counter terrorism

DHS expanded the Insider Threat Program from monitoring user activity on its classified networks to monitoring cleared and non-cleared employees’ activity on unclassified networks. We initiated a project to determine Insider Threat Program progress in monitoring, detecting, and responding to malicious insider threats on unclassified DHS systems and networks. Before continuing its planned expansion of the Insider Threat Program, DHS needs to address several deficiencies that may hinder program effectiveness and efficiency. Although the expanded program was approved in January 2017, the Office of the Chief Security Officer has yet to revise, obtain approval for, and reissue required documentation.

As a follow-up to our 2017 report on TSA’s Federal Air Marshal Service’s (FAMS) domestic flight operations, we conducted this audit to determine the extent to which FAMS can interdict an improvised explosive device during flight. We identified vulnerabilities with FAMS’ contribution to international flight security. Details related to FAMS operations and flight coverage presented in the report are classified or designated as Sensitive Security Information. We made two recommendations.

Despite dedicating approximately $272 million to ground-based activities, including VIPR operations, FAMS could not demonstrate how these activities contributed to TSA’s mission. Visible Intermodal Prevention and Response (VIPR) operations, in which VIPR teams collaborate with local law enforcement to augment security at transportation hubs through an increased visible deterrent force.

FAMS could not demonstrate how these activities contributed to TSA’s mission. During our assessment of FAMS’ contributions to TSA’s layered approach to security, we determined that FAMS lacked performance measures for the 24 strategic initiatives and most ground-based activities outlined in its strategic plan. Additionally, FAMS’ VIPR operations performance measures fail to determine the program’s effectiveness. FAMS could not provide a budget breakout by division or operational area.