Coast Guard

In May 2020, the Deputy Under Secretary for Management formally documented the Department’s risk acceptance to allow the Coast Guard to meet FISMA requirements according to Department of Defense, rather than DHS’ reporting requirements.  The Deputy Under Secretary for Management’s decision adversely affected our ability to evaluate the Department’s enterprise-wide information program under this year’s OIG reporting metrics.  Nonetheless, when evaluating the overall effectiveness of DHS’ information security program for FY 2020 FISMA, our rating does not include the Coast Guard.  DHS’ information security program earned a maturity rating of “Managed and Measurable” (Level 4) in three of five functions.  DHS can further improve the effectiveness of its information security program by ensuring components execute all its policies and procedures.  We made four recommendations in our report, with one to the DHS Chief Information Officer, one to the S&T Chief Information Officer, one to the Secret Service Chief Information Officer, and one to the FEMA Chief Information Officer.  The Department concurred with all four recommendations.

During our ongoing audit of DHS law enforcement virtual training, we learned that the Coast Guard uses functional firearms to conduct DVD-based simulation training.  We identified this issue in Coast Guard’s Commandant Instruction 3574.5C, 18 September 2014, Coast Guard Judgmental Use of Force Evaluation and observed a demonstration of this training at one Coast Guard location.  According to testimony or policy from four other DHS components that employ or train law enforcement personnel, the use of functional firearms during video-based simulation training is prohibited within their respective components.  By using functional firearms capable of firing ammunition, even if emptied of ammunition, in DVD-based simulation training, Coast Guard increased the risk of unintentional injury or death.  Coast Guard concurred with our recommendation and took immediate corrective actions to discontinue the use of functional firearms during DVD-based simulation training.  The recommendation is resolved and closed.

Summary: Rescue 21 Alaska, Coast Guard’s maritime search and rescue communication system, has experienced outages resulting from antiquated equipment in Coast Guard’s District 17.  Challenges and funding shortages during system acquisition caused Coast Guard to limit the purchase of new equipment for Rescue 21 Alaska, requiring District 17 to maintain existing equipment for longer than initially planned.  Alaska’s winter weather conditions and remote access to communication site locations cause lengthy repair times, further exacerbating the outage impacts.  The outages have prevented Coast Guard, at times, from effectively receiving and responding to distress calls from mariners.  Coast Guard has made some upgrades to the Rescue 21 Alaska system to enhance distress communication availability and reliability.  Although Coast Guard plans for further upgrades, outages persist.  When notifying the public about the outages, Coast Guard primarily relies on a “Local Notice to Mariners” posted on their public website.  However, this limits who can receive the notices, as not all mariners go to the internet to determine outage locations.  Alaska mariners shared other effective methods Coast Guard could use to improve its notifications to the public when there are known VHF distress communications outages.  Adequately upgrading the communications equipment and ensuring robust attempts are made to notify the public when outages occur is essential for Coast Guard to achieve its search and rescue mission in Alaska.  We made two recommendations to ensure the Coast Guard is prioritizing Rescue 21 Alaska upgrades and appropriately notifying the public of outages. Coast Guard concurred with both recommendations.

We identified 16 allegations of race-based harassment involving cadets between 2013 and 2018 that the Coast Guard Academy (the Academy) was aware of and had sufficient information to investigate and address through internal hate and harassment procedures.  The OIG identified issues in how the Academy addressed 11 of them.  First, in six incidents, the Academy did not thoroughly investigate the allegations, and/or did not discipline cadets when investigations documented violations of cadet regulations or Coast Guard policy.  In two of these instances, cadets committed similar misconduct again.  The Academy also did not fully include civil rights staff as required in six instances (including two of the instances noted previously).  Therefore, civil rights staff could not properly track these incidents to proactively identify trends and offer the Academy assistance.  In addition, in one incident involving a potential hate allegation, the Academy did not follow the Coast Guard process for hate incidents.  Finally, our review determined that race-based harassment is underreported at the Academy for various reasons, including concerns about negative consequences for reporting allegations.  Underreporting is especially concerning because our questionnaire results and interviews indicate harassing behaviors continue at the Academy.  We made five recommendations that will enhance the Academy’s ability to address harassment and hate allegations, including ensuring the Academy consistently investigates allegations, requiring the reasons for disciplinary decisions be documented after race- or ethnicity-based harassment investigations, informing civil rights staff of all misconduct that could reasonably relate to race or ethnicity; and improving training related to preventing and addressing race-based or ethnicity-based harassment or hate incidents.  The Coast Guard concurred with all recommendations

DHS does not have a unified approach for procuring and using handheld chemical identification devices despite the widespread use of these devices across multiple components.  We recommended DHS establish a process to coordinate joint needs across components and maximize savings from strategic sourcing opportunities.  We made two recommendations that should help improve unity of effort in procuring and using handheld chemical identification devices.  DHS concurred with recommendation 1 but did not concur with recommendation 2.

