the posts media outlets published in July 2019, we found no evidence that senior CBP headquarters or field leaders were aware of them until they were made public by the media.  We also found some senior leaders questioned the legality or the application of CBP policies, which may undermine CBP’s ability to enforce the policies.  We made two recommendations to help reduce the incidence of social media misconduct.  First, we recommended the Commissioner ensures CBP uniformly applies social media misconduct policies, and establishes social media training for new recruits and annual refresher training for all employees.  CBP concurred with all recommendations.

>CBP Senior Leaders' Handling of Social Media Misconduct
2021
OIG-21-33 We determined DHS did not comply with Payment Integrity Information Act of 2019 (PIIA)  in fiscal year 2020 because it did not achieve and report an improper payment rate of less than 10 percent for 2 of 12 programs reported in its FY 2020 Agency Financial Report.  DHS complied with Executive Order 13520 by properly compiling and making available to the public its FY 2020 Quarterly High-Dollar Overpayment reports.  We made two recommendations to DHS to follow Office of Management and Budget requirements and ensure the Federal Emergency Management Agency continues its remediation process to reduce improper payments.  DHS concurred with both recommendations. 

>Department of Homeland Security's FY 2020 Compliance with the Payment Integrity Information Act of 2019 and Executive Order 13520, Reducing Improper Payments
2021
OIG-21-32 During our unannounced inspection of Pulaski County Jail, we identified violations of U.S. Immigration and Customs Enforcement (ICE) detention standards that threatened the health, safety, and rights of detainees.  In addressing COVID-19, Pulaski did not consistently enforce precautions including use of facial coverings and social distancing, which may have contributed to repeated COVID-19 transmissions at the facility.  Pulaski did not meet standards for classification, medical care, segregation, or detainee communication.  We found that the facility was not providing a color-coded visual identification system based on the criminal history of detainees, causing inadvertent comingling of a detainee with significant criminal history with detainees who had no criminal history.  The facility generally provided sufficient medical care, but did not provide emergency dental services and the medical unit did not have procedures in place for chronic care follow-up.  We also found that the facility was not consistently providing required oversight for detainees in segregation by conducting routine wellness checks.  Finally, we found deficiencies in staff communication practices with detainees.  Specifically, ICE did not specify times for staff to visit detainees and could not provide documentation that it completed facility visits with detainees during the pandemic.  We did find that Pulaski generally complied with the ICE detention standard for grievances.  We made five recommendations to ICE’s Executive Associate Director of Enforcement and Removal Operations (ERO) to ensure the Chicago ERO Field Office overseeing Pulaski addresses identified issues and ensures facility compliance with relevant detention standards.  ICE concurred with all five recommendations. 

>Violations of ICE Detention Standards at Pulaski County Jail
2021
OIG-21-31 Under 40 U.S.C. § 1315, DHS had the legal authority to designate and deploy DHS law enforcement officers from CBP, ICE and United States Secret Service to help the Federal Protective Service protect Federal facilities in Portland, Oregon.  However, DHS was unprepared to effectively execute cross-component activities to protect Federal facilities when component law enforcement officers first deployed on June 4, 2020.  Specifically, not all officers completed required training; had the necessary equipment; or used consistent uniforms, devices, and operational tactics when responding to the events in Portland.  This occurred because DHS did not have a comprehensive strategy that addressed the potential for limited state and local law enforcement assistance, and cross-designation policies, processes, equipment, and training requirements.  We made two recommendations to improve DHS’ preparedness for protecting Federal property.  DHS concurred with both recommendations.

>DHS Had Authority to Deploy Federal Law Enforcement Officers to Protect Federal Facilities in Portland, Oregon, but Should Ensure Better Planning and Execution in Future Cross-Component Activities
2021
OIG-21-30 Violations of Detention Standards Amidst COVID-19 Outbreak at La Palma Correctional Center in Eloy, AZ 2021
OIG-21-18 CBP Needs Additional Oversight to Manage Storage of Illicit Drugs (REDACTED) 2021
OIG-21-29 DHS' Fragmented Approach to Immigration Enforcement and Poor Planning Resulted in Extended Migrant Detention during the 2019 Surge 2021
OIG-21-27 We determined that U.S Customs and Border Protection’s (CBP) mail inspection processes and physical security at the John F. Kennedy (JFK) International Airport International Mail Facility (IMF) are ineffective, showing limited progress since our prior audit.  CBP inspected approximately [REDACTED] percent of the 1.3 million pieces of mail it received during our June 2019 site visit.  CBP also did not timely inspect and process mail from high-risk countries, creating unmanageable backlogs. These deficiencies were largely because of inadequate resources and guidance.  Consequently, more than [REDACTED] pieces of mail were sent out for delivery without physical inspection.  We made eight recommendations aimed at improving international mail processes at JFK International Airport.  CBP concurred with six, but non-concurred with two of the recommendations. 

>CBP Faced Challenges in its Inspection Processes and Physical Security at the JFK International Mail Facility (Redacted)
2021
OIG-21-28 FEMA Needs Revised Policies and Procedures to Better Manage Recovery of Disallowed Grant Funds 2021
OIG-21-23 We determined that the Federal Emergency Management (FEMA) Region II (Region II) and New York State’s Division of Homeland Security Emergency Services (DHSES) have not adequately monitored or timely closed hundreds of projects, awarded at $578.8 million, for 7 disasters we reviewed. We made four recommendations that will help strengthen internal controls to improve oversight of the PA grant program.  FEMA concurred with all four of our recommendations.

>FEMA Needs to Reduce the $579 Million Backlog of Projects in its New York Public Assistance Grant Program
2021
OIG-21-26 We determined that FEMA did not ensure procurements and costs for debris removal operations in Monroe County, Florida, met Federal requirements and FEMA guidelines.  Specifically, FEMA did not adequately review local entities’ procurements for debris removal projects and reimbursed local entities for questionable costs.  These deficiencies were due to weaknesses in FEMA training and its quality assurance process.  As a result, FEMA approved reimbursement to local entities for nearly $25.6 million (more than $23 million in Federal share) for debris removal projects, including contracts that may not have met Federal procurement requirements, and more than $2 million in questionable costs.  Without improvements to FEMA’s training and project review processes, FEMA risks continuing to expose millions of dollars in disaster relief funds to fraud, waste, and abuse.  We made three recommendations with which FEMA officials concurred.  Based on the information FEMA provided, we consider the three recommendations resolved and open.

>FEMA's Procurement and Cost Reimbursement Review Process Needs Improvement
2021
OIG-21-24 We determined that the Federal Emergency Management Agency (FEMA) did not ensure state and local law enforcement agencies expended FEMA’s grant for protection of the President’s non-governmental residences in accordance with Federal regulations and Agency guidelines. We made four recommendations to FEMA that should improve the management of the program.  FEMA concurred with three recommendations and nonconcurred with one recommendation.

>FEMA Needs to Improve Guidance and Oversight for the Presidential Residence Protection Assistance Grant
2021
OIG-21-25 This report provides a summary of our previous findings and recommendations, which may inform future disaster response efforts.  Based on our prior work, we identified a pattern of internal control vulnerabilities that negatively affect both disaster survivors and disaster program effectiveness that may hinder future response efforts, including shortcomings in acquisition and contracting controls, interagency coordination challenges, and insufficient privacy safeguards that affect disaster survivors.  Additionally, FEMA did not adequately oversee disaster grant recipients and subrecipients, manage disaster assistance funds, or oversee its information technology environment.  This report discusses these vulnerabilities and the correlating recommendations we previously made that, if implemented, would better prepare FEMA to respond to future disasters.  We made no new recommendations. 