DHS’ information security program was effective for fiscal year 2018 because the Department earned the targeted maturity rating, “Managed and Measurable” (Level 4) in four of five functions, as compared to last year’s lower overall rating, “Consistently Implemented” (Level 3). We attributed DHS’ progress to improvements in information security risk, configuration management practices, continuous monitoring, and more effective security training. By addressing the remaining deficiencies, DHS can further improve its security program ensuring its systems adequately protect the critical and sensitive data they store and process.

The Office of National Drug Control Policy’s (ONDCP) Circular, Accounting of Drug Control Funding and Performance Summary, requires each National Drug Control Program agency to submit to the ONDCP Director a detailed accounting of all funds expended for National Drug Control Program activities during the previous fiscal year. Williams, Adley & Company –DC, LLP (Williams Adley), under contract with the Department of Homeland Security OIG, issued an Independent Accountant’s Report on U.S. Coast Guard’s (Coast Guard) Detailed Accounting Submission. Coast Guard management prepared the Table of FY 2018 Drug Control Obligations and related disclosures in accordance with requirements of ONDCP Circular, Accounting of Drug Control Funding and Performance Summary, dated May 8, 2018 (the Circular). Based on its review, nothing came to Williams Adley’s attention that caused it to believe that the Coast Guard’s FY 2018 Detailed Accounting Submission is not presented in conformity with the criteria in the Circular. Williams Adley did not make any recommendations as a result of its review.

The Office of National Drug Control Policy’s (ONDCP) Circular, Accounting of Drug Control Funding and Performance Summary, requires each National Drug Control Program agency to submit to ONDCP Director a detailed accounting of all funds expended for National Drug Control Program activities during the previous fiscal year. Williams Adley & Company – DC, LLP (Williams Adley), under contract with the Department of Homeland Security OIG, issued an Independent Accountant’s Report on U.S. Coast Guard’s (Coast Guard) fiscal year (FY) 2018 Drug Control Performance Summary Report.

The Chief Financial Officers Act of 1990 (Public Law 101-576) and the Department Of Homeland Security Financial Accountability Act (Public Law 108-330) require us to conduct an annual audit of the Department of Homeland Security’s (DHS) consolidated financial statements and internal control over financial reporting. KPMG noted that the financial statements present fairly, in all material respects, DHS’ financial position as of September 30, 2018.

KPMG issued an adverse opinion on DHS’ internal control over financial reporting of its financial statements as of September 30, 2018. The report identifies the following six significant deficiencies in internal control, the first two of which are considered material weaknesses, and four instances where DHS did not comply with laws and regulations.

DHS did not complete an assessment of the security value of the Transportation Worker Identification Credential (TWIC) program as required by law.  This occurred because DHS experienced challenges identifying an office responsible for the effort.  As a result, Coast Guard does not have a full understanding of the extent to which the TWIC program addresses security risks in the maritime environment.  This will continue to impact the Coast Guard’s ability to properly develop and enforce regulations governing the TWIC program. For example, Coast Guard did not clearly define the applicability of facilities that have certain dangerous cargo in bulk when developing a final rule to implement the use of TWIC readers at high-risk maritime facilities.  Without oversight and policy improvements in the TWIC program, high-risk facilities may continue to operate without enhanced security measures, putting these facilities at an increased security risk. In addition, Coast Guard needs to improve its oversight of the TWIC program to reduce the risk of transportation security incidents.  Due to technical problems and lack of awareness of procedures, Coast Guard did not make full use of the TWIC card’s biometric features as intended by Congress to ensure only eligible individuals have unescorted access to secure areas of regulated facilities.  During inspections at regulated facilities from FYs 2016 through 2017, Coast Guard only used electronic readers to verify, on average, about one in every 15 TWIC cards against TSA’s canceled card list.  This occurred because the majority of the TWIC readers in the field have reached the end of their service life.  Furthermore, the Coast Guard’s guidance governing oversight of the TWIC program is fragmented, which led to confusion and inconsistent inspection procedures.  This resulted in fewer regulatory confiscations of TWIC cards.  The Department concurred with our four recommendations, and described the corrective actions it is taking and plans to take.