>Success of Future Disaster Response and Recovery Efforts Depends on FEMA Addressing Current Vulnerabilities
2021
OIG-21-22 We determined that DHS’ Countering Weapons of Mass Destruction Office (CWMD) BioWatch has information sharing challenges that reduce nationwide readiness to respond to biological terrorism threats.  We made four recommendations that, when implemented, will improve BioWatch. CWMD concurred with all four recommendations. 

>Biological Threat Detection and Response Challenges Remain for BioWatch (REDACTED)
2021
OIG-21-21 We determined that, in response to Executive Order 13767, U.S. Customs and Border Protection (CBP) implemented new tools and technologies that have enhanced Border Patrol’s surveillance capabilities and efficiency along the southwest border.  We made three recommendations to improve CBP’s border technology, enhance situational awareness of the southwest border, and address potential IT security vulnerabilities.  CBP concurred with all three recommendations.

>CBP Has Improved Southwest Border Technology, but Significant Challenges Remain
2021
OIG-21-20 During the course of the audit, we determined that FEMA provided hotel rooms to about 90,000 households (nearly 227,000 survivors) after the 2017 California wildfires and Hurricanes Harvey, Irma, and Maria.  However, FEMA did not oversee and manage the Transitional Sheltering Assistance (TSA) program to ensure it operated efficiently and effectively to meet all disaster survivors’ needs.  We made two recommendations that when implemented, will improve FEMA’s oversight and pre-disaster planning of transitional sheltering.  FEMA concurred with both recommendations and the recommendations are resolved and open.

>Better Oversight and Planning are Needed to Improve FEMA's Transitional Sheltering Assistance Program
2021
OIG-21-19 We determined that U.S. Customs and Border Protection’s (CBP) training approach and execution do not fully support the canine teams’ mission to detect smuggling of illegal narcotics, agriculture products, and humans at and between ports of entry.  In total, we made four recommendations that, if implemented, should help CBP improve oversight of its Canine Program, formalize and implement a realignment plan for the training academy, provide proper training capabilities, and update and standardize program guidance.  CBP concurred with all our recommendations. 

>CBP Needs to Improve the Oversight of its Canine Program to Better Train and Reinforce Canine Performance (REDACTED)
2021
OIG-21-17 Based on our review of 45 judgmentally sampled awards (15 non-competitive grants and 30 other than full and open competition [OTFOC] contracts), we found DHS complied with applicable laws and regulations.  We made two recommendations to help improve DHS’ procedures and ensure future reporting submissions are accurate.  The Department concurred with the two recommendations.  

>DHS Grants and Contracts Awarded through Other Than Full and Open Competition, FYs 2018 and 2019
2021
OIG-21-16 This report offers DHS OIG’s initial observations on the PACR and HARP programs based on our March 2020 visit to the El Paso, Texas area and analysis of data and information provided by CBP and USCIS headquarters.  We determined that CBP rapidly implemented the pilot programs and expanded them without a full evaluation of the pilots’ effectiveness.  Additionally, we determined there are potential challenges with the PACR and HARP programs related to how aliens are held and provided access to counsel and representation, and how CBP and USCIS assign staff to program duties and track aliens in the various agency systems.  We made six recommendations to improve PACR and HARP program implementation.  DHS did not concur with five of the six recommendations, stating that lawsuits and the COVID-19 pandemic had, in effect, ended the programs.  We reviewed evidence provided by CBP and concluded the lawsuits themselves did not terminate the PACR and HARP pilot programs.  Therefore, the recommendations remain open and unresolved.  If the programs resume, we plan to resume actual or virtual site visits and issue a report detailing DHS’ full implementation of the PACR and HARP pilot programs.

>DHS Has Not Effectively Implemented the Prompt Asylum Pilot Programs
2021
OIG-21-15 ICE Guidance Needs Improvement to Deter Illegal Employment,” OIG-21-15.  We determined the Worksite Enforcement (WSE) program compliance, civil enforcement, and outreach activities are not as effective as they could be to support U.S. Immigration and Customs Enforcement’s (ICE) immigration enforcement strategy.  ICE officials did not consistently enforce ICE guidance, take timely and affirmative steps against unauthorized alien workers, and ensure the outreach program achieved measurable progress and was cost effective.  We made four recommendations with which ICE officials concurred.  Based on the information ICE provided, we consider the four recommendations resolved and open.

>ICE Guidance Needs Improvement to Deter Illegal Employment
2021
OIG-21-13 CBP's Configuration Management Practices Did Not Effectively Prevent System Outage 2021
OIG-21-14 Ineffective Implementation of Corrective Actions Diminishes DHS' Oversight of Its Pandemic Planning 2021
OIG-21-12 ICE Needs to Address Prolonged Administrative Segregation and Other Violations at the Imperial Regional Detention Facility 2021
OIG-21-11 TSA Needs to Improve Management of the Quiet Skies Program (REDACTED) 2021
OIG-21-10 FEMA Should Disallow $12.2 Million in Disaster Case Management Program Grant Funds Awarded to New York for Hurricane Sandy 2021
OIG-21-09 DHS Components Have Not Fully Complied with the Department's Guidelines for Implementing the Lautenberg Amendment 2021
OIG-21-08 Independent Auditors' Report on DHS' FY 2020 Financial Statements and Internal Control over Financial Reporting 2021
OIG-21-07 Major Management and Performance Challenges Facing the Department of Homeland Security 2021
OIG-21-06 DHS Privacy Office Needs to Improve Oversight of Department-wide Activities, Programs, and Initiatives 2021
OIG-21-04 Modernization has improved the Federal Emergency Management Agency’s (FEMA) Federal Insurance and Mitigation Administration (FIMA) ability to timely process policies and claims data, enhanced reporting capabilities, and provided more reliable address validation. Despite these improvements, the transition to PIVOT did not resolve longstanding data reliability issues, as FIMA migrated the vast majority of its historical legacy data, including errors, into the PIVOT system. FIMA also deployed PIVOT without adequate controls to prevent potentially erroneous transactions from being recorded in the system. We made three recommendations to improve the quality of data in the modernized NFIP system and educate stakeholders on data quality issues that exist in historical NFIP data. FEMA concurred with all three recommendations.

>FIMA Made Progress Modernizing Its NFIP System, but Data Quality Needs Improvement
2021
OIG-21-05 Management Alert - FPS Did Not Properly Designate DHS Employees Deployed to Protect Federal Properties under 40 U.S.C. § 1315(b)(1) 2021
OIG-21-03 We found violations of U.S. Immigration and Customs Enforcement (ICE) detention standards undermining the protection of detainees’ rights and the provision of a safe and healthy environment.  Although the Howard County Detention Center (HCDC) generally complied with ICE detention standards regarding communication, it did not meet the standards for detainee searches, food service, and record requirements for segregation and medical grievances.  We determined HCDC excessively strip searched ICE detainees when leaving their housing unit to attend activities within the facility, in violation of ICE detention standards and the facility’s own search policy.  In addition, HCDC failed to provide detainees with two hot meals per day, as required.  For those in segregation, HCDC did not document that detainees received three meals per day and daily medical visits.  Further, HCDC did not properly document the handling of detainee medical grievances.  We made two recommendations to ICE’s Executive Associate Director of Enforcement and Removal Operations (ERO) to ensure the Baltimore ERO Field Office overseeing HCDC addresses identified issues and ensures facility compliance with relevant detention standards.  ICE concurred with both recommendations and is implementing a corrective action plan to address the concerns we identified.

>ICE Needs to Address Concerns About Detainee Care and Treatment at the Howard County Detention Center
2021
OIG-21-02 In 2018, senior DHS and U.S. Customs and Border Protection (CBP) leaders issued public statements urging undocumented aliens seeking asylum to enter the United States legally at ports of entry, while also directing ports of entry to focus on other priority missions and institute practices to limit the number of undocumented aliens processed at ports of entry.  CBP Office of Field Operations (OFO) personnel at 24 Southwest Border ports of entry implemented a practice known as queue management, where an officer manned a “limit line” position at or near the U.S.-Mexico border to control the number of undocumented aliens entering the port.  We identified that seven of these ports stopped processing virtually all undocumented aliens, including asylum seekers, by redirecting them to other ports located miles away.  This redirection contravenes CBP’s longstanding practice to process all aliens at a “Class A” port of entry or reclassify the port of entry.  Additionally, CBP officers at four ports returned undocumented aliens to Mexico despite a legal requirement to process asylum claims of aliens that are physically present in the United States.  We made three recommendations aimed at bringing CBP’s practices in line with Federal law and regulations and promoting efficient processing of undocumented aliens.  CBP concurred with two of the recommendations and did not concur with one.  CBP defended its decision to redirect undocumented aliens at seven ports citing the availability of operational capacity and resources and the need to maintain a discretionary balance between mission requirements at each port.

>CBP Has Taken Steps to Limit Processing of Undocumented Aliens at Ports of Entry
2021
OIG-21-01 DHS Has Secured the Nation's Election Systems, but Work Remains to Protect the Infrastructure 2021
OIG-20-80 DHS has not effectively managed and coordinated Department resources for its Joint Task Forces (JTFs).  Specifically, DHS has not maintained oversight authority through changes in leadership, implemented and updated policies and procedures, identified optimal JTF staffing levels and resources, and established a process to capture total allocated costs associated with JTFs.  In addition, DHS has not fully complied with public law requirements to report to Congress on JTFs’ cost and impact, establish outcome-based performance metrics, and establish and maintain a joint duty training program.  We recommended the DHS Secretary designate a department-level office to manage and oversee JTFs and address public law requirements.  We made seven recommendations to improve DHS’ management and oversight of its JTFs and ensure compliance with legislative requirements.  DHS provided a management response, but declined to comment, since the Acting Secretary is currently reviewing the status and future of the JTFs

>DHS Cannot Determine the Total Cost, Effectiveness, and Value of Its Joint Task Forces
2020
OIG-20-79 U.S. Customs and Border Protection (CBP) cannot ensure its Entry Reconciliation Program reporting is accurate or complies with requirements.  Specifically, CBP did not always validate importers’ self-reported final values of imports when it assessed duties and fees because it did not require importers to substantiate self-reported merchandise values with source documentation.  In addition, CBP did not always follow its policies when conducting reviews of reconciliation entries because its Standard Operating Procedures had been implemented differently across all ports of entry.  Finally, CBP missed opportunities to collect additional revenue when it did not assess monetary liquidated damages for importers that filed reconciliation entries late or not at all.  This occurred because CBP’s controls were insufficient to ensure the ports properly assess liquidated damages for importers who file reconciliations late or not at all.  CBP’s actions compromised the integrity of the Entry Reconciliation Program and, as such, may have put approximately $751 million of revenue, in the form of reconciliation refunds, at risk.  We made four recommendations to improve the overall effectiveness of the program.  CBP concurred with three of our four recommendations. 

>CBP's Entry Reconciliation Program Puts Revenue at Risk
2020
OIG-20-77 Evaluation of DHS' Information Security Program for Fiscal Year 2019 2020
OIG-20-75 CBP Does Not Have a Comprehensive Strategy for Meeting Its LS-NII Needs 2020
OIG-20-78 U.S. Customs and Border Protection (CBP) quickly deployed funding for consumables and medical services to address the needs of migrants in its custody along the southwest border, but did not adequately plan to ensure it used fiscal year 2019 funds effectively.  Specifically, U.S. Border Patrol’s process did not adequately ensure taxpayer funds were used to purchase items required to meet migrants’ basic needs as Congress intended.  Additionally, CBP relied on a single contracting officer’s representative, rather than onsite personnel, to oversee its medical contract because it did not include onsite monitoring when expanding the contract across multiple sectors.  We made four recommendations to CBP to improve its consumables reimbursement process and medical contract oversight.  CBP concurred with all four recommendations.  

>CBP Did Not Adequately Oversee FY 2019 Appropriated Humanitarian Funding
2020
OIG-20-74 The Cybersecurity and Infrastructure Security Agency (CISA) increased the number of Automated Indicator Sharing (AIS) participants as well as the volume of cyber threat indicators it has shared since the program’s inception in 2016.  However, CISA made limited progress in improving the overall quality of information it shares with AIS participants to effectively reduce cyber threats and protect against attacks.  The lack of progress can be attributed to the limited number of AIS participants sharing cyber indicators with CISA, delays in receiving cyber threat intelligence standards, and insufficient staff.  To be more effective, CISA should hire the staff it needs to provide outreach, guidance, and training.  We made four recommendations to CISA to enhance the program’s overall effectiveness and cyber threat information sharing.  CISA concurred with all four recommendations.  

>DHS Made Limited Progress to Improve Information Sharing under the Cybersecurity Act in Calendar Years 2017 and 2018
2020
OIG-20-76 The Federal Emergency Management Agency (FEMA) mismanaged the distribution of commodities in response to Hurricanes Irma and Maria in Puerto Rico.  FEMA lost visibility of about 38 percent of its commodity shipments to Puerto Rico, worth an estimated $257 million.  Commodities successfully delivered to Puerto Rico took an average of 69 days to reach their final destinations.  Inadequate FEMA contractor oversight contributed to the lost visibility and delayed commodity shipments.  FEMA did not use its Global Positioning System transponders to track commodity shipments, allowed the contractor to break inventory seals, and did not ensure documented proof of commodity deliveries.  Given lost visibility and delayed shipments, FEMA cannot ensure it provided commodities to Puerto Rico disaster victims as needed to sustain life and alleviate suffering as part of its response and recovery mission.  In addition, FEMA’s mismanagement of transportation contracts included multiple contracting violations and policy contraventions that ultimately led to contract overruns of about $179 million and at least $50 million of questioned costs.  We made five recommendations that, if implemented, should improve FEMA’s management and oversight of its disaster response activities. FEMA concurred with four of the five recommendations.  Recommendations 1 through 4 are considered open and resolved.  Recommendation 5 is considered resolved and closed

>FEMA Mismanaged the Commodity Distribution Process in Response to Hurricanes Irma and Maria
2020
OIG-20-73 DHS has not fulfilled most of the 13 responsibilities of the Geospatial Data Act.  To comply with one responsibility, DHS has a Geospatial Information Officer and a dedicated Geospatial Management Office whose duties include overseeing the Act’s implementation and to coordinate with other agencies.  However, DHS has only partially met, or not met, the remaining 12 responsibilities in the Act.  DHS’ lack of progress in complying with the responsibilities outlined in the Act can be attributed to multiple external and internal factors.  External factors include the need for additional guidance from the Federal Geographic Data Committee and the Office of Management and Budget to properly interpret and implement certain responsibilities.  Internal factors include competing priorities that diverted resources away from fulfilling the Act’s 13 responsibilities.  We made three recommendations that focus on increasing the resources necessary to comply with DHS’ 13 responsibilities under the Act.  The Department concurred with all three recommendations.

>DHS Faces Challenges in Meeting the Responsibilities of the Geospatial Data Act of 2018
2020
OIG-20-71 U.S. Customs and Border Protection (CBP) did not adequately safeguard sensitive data on an unencrypted device used during its facial recognition technology pilot (known as the Vehicle Face System).  A subcontractor working on this effort, Perceptics, LLC, transferred copies of CBP’s biometric data, such as traveler images, to its own company network.  The subcontractor obtained access to this data without CBP’s authorization or knowledge, and compromised approximately 184,000 traveler images from CBP’s facial recognition pilot.  Later in 2019, the Department of Homeland Security experienced a major privacy incident, as the subcontractor’s network was subjected to a malicious cyber attack.  While CBP and DHS took immediate action to mitigate the data breach, we attribute this incident to the subcontractor violating numerous DHS security and privacy protocols for safeguarding sensitive data.  Consequently, this incident may damage the public’s trust in the Government’s ability to safeguard biometric data, and may result in travelers’ reluctance to permit DHS to capture and use their biometrics at U.S. ports of entry.  We made three recommendations to aid CBP in addressing the vulnerabilities that caused the 2019 data breach, and to better mitigate future incidents through greater oversight of third-party partners.  CBP concurred with all three recommendations.

>Review of CBP's Major Cybersecurity Incident During a 2019 Biometric Pilot
2020
OIG-20-72 Oversight Review of the Office of the Chief Security Officer, Internal Security Division 2020
OIG-20-63 As of October 2016, the Recovery School District in Louisiana (RSD) had received a $1.5 billion Public Assistance grant from Louisiana, a Federal Emergency Management Agency (FEMA) grantee, for damages resulting from Hurricane Katrina.  We examined $1.3 billion for a consolidated project as part of the total amount awarded.  In some instances, RSD accounted for and expended portions of the $1.3 billion in Public Assistance grant funds we reviewed according to Federal regulations.  However, FEMA improperly awarded $216.2 million to repair or replace more than 292 Orleans Parish school facilities in RSD.  We made eight recommendations to FEMA to de-obligate $216.2 million of ineligible costs; follow Federal regulations and FEMA guidelines; and re-evaluate documented proof of assessments for the 35 identified projects and reclassify them, as appropriate, to repair-eligible, and de-obligate the cost difference.  FEMA concurred with recommendations 2 through 7 but did not concur with recommendations 1 and 8.  We consider recommendations 2 through 7 resolved and open; recommendations 1 and 8 are unresolved and open.

>FEMA Should Recover $216.2 Million Awarded to the Recovery School District in Louisiana for Hurricane Katrina
2020
OIG-20-68 The Federal Emergency Management Agency (FEMA) is not adequately managing severe repetitive loss (SRL) properties covered by the National Flood Insurance Program (NFIP).  FEMA has not established an effective program to reduce or eliminate damage to SRL properties and disruption to life caused by the repeated flooding.  Primarily, FEMA does not have reliable, accurate information about SRL properties.  Secondly, FEMA’s Flood Mitigation Assistance (FMA) program, which aims to mitigate flood damage for NFIP policyholders, provides neither equitable nor timely relief for SRL applicants.  We made three recommendations to FEMA to ensure the accuracy of the SRL list, as well as equitable and timely distribution of mitigation funding, and promoting the use of National Flood Insurance Program (NFIP) Increased Cost of Compliance coverage.  FEMA concurred with all three of the recommendations

>FEMA Is Not Effectively Administering a Program to Reduce or Eliminate Damage to Severe Repetitive Loss Properties
2020
OIG-20-69 We surveyed staff at Border Patrol stations and OFO ports of entry from April 22, 2020 to May 1, 2020.  The 136 Border Patrol stations and 307 OFO ports of entry that responded to our survey described various actions they have taken to prevent and mitigate the pandemic’s spread among travelers, detained individuals, and staff.  These actions include increased cleaning and disinfecting of common areas, and having personal protective equipment for staff, as well as supplies available to those individuals with whom they come into contact.  However, facilities reported concerns with their inability to practice social distancing and the risk of exposure to COVID-19 due to the close-contact nature of their work.  Regarding staffing, facilities reported decreases in current staff availability due to COVID-19, but have contingency plans in place to ensure continued operations.  The facilities expressed concerns regarding staff availability, however, if there were an outbreak of COVID-19 at the facility.  Overall, the majority of respondents reported that their facilities were prepared to address COVID-19.

>Early Experiences with COVID-19 at Border Patrol Stations and OFO Ports of Entry
2020